Thanks for the clarification. When Clearcenter allow me the time, I'll update the HowTo, but note that your comment applies to which ever site hosts your domain. It is not restricted to Clearcenter hosting your domain.

FWIW your SPF record can also be simplified from:

v=spf1 a:hardingclan.org mx:mail.hardingclan.org ip4:58.96.115.109 include:hardingclan.org -all

to:

v=spf1 a mx -all

as hardingclan.org is assumed for the A and MX records. Your A record directly resolves to your IP and your MX record resolves to mail.hardingclan.org which resolves to hardingclan.org so there is no point in specifying the IP and the include just sends the SPF lookup in circles.

Charles & Nick,
I've just been thru the process of creating a new domain and stepped thru the ClearOS Documentation HowTo for installing and creating a DKIM key. I also did EXACTLY as per the HowTo and reading your previous post Charles, I figured out where I also was going wrong.

In the HowTo it states

Now you need to update your DNS records. Open the file '/etc/opendkim/keys/mydomain.com/YYYYMM.txt'. In your DNS records, create a new TXT record with a subdomain as the first field in the file which you can just copy. In this case, it is “YYYYMM._domainkey”. For TXT Data copy and paste everything between the first and last set of quotes, excluding the first and last quotes and removing the middle quotes and whitespace between them.

I didn't realize the "DNS records, create a new TXT record with a subdomain" were referencing the Online DNS service used to create your DNS record. In my instance, because I registered the domain name using ClearCenter, the reference being the ClearCenter DNS Config TXT web portal, but this whatever YOU'VE used to create YOUR domain (i.e. GoDaddy, Google, or whatever).

Where I went wrong was thinking the "DNS records" HowTo reference was somewhere within my actual COS server. This left me scratching my head for almost a week!

Anyway, screenshots of the HowTo plus my ClearCenter DNS Config TXT web portal

I repeated the Howto steps but added a new subdomain "202012._domainkey" using the DNS Config TXT tool on the secure.clearcenter.com/portal. and now I have a working openDKIM key.

I tested the SPF and DKIM key using https://www.mail-tester.com/spf-dkim-check
Everything now checks out and I'm confident I've got a valid SPF and DKIM record for my new Domain and emails should happily reach their destination... although this is still yet to be tested.

There is somehting wrong in your opendkim set up:

Jun  7 09:06:19 vilatam opendkim[6864]: 13ACF1FA410: signing table references unknown key '202006'

Jun  7 09:06:19 vilatam postfix/cleanup[8059]: 13ACF1FA410: milter-reject: END-OF-MESSAGE from VBT-10.vilatam.com[10.10.0.153]: 4.7.1 Service unavailable - try again later; from=<charles@vilatam.com> to=<check-auth@verifier.port25.com> proto=ESMTP helo=<VBT10>

Jun  7 09:06:21 vilatam postfix/smtpd[8056]: disconnect from VBT-10.vilatam.com[10.10.0.153]

Jun  7 09:06:32 vilatam postfix/smtpd[8056]: connect from VBT-10.vilatam.com[10.10.0.153]

Jun  7 09:06:32 vilatam pop3[8073]: login: VBT-10.vilatam.com [10.10.0.153] charles plaintext User logged in SESSIONID=<vilatam.com-8073-1591538792-1>

Jun  7 09:06:32 vilatam postfix/smtpd[8056]: 098801FA417: client=VBT-10.vilatam.com[10.10.0.153], sasl_method=LOGIN, sasl_username=charles@vilatam.com

Jun  7 09:06:32 vilatam postfix/cleanup[8059]: 098801FA417: message-id=<002401d63cd4$d8cd12e0$8a6738a0$@vilatam.com>

Jun  7 09:06:32 vilatam pop3[8073]: USAGE charles user: 0.001524 sys: 0.003049

Jun  7 09:06:32 vilatam pop3[8073]: counts: retr=<1> top=<0> dele=<0>

Jun  7 09:06:32 vilatam opendkim[6864]: 098801FA417: signing table references unknown key '202006'

Really you have to look for this sort of thing in the logs and not me. You know when you stopped and started postfix and tried sending a message.

What are the contents of /etc/opendkim/KeyTable and /etc/opendkim/SigningTable?

