I have set up a mail server but when I send mail to gmail accounts I get
Authentication-Results: mx.google.com;
dkim=temperror (no key for signature) [email protected] header.s=porifera.site header.b=NDzL8dZn;
spf=pass (google.com: domain of [email protected] designates 81.169.136.154 as permitted sender) [email protected];
dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=porifera.site
If I am understanding the output here correctly, the gmail server is looking for a dkim record with the domain h2993269.stratoserver.net with the selector porifera.site. This is backwards. h2993269.stratoserver.net is the hostname which I used as a selector because opendkim recommends doing so. The dns record looks like this:
This dmarc tester I found says the record is set up correctly. https://www.dmarcanalyzer.com/dkim/dkim-checker/?dmarcdns%5Btype%5D=dkim&dmarcdns%5Bselector%5D=h2993269.stratoserver.net&dmarcdns%5Bdomain%5D=porifera.site
the dkim signature on the mail looks like:
DKIM-Signature: v=1; a=rsa-sha256; c=simple/simple;
d=h2993269.stratoserver.net; s=porifera.site; t=1670839153;
which also has the selector and domain reversed so there must be an issue in my opendkim config
What have I done wrong?
Something about laying it out in a stackoverflow question has a way of clarifying the mind. I realised it must be an issue in my opendkim config so I went back through it all and sure enough my Keytable had
but it should have been