Once you setup your new records, it can take up to 24 hours for them to propogate through the top level DNS servers.
Note that, while some DNS servers allow you to setup rDNS, you must, generally, ask your internet provider, the group who assigned you your static IP addresses, to setup your rDNS as they are, technically, the owners of the IP addresses which are allocated to your account and must request the re-allocation of the reverse DNS to your SmarterMail server. The rDNS should point to your PRIMARY SMARTERMAIL SERVER and IP ADDRESS.
Example: our primary SmarterMail server, the FQDN of the server which handles all of the e-mail traffic, for all of our hosted domains, is "securemail.chicagonettech.com" and is mapped to 18.104.22.168. Therefore, our rDNS points to securemail.chicagonettech.com
Had we not asked our provider to point the rDNS for 22.214.171.124 to our SmarterMail server, then it would point to their network. Since their network name is different that our MX server, we would fail all of the rDNS tests.
Did you generate the DKIM certificates from SmarterMail, making them at least 1024 bit - that's the minimum acceptable length, but 2048 is better.
You don't need a DomainKey cert, just DKIM, and that's generated under the SETTINGS ===> ADVANCED ===> MAIL SIGNING tab for EACH of your hosted domains:
In order to allow FORWARDING, without breaking DKIM, go to the DKIM SIGNING tab and select SIMPLE for the BODY and HEADER CANONICALIZATION items.
Now ADD the information to your DNS. The method used to do so will vary according to your DNS provider. In some cases, you will need to break up lines longer than 1024 characters in length. In some cases, you will need to add quotes and special characters. Check with your DNS provider's instructions on adding TXT records.
We use Microsoft's DNS, and here are what our complete entries look like in the DNS record
Once you generate the DKIM certificate in SmarterMail, and add the certificate records in DNS, you should wait a few hours and then return to the individual domains to TEST the newly created record(s).
This is done, once again, in SmarterMail - in the specific domain for which you have created the record by clicking on TEST DNS:
NOTE: IF A CERT FAILS, AND IT WAS GENERATED IN SMARTERMAIL, DO NOT REGENERATE THE CERTIFICATE, CHECK YOUR DNS!
You also need to send test messages to "email@example.com", from each domain, and correct any errors shown in the results. This will require an account with https://unlocktheinbox.com, so you can repeat test each domain - until you get them right.
Phonr: (773) 491-9019
Phone: (224) 444-0169
E-Mail and DNS Security Specialist
Network Security Specialist
Customer Service Portal: https://portal.chicagonettech.com
Security Blog: http://networkbastion.blogspot.com/
Web and E-Mail Hosting, E-Mail Security and Consulting