Nick Howitt wrote:

You've got me with your screenshot. Which screen is it? My opendkim has two processes so yours looks OK. There are no messages in /var/log/maillog when you restart the SMTP server or try and send a mail?

What is the contents of /etc/opendkim/TrustedHosts?

Trusted Host File

# OPENDKIM TRUSTED HOSTS
# To use this file, uncomment the #ExternalIgnoreList and/or the #InternalHosts
# option in /etc/opendkim.conf then restart OpenDKIM. Additional hosts
# may be added on separate lines (IP addresses, hostnames, or CIDR ranges).
# The localhost IP (127.0.0.1) should always be the first entry in this file.
127.0.0.1
::1
#host.example.com
#192.168.1.0/24

I've attached the log file link cause I'm not sure what I'm looking for

https://cloud.vilatam.com/index.php/s/eZyrMXapsmgNt7P

Nick Howitt wrote:

You've got me with your screenshot. Which screen is it? My opendkim has two processes so yours looks OK. There are no messages in /var/log/maillog when you restart the SMTP server or try and send a mail?

What is the contents of /etc/opendkim/TrustedHosts?

Trusted Host File

# OPENDKIM TRUSTED HOSTS
# To use this file, uncomment the #ExternalIgnoreList and/or the #InternalHosts
# option in /etc/opendkim.conf then restart OpenDKIM. Additional hosts
# may be added on separate lines (IP addresses, hostnames, or CIDR ranges).
# The localhost IP (127.0.0.1) should always be the first entry in this file.
127.0.0.1
::1
#host.example.com
#192.168.1.0/24

I've attached the log file cause I'm not sure what I'm looking for

Nick Howitt wrote:

You've got me with your screenshot. Which screen is it? My opendkim has two processes so yours looks OK. There are no messages in /var/log/maillog when you restart the SMTP server or try and send a mail?

What is the contents of /etc/opendkim/TrustedHosts?

Trusted Host File

# OPENDKIM TRUSTED HOSTS
# To use this file, uncomment the #ExternalIgnoreList and/or the #InternalHosts
# option in /etc/opendkim.conf then restart OpenDKIM. Additional hosts
# may be added on separate lines (IP addresses, hostnames, or CIDR ranges).
# The localhost IP (127.0.0.1) should always be the first entry in this file.
127.0.0.1
::1
#host.example.com
#192.168.1.0/24

I've attached the log file cause I'm not sure what I'm looking for

Nick Howitt wrote:

You've got me with your screenshot. Which screen is it? My opendkim has two processes so yours looks OK. There are no messages in /var/log/maillog when you restart the SMTP server or try and send a mail?

What is the contents of /etc/opendkim/TrustedHosts?

Trusted Host File

# OPENDKIM TRUSTED HOSTS
# To use this file, uncomment the #ExternalIgnoreList and/or the #InternalHosts
# option in /etc/opendkim.conf then restart OpenDKIM. Additional hosts
# may be added on separate lines (IP addresses, hostnames, or CIDR ranges).
# The localhost IP (127.0.0.1) should always be the first entry in this file.
127.0.0.1
::1
#host.example.com
#192.168.1.0/24

I've attached the log file cause I'm not sure what I'm looking for

You've got me with your screenshot. Which screen is it? My opendkim has two processes so yours looks OK. There are no messages in /var/log/maillog when you restart the SMTP server or try and send a mail?

What is the contents of /etc/opendkim/TrustedHosts?

Nick Howitt wrote:

I've no idea what is going wrong. Is opendkim running? What does the maillog say when trying to restart postfix?

I would say yes ... screen shot attached and I get no error, once I initiate the cmd it gives me another prompt with no error and according to app maintainer smtp is running right now

I've no idea what is going wrong. Is opendkim running? What does the maillog say when trying to restart postfix?

I'm not sure If I should create a new thread or not, however this would be a continuation.

Per the guide the next step in the process would be add the following to the my post fix main.cf which I did.

# Mail restrictions
smtpd_recipient_restrictions = permit_sasl_authenticated, permit_mynetworks, reject_unauth_destination

smtpd_milters = inet:127.0.0.1:8891
non_smtpd_milters = $smtpd_milters
milter_default_action = accept
milter_protocol = 6

Restarted the smtp server and when I tested send and receive I receive this.

