多条线路上的 DKIM

Question

I have now used 4(!) days trying to get this DKIM TXT record to get recognized, so I really hope that someone is able to help me out now..

The DKIM I have from my server is output on three lines like this:

default._domainkey IN TXT "v=DKIM1; k=rsa;

p=MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ7AMIIBCgKCAQEAvbBZcUcajRf+nP+BSvhsa8roEcor2rf9oLs98u8HrqjZgpHQJ4frbA2C8OuRlPGN9JzZOpTmeeJg2eITeJXlQsc88xX0hqZCogDUeUcTLghDhw2Vd7q5AWG6mDcc3F2HJ0q5GwkYTS7d6D9nXCGcCE/M/F2pgwBe5MI5S9h60cr+XhHrK3uDCW3QNMj6jRDIW"

    3o5WquA5/MmQJJ38BwMzn/7HJwcL5aJ5EnA3KlLi413kK820f4h2E+u4dAT5Kmua7x8Lx1ny7oEZH/MBQoEMq0s7XuDD+d0gR/0VCHvQ6PhZf4wOwzGIO6jn/Fb/pywAgQqZRglRGZLbcoHHQCIgQIDAQAB\;

I have tried to add it in numerous different ways, but every time I get some kind of error. Also, it seems like my DNS is changing the order of the entries I make. Could this be the error?

Any kind of help is really, really appreciated.. Please. Thanks!

Answer 1

I wanted to comment on Ryan Young answer but I don't have enough reputation for that.

This answer is correct except that the second line of the DKIM key needs to also be in the p value in the DNS TXT entry like that:

v=DKIM1; k=rsa; p=MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ7AMIIBCgKCAQEAvbBZcUcajRf+nP+BSvhsa8roEcor2rf9oLs98u8HrqjZgpHQJ4frbA2C8OuRlPGN9JzZOpTmeeJg2eITeJXlQsc88xX0hqZCogDUeUcTLghDhw2Vd7q5AWG6mDcc3F2HJ0q5GwkYTS7d6D9nXCGcCE/M/F2pgwBe5MI5S9h60cr+XhHrK3uDCW3QNMj6jRDIW3o5WquA5/MmQJJ38BwMzn/7HJwcL5aJ5EnA3KlLi413kK820f4h2E+u4dAT5Kmua7x8Lx1ny7oEZH/MBQoEMq0s7XuDD+d0gR/0VCHvQ6PhZf4wOwzGIO6jn/Fb/pywAgQqZRglRGZLbcoHHQCIgQIDAQAB

All the DKIM p entries for my domains typically start with "MI" and end with "IDAQAB". You may need to remove from them the spaces/tabs, line feeds/returns and double/single quotes if they are on several lines.

Edit: I found out that using the long 2048 DKIM key lead to the following in the original email on gmail:

dkim=neutral (invalid public key) header.i=...

This was probably because the key was being truncated anyway. What I had to do to get a normal situation was to reduce the size of the DKIM key when generating the key:

opendkim-genkey -b 1024 -s mail -d example.com

My emails then viewed as original in gmail contain this instead of the invalid key mention:

dkim=pass header.i=...

Answer 2

I just dealt with similar issues trying to set up DKIM authentication for a domain registered with Register.com that uses Google email servers. According to Google help docs , DNS TXT records can contain no more than 255 characters in a single string, but the DKIM TXT record value that Google generated for us was over 400 characters. In our case, the solution was to split that DKIM TXT record into two parts where each part is under 255 characters, surrounding each part with double quotes and entering both into the same TXT record separated by a space. I did not need to include any parentheses or slashes but that may vary by email provider. So for my email provider and domain host the solution looked like this:

Host Name: google._domainkey
TXT Record: "v=DKIM1; k=rsa; p=blahblahblahblahblahetc" "blahblahblahblahblahetc"

G Suite warned me that it might take up to 48 hours for my DNS record updates to propagate but once I landed on the right solution it was less than an hour before Gmail was able to start authenticating.

Answer 3

I had issues getting my domain key to pass verification. In the end I changed my selector to "dkim" in opendkim on my Linux server. As for your Text portion, make it:

v=DKIM1; k=rsa; p=MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ7AMIIBCgKCAQEAvbBZcUcajRf+nP+BSvhsa8roEcor2rf9oLs98u8HrqjZgpHQJ4frbA2C8OuRlPGN9JzZOpTmeeJg2eITeJXlQsc88xX0hqZCogDUeUcTLghDhw2Vd7q5AWG6mDcc3F2HJ0q5GwkYTS7d6D9nXCGcCE/M/F2pgwBe5MI5S9h60cr+XhHrK3uDCW3QNMj6jRDIW

So it should be all on one line and in the same record.