DKIM only passes for one domain on VPS

Phuturist

I have a VPS with CentOS7 and DirectAdmin and followed the DKIM install guide from DirectAdmin here. This generated the public and private key files in all domains under /etc/virtual/<<domainname>> and added the x._domainkey DNS records for all domains. I'm not sure if this should be the case but the keys are equal for all domains. As far as I understand that is how it is supposed to work on the same DirectAdmin install.

But it does not completely work. While testing it turns out DKIM only passes for one domainname but not for all others which have been added under the same DirectAdmin install. All domainnames have been setup equal with the correct DNS records and I can see the public and private keys under /etc/virtual/. I have tried several tools for checking DKIM but they dont really point me in the right direction. I'm hoping someone here can point me in the right direction though. Below are two message send from the server to gmail. One from the passing domain and one from a non-passing domain.

PASSED

Code:

Delivered-To: myreceiving@email.com
Received: by 2002:a02:ce91:0:0:0:0:0 with SMTP id y17csp2268787jaq;
        Thu, 20 Jun 2019 11:43:43 -0700 (PDT)
X-Google-Smtp-Source: APXvYqyHWv1IyFDou2UEbJDsI9lCO3ZPlvpivf+SDaxLWu/cMEnb84nA/g1V1peehYrxE8GyMn2W
X-Received: by 2002:adf:df10:: with SMTP id y16mr5120122wrl.302.1561056223289;
        Thu, 20 Jun 2019 11:43:43 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; t=1561056223; cv=none;
        d=google.com; s=arc-20160816;
        b=YGthbOIVg+Q8cdwD4QfD7hee1lXwGlZArgn6KWWoVadp7hpYSHEycZuQAW6+WqNLCF
         G9h/1i5sSqO/grOs0Bus95lfwrjL4dt+PkcsutD6TcFntRK9mZPSiWWxdYwPys67wUOD
         bUHqp5JACm/9qEteyJZ64NizIugYvXvZtvaEK2jBVkuP2GUIiF8I/shwYVL1Xx2nWTzm
         xzXQ9U1LaBS1vyHD2PehKIDZ6dnB+PErHwH0HK9811yEcZJiHtlGvfomFiNZKBUZix/c
         jUcc0Cr1E6DMs/b6+tftYe6ZjgJZ1ZK4Z7KvxuVXd1gC34TiaQ9vOsYyBD6R1mH0p3ue
         N/ig==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816;
        h=user-agent:message-id:organization:subject:to:from:date
         :mime-version:dkim-signature;
        bh=47DEQpj8HBSa+/TImW+5JCeuQeRkm5NMpJWZG3hSuFU=;
        b=T9/ZKb6Gf4vnAsVi7s9pAxnrwAHu8FiIPnQXoq/3+CYXvfxhqJLC9NUr4H1shrsHci
         Tlzjpa0xomErl9bqHg/jNfkB2MQTD891U50F3UQqyCd4hGSW4t2qoEEphanaLOGCeb8q
         y82B6nFlTlofbCCgyJT/m2NBtZd3mS9B5ePiE1uAAwTzSxmftAHgJy+QIyy/ARB1OU3j
         DZj8L4hZDSy2MGDHtcOXCSPSlKzdcDWGQSVYnQOmLxtZceAb6VlmKunO2SBar6pW317b
         iDsUx4YCzT3aXeBA+hXoFXavnvIbEF7V67oJH5Da5rZqQjq2GMkpiVvK4tHfc672aBGl
         oUGw==
ARC-Authentication-Results: i=1; mx.google.com;
       dkim=pass header.i=@solidewebservices.com header.s=x header.b=FI2O1Fs2;
       spf=pass (google.com: domain of mypassingsending@email.com designates 212.237.233.121 as permitted sender) smtp.mailfrom=mypassingsending@email.com;
       dmarc=pass (p=QUARANTINE sp=QUARANTINE dis=NONE) header.from=solidewebservices.com
Return-Path: <mypassingsending@email.com>
Received: from 14a8e.k.time4vps.cloud (14a8e.k.time4vps.cloud. [212.237.233.121])
        by mx.google.com with ESMTPS id h6si320983wrh.198.2019.06.20.11.43.42
        for <myreceiving@email.com>
        (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128);
        Thu, 20 Jun 2019 11:43:42 -0700 (PDT)
Received-SPF: pass (google.com: domain of mypassingsending@email.com designates 212.237.233.121 as permitted sender) client-ip=212.237.233.121;
Authentication-Results: mx.google.com;
       dkim=pass header.i=@solidewebservices.com header.s=x header.b=FI2O1Fs2;
       spf=pass (google.com: domain of mypassingsending@email.com designates 212.237.233.121 as permitted sender) smtp.mailfrom=mypassingsending@email.com;
       dmarc=pass (p=QUARANTINE sp=QUARANTINE dis=NONE) header.from=solidewebservices.com
DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=solidewebservices.com; s=x; h=Message-ID:Subject:To:From:Date:MIME-Version: Sender:Reply-To:Cc:Content-Type:Content-Transfer-Encoding:Content-ID: Content-Description:Resent-Date:Resent-From:Resent-Sender:Resent-To:Resent-Cc :Resent-Message-ID:In-Reply-To:References:List-Id:List-Help:List-Unsubscribe: List-Subscribe:List-Post:List-Owner:List-Archive; bh=47DEQpj8HBSa+/TImW+5JCeuQeRkm5NMpJWZG3hSuFU=; b=FI2O1Fs2n3AJn8+tZNq98+ij7X AwzN0C9MEbz/+Ie9cF1GjJwlWJBmMIt9hSnGsqOIvY9tDh5+lO+hYQ30azEcUoVltTIKAXKzJLEkQ BlNOxRi5kiqoRQsa2Nz1hAuSuI3B+ON1/brd9hhi6qWEbbAOm71K5OjT1AUU09tlOwSuStwPQTyf/ dHNkFsxS8FdVIZGC5x5AZEgxvbR3I6AB46/e6tykWAagbb3JvhVlZp1d1/rQpiac3OaISc9oz4bSs 6Xmp9QqiuQ0NZ8gOVNmTqzQKkbY6Rp6PhJFpmUhMG6Jfok1+Htt//TNT4/08VCpWaGVnuVs+kxx1j UpYemNIw==;
Received: from localhost ([127.0.0.1] helo=14a8e.k.time4vps.cloud) by 14a8e.k.time4vps.cloud with esmtpa (Exim 4.92) (envelope-from <mypassingsending@email.com>) id 1he22A-0002dZ-Dl for myreceiving@email.com; Thu, 20 Jun 2019 20:43:42 +0200
MIME-Version: 1.0
Date: Thu, 20 Jun 2019 20:43:42 +0200
From: Solide Webservices <mypassingsending@email.com>
To: myreceiving@email.com
Subject: test
Organization: Solide Webservices
Message-ID: <24ff6b4d81fd481b604492cf75590c89@solidewebservices.com>
X-Sender: mypassingsending@email.com
User-Agent: Roundcube Webmail/1.3.9
X-Authenticated-Id: mypassingsending@email.com

