Can not activate DKIM for a domain
Problem reported by David - 8/29/2023 at 10:57 AM
I have 2 domains on Smartermail. On one, DKIM was activated a long time ago (some much older SM version) and that works.
On another domain I am trying to activate DKIM today. I have put a DNS record, it's active, it's propagated, I can check it with any global propagation tool and all is well.
However, when I go back to Smartermail and click Enable button it starts DNS checking and then reports (again and again): "Before enabling DKIM Email Signing, the TXT record below must be added to your DNS server."
I have done that already many hours ago. I tried regenerating the key and putting a new key in DNS TXT record. Waited for propagation, but still SM doesn't want to activate DKIM. It looks like SM doesn't check DNS properly - it's unable to see that the record exists on my DNS and won't let me activate DKIM.

11 Replies

Reply to Thread
David Replied
This is the TXT record SM want me to create:
Record name: 8DBA8A503B29CA2._domainKey
Record value: v=DKIM1; k=rsa; h=sha256; p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQD2xQYKyM1+4T/Dr/sx/HgnEA4UFBWdRESxdsegfR7RbuZkWwn5ONC27Xe+RE3lnMkpkfWFvUHgEJmAD6gxchhZyMjZzOtu+KUDgP8se1SlWp129YRq/h4VJOaFECmxdl71dIeqXt6JsyVx2UO+GCbOmSXan0iFja+9MQJANxWkgwIDAQAB

And this is the record that I've created: 8DBA892D3004272._domainkey.lambda.hr
I can check the record via any online DNS tool and confirm that it's added corrently.

> dig 8DBA892D3004272._domainkey.lambda.hr TXT +short

"v=DKIM1; k=rsa; h=sha256; p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQD2xQYKyM1+4T/Dr/sx/HgnEA4UFBWdRESxdsegfR7RbuZkWwn5ONC27Xe+RE3lnMkpkfWFvUHgEJmAD6gxchhZyMjZzOtu+KUDgP8se1SlWp129YRq/h4VJOaFECmxdl71dIeqXt6JsyVx2UO+GCbOmSXan0iFja+9MQJANxWkgwIDAQAB"
Why doesn't SM see the record ? SM is configured to use and for DNS. When I check the record with nslookoup or dig I can see it's there and looks exactly the same as the one above.

I've tried restarting the whole server (in an effort to purge any caches) but nothing helps.

The domain I'm trying to active DKIM on is, obviously, "lambda.hr".
Zach Sylvester Replied
Employee Post
Hey David, 

Thanks for reaching out. Please try the following. 

  1. Go to Settings->General 
  2. If blank add as primary and as secondary DNS 
  3. Save
  4. Try to enable DKIM.

  1. If there are already DNS servers entered in please remove the entries. 
  2. Save
  3. add as primary and as secondary DNS
  4. Save
  5. Try to enable DKIM. 
Let me know if this helps. 

Zach Sylvester System/Network Administrator SmarterTools Inc. (877) 357-6278 www.smartertools.com
David Replied
Hi Zach,
These DNS server were already in place. I followed your post to:
1. remove them
2. save
3. re-add them
4. save
5. Tried to enable DKIM

Unfortunately that didn't help.
echoDreamz Replied
I have had a ticket open about this... there really needs to be an "force" option to enable DKIM regardless of DNS check results.
David Replied
I agree with that. That used to be possible - they changed the UI in newer versions, now it's not possible. Seems like everyone is driving the "dumb users" train...
David Replied
Well... At some point I pushed the "regenerate keys" button and that changed the required DNS record from 8DBA892D3004272._domainKey to 8DBA8A503B29CA2._domainKey. A slight change, but I missed it, so I created the wrong entry in DNS. So that was the reason it didn't work. But it still took ages for my fix to propagate and I wasn't able to complete this without waiting for a whole day before it finally worked.

What can I say now about "everyone driving the dumb user train"... :)
echoDreamz Replied
Yup... there 10000000% needs to be a force option.
Brian Bjerring-Jensen Replied
What is your TTL on the TXT record in your DNS settings in your controlpanel?
David Replied
@echoDreamz Actually it looks like I was the dumb user in this case ;)

@Brian For TTL I've put 14400. Previously, when testing, I had it at 300.
Daniel DiGello Replied
Has anyone got this to work?  I've kept the mail server internal for now since most servers send to this machine and relay from there as well normally don't need any ports opened up for a DKIM DNS record to be recognized in the world of DNS.   I opened a ticket but asking the team here.
Kyle Kerst Replied
Employee Post
One thing you can do in instance where you're waiting for propagation is forcing a /flushdns on the SmarterMail server using ipconfig /flushdns which should cause us to get the updated DNS record the next time we check. This won't help in scenarios where the DKIM record is unreachable via DNS however and for that I recommend setting primary/secondary DNS (in Settings>General) to a known good DNS host temporarily such as: (Cloudflare DNS) (Google DNS)
Kyle Kerst System/Network Administrator SmarterTools Inc. (877) 357-6278 www.smartertools.com

Reply to Thread