Overview
While trying to configure DKIM public key, the Kerio Connect produces the following error:
DKIM public key for domain.com was not found in DNS record
The following entry is generated in the logs:
Mail 5ece7e63-00001c32 won't be signed by DKIM because DNS record is invalid for domain domain.com.
Environment
Kerio Connect installed on macOS
Diagnosis
Running dig command the DKIM record returns different results for local Kerio Connect installation and from an outside network PC:
- On the Kerio Connect server
dig +short mail._domainkey.domain.com TXT
"v=DKIM1;p=MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvL1rcnn9rXG7h7A48tEPVIrC+ZT37vYy7eXwduOYFCOtvWkd1V6Zp3kJMBAA49GEuYN6LUlJNEEpxx7N4/kR/NAhSlcum61Kbe2Eo2xxficcsGCP3QoymKr/rqg/RDmfw2V51Jqgm0qbmJPlnkfCgKe4D43ut1eieQVraqBSP7nazZgSebtVGotI4VKQb0qB4MFNjunFD" "xRj2Cp9ZAK/wms83z+gNzo8hSGaiJovRNG2MUhSttXUOKCOe1JIBWXHnD+y+9AmumJfp1zmivP9zdPNmaJXfgxF1XphcxSU+ngIzIU8TLy8N8Wvr0Knr94BBOO2UewjChSIMllYfnWTSwIDAQAQ" - On the outside (external network) PC
dig +short mail._domainkey.domain.com TXT
<No output>
The DKIM record contains a long string, over 255 characters. Note the "" in the middle of the string. For DNS entries BIND requires any strings longer than 255 characters to be split with quotes.
Solution
Local DNS needed to be set up for the DKIM record, together with an alias. The DKIM needs to be broken up, the position is not critical.
The alias needed to be entered as a TXT record with the same selector "mail._domainkey" with the alias following - mail._domainkey.mg.domain.com.
Testing
Run dig command from the Kerio Connect server and external network PC. Both outputs should be the same.
Priyanka Bhotika
Comments