Proxmox Mail Gateway DKIM Configuration

Hugo Almeida

Member
Jul 15, 2019
31
0
6
28
Good afternoon,

You want instructions for setting up DKIM functionality on the Proxmox Mail Gateway.

Please, if anyone can guide me.

Thanks in advance for your attention.

Sincerely,

Hugo Almeida
 

Hugo Almeida

Member
Jul 15, 2019
31
0
6
28
Good Morning,

I need help deploying DKIM on Proxmox Mail Gateway.

We are trying to copy DNS TXT, but the syntax error, please, can help me a lot.
 

Stoiko Ivanov

Proxmox Staff Member
Staff member
May 2, 2018
2,624
283
83
Which exact error do you get? (a text description or screenshot) Otherwise it's a bit hard to provide help.

The TXT-record as shown by PMG is in the same format as the ones generated by opendkim-genkey - maybe your DNS-provider can help you with those?

Last but not least you could try pasting the complete key, by removing the spaces and " characters between the individual chunks - e.g.
Code:
selector._domainkey    IN    TXT    "v=DKIM1; h=sha256; k=rsa; p=MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA41ZFc6I9/T5TggcPkewql/FOl+iboU1P5Rveo3D4ACDZ1pfSfnlCRwpL09EXnVcaWIXeR8ERLqPBvE6n1CXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX"
I hope this helps
 

Hugo Almeida

Member
Jul 15, 2019
31
0
6
28
Good Morning,

Make all configurations as per configurations, and perform an email test, parsing the header identifies an error (dkim = fail (no signature key)).

Attached is the print of the error.

Thanks in advance for your attention.

Sincerely,

Hugo Almeida
 

Attachments

Stoiko Ivanov

Proxmox Staff Member
Staff member
May 2, 2018
2,624
283
83
the whole Authentication result header indicates that the mail-server providing it has a DNS Problem?

Without the selector and sender domain (the DKIM-Signature header) it is hard to verify where the problem actually is

I hope this helps!
 

Stoiko Ivanov

Proxmox Staff Member
Staff member
May 2, 2018
2,624
283
83
A few things:
* don't enable 'Sign all Outgoing Mail' - if you have a domain for which you want to sign mails (al.mt.gov.br)

The selector almt.private on PMG is a valid RSA key (otherwise you would not be able to view the TXT record)

checking here - it seems that you have not entered the TXT record in the Zone al.mt.gov.br:
Code:
$ dig txt almt._domainkey.al.mt.gov.br

; <<>> DiG 9.11.5-P4-5.1-Debian <<>> txt almt._domainkey.al.mt.gov.br
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 58971
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;almt._domainkey.al.mt.gov.br.    IN    TXT

;; AUTHORITY SECTION:
al.mt.gov.br.        1718    IN    SOA    serv05.al.mt.gov.br. root.al.mt.gov.br. 2015083000 43200 900 1814400 7200

;; Query time: 0 msec
;; SERVER: 192.168.2.15#53(192.168.2.15)
;; WHEN: Wed Dec 18 17:02:24 CET 2019
;; MSG SIZE  rcvd: 105
You need to add a text record for each domain you want to sign - in the domain's DNS records!

Please provide a DKIM-Signature header as created by PMG if you need further help in debugging
 

About

The Proxmox community has been around for many years and offers help and support for Proxmox VE and Proxmox Mail Gateway. We think our community is one of the best thanks to people like you!

Get your subscription!

The Proxmox team works very hard to make sure you are running the best software and getting stable updates and security enhancements, as well as quick enterprise support. Tens of thousands of happy customers have a Proxmox subscription. Get your own in 60 seconds.

Buy now!