NOT PASSED

Code:

Delivered-To: myreceiving@email.com
Received: by 2002:a02:ce91:0:0:0:0:0 with SMTP id y17csp2343515jaq;
        Thu, 20 Jun 2019 13:10:53 -0700 (PDT)
X-Google-Smtp-Source: APXvYqz+fIS4qGLW+hrfdsjyrObjYJbYiY/aeD1AeuV1QVj4UdQmLRuwTy3MrSQ9r5vN3t0qCSLn
X-Received: by 2002:a5d:4703:: with SMTP id y3mr34728943wrq.35.1561061453625;
        Thu, 20 Jun 2019 13:10:53 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; t=1561061453; cv=none;
        d=google.com; s=arc-20160816;
        b=FFDByHJnnHPgtnFoMi/1dA0/05Hg7kRgcWoHh40n/XgkimjHJwmiebPm5vkBuH+F+j
         nH7DcAvwWJtYtAGkN/oDoHxhef4Nps0NqRHG+ib4l5ewcE+iLjW7U/pPyZQs05iYyyWJ
         LmOtYjUXSBKxyKqTKetuItHTeKZ9HKS39+Wl1EpCoLQ/lT+imwhQGWxO0pvyYXwBXkvM
         ebYl8et1W1BCScdgO0wSbSbIuuRJJtfRV4NY6UfUICTFXHkOJYGJ3ml/EVVhGecxhID4
         gPPgdh0XEj93Qq89ywbSRmEni+HzKIz9+bzLu30Bv6QpH7VxjRZzuhg5KnoAY6NJqev2
         eoEw==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816;
        h=user-agent:message-id:subject:to:from:date:mime-version
         :dkim-signature;
        bh=47DEQpj8HBSa+/TImW+5JCeuQeRkm5NMpJWZG3hSuFU=;
        b=hkvw342b7xF58oUmSGPkjH7SgSQ3LwQJCzdRYOMc/UHhUpbR4qfwqXthn91pgoKpCQ
         h6MHNQloNkVWc27BfU5gbqTB19HJMqxtXh4xVFsplY1OItm+zAmIuVgn2yX7mnBs9hvE
         +xverurh7q2K7n4Slg9bszBnU1yFRqn+njfVYcWqiPi4Zp8YItavWQEa2Z9xWwkuA8Zy
         3WylUZK3e1weYNPskawQ0FaqYbYA0/XRa8FBqU8FwyWlL/F9J1npd8+Gg8JnNi+NVjgm
         0OiNRIf3nzXw//VS8eNOK0FpPNRxvt3aTLX1IX3p3EtSVbpc7kBkkRmO/ROrml7uoIL0
         tTBg==
ARC-Authentication-Results: i=1; mx.google.com;
       dkim=fail header.i=@jelger-en-leonie.info header.s=x header.b=P4Jz89OE;
       spf=pass (google.com: domain of myfailingsending@email.com designates 212.237.233.121 as permitted sender) smtp.mailfrom=myfailingsending@email.com;
       dmarc=pass (p=QUARANTINE sp=QUARANTINE dis=NONE) header.from=jelger-en-leonie.info
Return-Path: <myfailingsending@email.com>
Received: from 14a8e.k.time4vps.cloud (14a8e.k.time4vps.cloud. [212.237.233.121])

William

Hello @Phuturist

In general, the same DKIM keys can be used by multiple domains as long as the keys are set properly. Currently it seems that the DKIM keys in your domains DNS zones are valid. In this case I would recommend on checking the following tools and send test e-mails from both of your e-mail addresses for comparison:

https://dkimvalidator.com/

In addition, you should also add your failing domain to google postmaster tool, to check if possibly google would clarify what exactly is incorrect with your DKIM record, for further investigations:

https://postmaster.google.com/managedomains

Hopefully any of this will help you to get on track and share the findings with our community.

Phuturist

Thanx for the quick response. I had already used various checking tools but they get me nowhere. I recieve pretty much the exact same result (different hash under b= ofcourse) but one domain is passing and all other are not due to "bad signature" or "bad RSA signature" depending on the tool. This while the signature itself is valid and even passes for one domain.

I'm clueless here and have already spent hours on it. I'll see if the postmaster tool from Google gets me anywhere, I have not used that yet.