• Our team is looking to connect with folks who use email services provided by Plesk, or a premium service. If you'd like to be part of the discovery process and share your experiences, we invite you to complete this short screening survey. If your responses match the persona we are looking for, you'll receive a link to schedule a call at your convenience. We look forward to hearing from you!
  • The BIND DNS server has already been deprecated and removed from Plesk for Windows.
    If a Plesk for Windows server is still using BIND, the upgrade to Plesk Obsidian 18.0.70 will be unavailable until the administrator switches the DNS server to Microsoft DNS. We strongly recommend transitioning to Microsoft DNS within the next 6 weeks, before the Plesk 18.0.70 release.
  • The Horde component is removed from Plesk Installer. We recommend switching to another webmail software supported in Plesk.

DomainKeys Error

I

ilijamt

Basic Pleskian
When I send mail I get the following in the /var/log/mail.err

Oct 9 16:17:52 myserverplace dk_sign[24573]: DK_STAT_SYNTAX: Message is not valid syntax. Signature could not be created/checked
Oct 9 16:17:52 myserverplace /usr/lib/plesk-9.0/psa-pc-remote[3037]: Error during 'dd51-domainkeys' handler

After a reply I get the following in the error log

Oct 9 16:18:00 myserverplace dk_check[24355]: DK_STAT_NOSIG: No signature available in message

I checked the zone files for the domain and they have a domainkey defined

In "/etc/domainkeys" there is a folder and a file called default inside the folder belongs to root:popuser

I have the following entries in the zone file for this:
_domainkey.myserverplace.de. IN TXT "o=-"
default._domainkey.myserverplace.de. IN TXT <DOMAIN KEY>

OS: Debian 3.2.46-1+deb7u1
Plesk: 11.5
Mail: Postfix
 
This is the result of a mail check

SPF check: pass
DomainKeys check: neutral
DKIM check: pass
DKIM check: pass
Sender-ID check: pass
SpamAssassin check: ham

Also for some reason it adds two DKIM headers to the headers
 
I have similar error. Outgoing mails are not signed:

Oct 10 07:46:00 netscan dk_sign[23538]: DK_STAT_SYNTAX: Message is not valid syntax. Signature could not be created/checked
Oct 10 07:46:00 netscan /usr/lib/plesk-9.0/psa-pc-remote[7657]: Error during 'dd51-domainkeys' handler
 
Re-installing is not an option in my case.
I've discovered, that the problem is with the too short bit length key. I've upgraded from plesk 10 where 768 bit keys were used.
Switching off then on the signing of outgoing mail on each domain solved the problem (it generated a new, 1024 bit key).

You can check the key length with this page:
http://www.protodave.com/tools/dkim-key-checker/

I wrote this script to switch off/on the service for all domains:

Code: 
#!/usr/bin/env bash

pw=`/usr/local/psa/bin/admin --show-password`

for name in `mysql --skip-column-names -u root -p --password=$pw -D psa -e 'SELECT name FROM dns_zone ORDER BY name;'`; do
    /usr/local/psa/bin/domain_pref -u $name -sign_outgoing_mail false
    echo $name;
done
 
resolution

Re-installing is not an option in my case.
I've discovered, that the problem is with the too short bit length key. I've upgraded from plesk 10 where 768 bit keys were used.
Switching off then on the signing of outgoing mail on each domain solved the problem (it generated a new, 1024 bit key).

You can check the key length with this page:
http://www.protodave.com/tools/dkim-key-checker/

I wrote this script to switch off/on the service for all domains:

Code: 
#!/usr/bin/env bash

pw=`/usr/local/psa/bin/admin --show-password`

for name in `mysql --skip-column-names -u root -p --password=$pw -D psa -e 'SELECT name FROM dns_zone ORDER BY name;'`; do
    /usr/local/psa/bin/domain_pref -u $name -sign_outgoing_mail false
    echo $name;
done
 
Re-installing is not an option in my case.
I've discovered, that the problem is with the too short bit length key. I've upgraded from plesk 10 where 768 bit keys were used.
Switching off then on the signing of outgoing mail on each domain solved the problem (it generated a new, 1024 bit key).

You can check the key length with this page:
http://www.protodave.com/tools/dkim-key-checker/

I wrote this script to switch off/on the service for all domains:

Code: 
#!/usr/bin/env bash

pw=`/usr/local/psa/bin/admin --show-password`

for name in `mysql --skip-column-names -u root -p --password=$pw -D psa -e 'SELECT name FROM dns_zone ORDER BY name;'`; do
    /usr/local/psa/bin/domain_pref -u $name -sign_outgoing_mail false
    echo $name;
done
 
But I never upgraded from a previous version of Plesk, I installed Plesk 11.5 from the beginning there was no upgrade, I checked the keys they were 1024 bit, they are located in /etc/domainkeys.

Since I reinstalled, I set it up it with everything

SPF
DomainKeys
DKIM

Everything is working perfectly now, the instructions are in the link I sent
 
You must log in or register to reply here.

Similar threads

EnriqueR
Question Incoming mail is stored in Junk folder
Replies
6
Views
988
EnriqueR
EnriqueR
J
Resolved PUM error persists....
Replies
13
Views
1K
Jeroentje
J
A
Question Upgrade Almalinux 8 to 9 with Plesk installed
Replies
6
Views
4K
Sebahat.hadzhi
Sebahat.hadzhi
D
Resolved Error in Plesk when activating DKIM [Permission issue]
Replies
9
Views
4K
W4ru
W
E
Question Is multiple HELO registration possible?
Replies
2
Views
620
emrekoc
E
Back
Top