- #1
sbrothy
Gold Member
- 1,537
- 1,390
- TL;DR
- Apparently I can't get my DNS DKIM records to work...
A silly prefix for this question I know but that was as close as I could get.
Initially I didn't really think of this forum as a place for intricate IT developer or adminstrator questions but I heard through the grapewine that there's a not insignificant number of retired IT folks here (*cough*). So let's give it a shot:
I'm hosting my little hobby website on a virtual Linux box:
Linux omecc.dk 6.17.0-23-generic #23-Ubuntu SMP PREEMPT_DYNAMIC Sat Apr 11 23:29:57 UTC 2026 x86_64 x86_64 x86_64 GNU/Linux
I've (tried to) set up postfix, opendkim, opendmarc and my DNS records to be able to send and receive emails which was (is!) quite a nerdy tour de force!
Unfortunately opendkim-testkey still tells me that my DKIM key isn't secure:
I've tested permissions for every conceivable directory and file but I feel really stuck (or perhaps I just need some fresh air?).
An online DNS analyzer gives me this "lovely" picture:
https://ibb.co/g5sBGj4
I'm under the impression that CDS and CDNSKEY values are handled by my DNS provider. Maybe I need to fiddle with my DNSSEC settings but before I do that I would like to be sure I'm barking up the right tree.
Now I realize I could ask the people I'm paying for providing me with this service, but the subject is pretty technical. Someday when I get through their "tutorials", "already solved problems", and (oh god!) the AI guarding the entrance to support I will.
It would be nice if someone had an idea but I realize the info is scarce, there's a ton of config files and a million points of failure. Sometimes it helps to just articulate the problem though (or take a break).
Initially I didn't really think of this forum as a place for intricate IT developer or adminstrator questions but I heard through the grapewine that there's a not insignificant number of retired IT folks here (*cough*). So let's give it a shot:
I'm hosting my little hobby website on a virtual Linux box:
Linux omecc.dk 6.17.0-23-generic #23-Ubuntu SMP PREEMPT_DYNAMIC Sat Apr 11 23:29:57 UTC 2026 x86_64 x86_64 x86_64 GNU/Linux
I've (tried to) set up postfix, opendkim, opendmarc and my DNS records to be able to send and receive emails which was (is!) quite a nerdy tour de force!
Unfortunately opendkim-testkey still tells me that my DKIM key isn't secure:
Bash:
root@omecc:/etc/opendkim/keys# opendkim-testkey -d omecc.dk -s mail -vvv
opendkim-testkey: using default configfile /etc/opendkim.conf
opendkim-testkey: key loaded from /etc/opendkim/keys/omecc.dk.private
opendkim-testkey: checking key 'mail._domainkey.omecc.dk'
opendkim-testkey: key not secure
opendkim-testkey: key OK
root@omecc:/etc/opendkim/keys#I've tested permissions for every conceivable directory and file but I feel really stuck (or perhaps I just need some fresh air?).
An online DNS analyzer gives me this "lovely" picture:
https://ibb.co/g5sBGj4
I'm under the impression that CDS and CDNSKEY values are handled by my DNS provider. Maybe I need to fiddle with my DNSSEC settings but before I do that I would like to be sure I'm barking up the right tree.
Now I realize I could ask the people I'm paying for providing me with this service, but the subject is pretty technical. Someday when I get through their "tutorials", "already solved problems", and (oh god!) the AI guarding the entrance to support I will.
It would be nice if someone had an idea but I realize the info is scarce, there's a ton of config files and a million points of failure. Sometimes it helps to just articulate the problem though (or take a break).
But yes, it's a work of "love" more than of the "mind". I used to code backend, RDBMS and embedded when I wasn't called upon to put out other people's fires.