If you encounter an issue with the DomainKey/DKIM, please follow the below troubleshooting steps.
-
Make sure the private key is being loaded. If there is any problem loading the private key, you will see an alert in the MTA with a description of the problem. This error data will also be placed in the system.log file in the main log directory.
-
Since DKIM/Domainkeys are set up in the account settings, make sure you have the DKIM/DomainKey set up for the account you are sending from. Sending from a different account will definitely yield an unsigned outbound message.
-
In order for the outbound message to be signed, the From address or Sender header must match the DKIM/DomainKey domain. If the Sender header is present, that is what will be used. Otherwise, it will use the From domain.
-
Once you have completed the above steps you can look at the final outbound message's header and see the DomainKey/ DKIM-Signature: header. Once you see this header you know the MTA is set up correctly and is signing the outbound message.
-
To check to see if the header is valid you can send a test message to sa-test@sendmail.net and it will reply with the validity of the key. If for some reason this reflector is not working for you, then you can send an outbound message to a yahoo.com or gmail.com address. If the signature is valid, you will see a header message added, similar to the one below.
Authentication-Results: mta1027.mail.ac4.yahoo.com
from=yourdomain.com; domainkeys=neutral (no sig); from=email-od.com;
dkim=pass (ok)