Task 'charles@vilatam.com - Sending' reported error (0x800CCC6A) : 'Your outgoing (SMTP) e-mail server has reported an internal error. If you continue to receive this message, contact your server administrator or Internet service provider (ISP). The server responded: 451 4.7.1 Service unavailable - try again later'

Remove the line, restart and it works again,

After a bit a research and looking at the log files Mail Antivirus could affect SMTP, so I shut that service down for the time being, added the line back into the config and same thing.

Any thoughts Nick ?

You are the man ! :

m.com
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 53307
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 512
;; QUESTION SECTION:
;202006._domainkey.vilatam.com. IN ANY

;; ANSWER SECTION:
202006._domainkey.vilatam.com. 119 IN A 38.39.208.117

;; Query time: 119 msec
;; SERVER: 127.0.0.1#53(127.0.0.1)
;; WHEN: Sun Jun 07 07:28:49 CDT 2020
;; MSG SIZE rcvd: 74

[root@vilatam ~]# opendkim-testkey -d vilatam.com -s 202006 -vvv
opendkim-testkey: using default configfile /etc/opendkim.conf
opendkim-testkey: checking key '202006._domainkey.vilatam.com'
opendkim-testkey: key OK
[root@vilatam ~]#

So in theory which I don't the time for at the moment finish the config of postfix, restart my smtp sever and I should be good to go ?

Ok I think I understand, However

This is the text record I created per the documentation where did I go wrong ?

v=DKIM1; h=sha256; k=rsa; s=email; p=MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA0kQnP25bWhwq6vychTlNVG5hp/Q8W/JQMGGdMawzuccDwc9xhEM15PGwIJKYf8txPYrfDbLejsuYojZcNFPXhHBor8SsiC1Lnqv4WwuLLAz9eLE0Q8XSq3lg868JaLp8Zl/1CEUu6r2+P8krHaz6AIYCMTSc4zzTobbIT96TRnyCRo3kI4WtWob8d8NJdN7pUUt0CyGhNkdxXvYImjoOKWiy7xZRn+5w03IQIIImyRSO9vhXJv84YA6i05K/9r8GHhUqenMABP1xl1SRHJZuI1ixUWXgNO6VfchvtcLWc1SHHyqPAdguzsuzGI+Co7HMXba2cWiZQKUWWh/nhI43KwIDAQAB

What you've done is set up an A record for 202006._domainkey.vilatam.com. This should be a TXT record with the value of your key. Mine (a bit old!) gives:

[root@server ~]# dig -t any 201809._domainkey.howitts.co.uk



; <<>> DiG 9.11.4-P2-RedHat-9.11.4-9.P2.el7 <<>> -t any 201809._domainkey.howitts.co.uk

;; global options: +cmd

;; Got answer:

;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 28549

;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 0



;; QUESTION SECTION:

;201809._domainkey.howitts.co.uk. IN    ANY



;; ANSWER SECTION:

201809._domainkey.howitts.co.uk. 600 IN TXT     "v=DKIM1; h=sha256; k=rsa; s=email; p=MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtJ/dCtshYHXO6ImfKG0KwvM75FGtnsu6YqzlMcjhQF/uwz" "1xUM8itWyfAtHIoSRLjt6IJKfZ05vrruxga/l9M6vy6Mf225ehWKZKZw6+GQ8s5TVsQrhuhSAj38WuaXWIR0qviK7MAdCy6Eu0S4G3441E6nav2czQz7uJDJ8tKs58e" "dKkVhFvNp9lE4QhpBhHDnpJsvtn3jk2YfE6BRPVpB1ufGU2cwYUiIGnBQamOy1QwPoJ0CFXz6J7tv7aV+hsJcl4yZf+vZbq0NbQnlGpVj3EfVuQOgoSxaVSpqGF+1mt" "i9thljD6fwmT10eOWm1DGim+/JpfO0Vq5BHueK/M6wIDAQAB"



;; Query time: 309 msec

;; SERVER: 127.0.0.1#53(127.0.0.1)

;; WHEN: Sun Jun 07 09:02:52 BST 2020

;; MSG SIZE  rcvd: 494

Note a TXT record is returned and not an A record and note the value.

Sometime in the future I want to rewrite the howto or add to it as amavis can do it all and, if you have the antispam stuff, you already have amavis so there is no need for additional packages.