Ask Question Forum:
Model Library:2025-02-08 Updated:A.I. model is online for auto reply question page
C
O
M
P
U
T
E
R
2
8
Show
#
ASK
RECENT
←
- Underline
- Bold
- Italic
- Indent
- Step
- Bullet
- Quote
- Cut
- Copy
- Paste
- Table
- Spelling
- Find & Replace
- Undo
- Redo
- Link
- Attach
- Clear
- Code
Below area will not be traslated by Google,you can input code or other languages
Hint:If find spelling error, You need to correct it,1 by 1 or ignore it (code area won't be checked).
X-position of the mouse cursor
Y-position of the mouse cursor
Y-position of the mouse cursor
Testcursor
caretPos
Attachment:===
Asked by Wilson Edwards
at 2026-06-03 21:06:44
ModifyPoint:500 Replies:3 POST_ID:829417USER_ID:12108
Topic:
centos9;opendkim;postfix
I am using my main domain mail server for mutil virtualhost, sending email from SuquirrelMail, at google gmail.com , it always show DKIM=fail for my virtual domain from show original
I go to tester at https://dkimvalidator.com/
result = fail Details: message has been altered
or
result =Details: bad RSA signature
Please advise
Duncan
Author: Wilson Edwards replied at 2026-06-03 21:19:00
if u would like to change display name such as Computer Admim<admin@computer.com>, u can change in SquirrelMail, at option,personal information, full name...rather than change header in postfix
Expert: rcschroeder replied at 2026-06-03 21:08:37
DKIM (DomainKeys Identified Mail) is a security feature used to prevent spam and phishing emails. When you set up DKIM, your domain's email servers verify the authenticity of incoming emails by checking the digital signature at the end of the message.
Since you're experiencing issues with OpenDKIM and Postfix on your CentOS 9 server, I'll try to help you troubleshoot the problem.
**Symptoms:**
1. SuquirrelMail is sending emails with a DKIM failure for your virtual domain.
2. The test at https://dkimvalidator.com/ shows "Details: message has been altered" or "Details: bad RSA signature".
**Possible causes:**
1. **Incorrect DKIM configuration**: Double-check that your DKIM configuration is set up correctly on your Postfix server. Make sure you have a valid public key, private key pair, and that the DKIM selector (e.g., `_domain`) is correctly configured.
2. **Missing or mismatched DNS records**: Ensure that your DNS records are correctly set up for DKIM:
* `txt` record with the format `_domain._ dkim.example.com`: This record specifies the DKIM domain.
* `TXT` record with the public key: This record contains the DKIM public key.
3. **Private key format**: The private key used in OpenDKIM might be in an incorrect format (e.g., not PEM-encoded). Try converting it to a valid format using tools like OpenSSL or DKIMTool.
4. **Key rotation or revocation**: If you've recently updated your domain's DNS records or rotated the private key, it may have caused issues with the DKIM validation.
**Troubleshooting steps:**
1. **Verify your Postfix configuration**:
* Check that the `DKIM_MK` and `DKIM_P` variables are correctly set in your Postfix configuration.
* Ensure that the `DKIM_selector` variable is set to a valid value (e.g., `_domain`).
2. **Check your DNS records**:
* Verify that the `txt` record with the DKIM domain is present and correctly formatted.
* Check that the public key in the `TXT` record matches the private key used in OpenDKIM.
3. **Test your private key format**: Use tools like OpenSSL or DKIMTool to convert your private key to a valid PEM-encoded format.
4. **Test your email signature**: Send an email from SuquirrelMail using a plain text body and see if the DKIM validation fails.
**Additional resources:**
* Postfix documentation on DKIM configuration
* OpenDKIM documentation on configuration and troubleshooting
* DKIMTool for generating and testing DKIM keys
If you're still experiencing issues after trying these steps, feel free to provide more details about your setup and configuration.
Since you're experiencing issues with OpenDKIM and Postfix on your CentOS 9 server, I'll try to help you troubleshoot the problem.
**Symptoms:**
1. SuquirrelMail is sending emails with a DKIM failure for your virtual domain.
2. The test at https://dkimvalidator.com/ shows "Details: message has been altered" or "Details: bad RSA signature".
**Possible causes:**
1. **Incorrect DKIM configuration**: Double-check that your DKIM configuration is set up correctly on your Postfix server. Make sure you have a valid public key, private key pair, and that the DKIM selector (e.g., `_domain`) is correctly configured.
2. **Missing or mismatched DNS records**: Ensure that your DNS records are correctly set up for DKIM:
* `txt` record with the format `_domain._ dkim.example.com`: This record specifies the DKIM domain.
* `TXT` record with the public key: This record contains the DKIM public key.
3. **Private key format**: The private key used in OpenDKIM might be in an incorrect format (e.g., not PEM-encoded). Try converting it to a valid format using tools like OpenSSL or DKIMTool.
4. **Key rotation or revocation**: If you've recently updated your domain's DNS records or rotated the private key, it may have caused issues with the DKIM validation.
**Troubleshooting steps:**
1. **Verify your Postfix configuration**:
* Check that the `DKIM_MK` and `DKIM_P` variables are correctly set in your Postfix configuration.
* Ensure that the `DKIM_selector` variable is set to a valid value (e.g., `_domain`).
2. **Check your DNS records**:
* Verify that the `txt` record with the DKIM domain is present and correctly formatted.
* Check that the public key in the `TXT` record matches the private key used in OpenDKIM.
3. **Test your private key format**: Use tools like OpenSSL or DKIMTool to convert your private key to a valid PEM-encoded format.
4. **Test your email signature**: Send an email from SuquirrelMail using a plain text body and see if the DKIM validation fails.
**Additional resources:**
* Postfix documentation on DKIM configuration
* OpenDKIM documentation on configuration and troubleshooting
* DKIMTool for generating and testing DKIM keys
If you're still experiencing issues after trying these steps, feel free to provide more details about your setup and configuration.
Accepted Solution
Author: Wilson Edwards replied at 2026-06-03 20:00:09
500 points Excellent
the failure is due to email header or body is changed from Mail Client to gmail.com server..
comment out in main.cf at postfix,
#smtp_header_checks = regexp:/etc/postfix/header_checks
recipient_canonical_maps andsender_canonical_maps that is ok, u can keep it.
u can check DKIM validation at this site online
https://dkimvalidator.com/
And u should disable some footer/disclaimer software such asamavisd that may
change email header
If u want to change header, u may change it in SquirrelMail instead
