Thanks Mark. I sent an email as suggested and it came back as a fail for DKIM.
“I see you've included a DKIM signature. I've retrieved the public key from
1._domainkey.warwickri.gov
The signature failed validation. The Auth Result is fail.”
Now I am really confused. I checked what the link you shared showed and what we
sent to our ISP and everything seems to match up. Could it be a propagation
issue? Our DNS host provider added the settings 2 days ago, so I assumed it
should be working by now?
From: mailop On Behalf Of Mark Alley via mailop
Sent: Friday, March 3, 2023 11:59 AM
To: mailop@mailop.org
Subject: [EXT] - Re: [mailop] New member, trying to bring our mail server
inline.
The selector seems to just be "1", of which the published record appears to be
valid in DNS.
https://tools.wordtothewise.com/dkim/check/warwickri.gov/1
DNS propagation<https://dnschecker.org/#TXT/1._domainkey.warwickri.gov> shows
the DKIM record is resolvable across the internet, so resolution isn't the
problem, and it appears to be syntactically valid.
@Salvatore - if you send a test message to the address provided to you on
https://learndmarc.com, it will show you authentication results of direct
messages from your mail server which you can use to troubleshoot authentication
further.
- Mark Alley
On 3/3/2023 10:27 AM, Laura Atkins via mailop wrote:
Based on the headers of the message you sent here (to mailop), you have yet to
actually publish a public key in DNS.
https://tools.wordtothewise.com/dkim/check/warwickri/1677852725
laura
On 3 Mar 2023, at 14:12, Salvatore Jr Walter P via mailop
<mailto:mailop@mailop.org> wrote:
We are in the final stages of migrating our exchange server from 2013 to 2019.
I found out we had no SPF, DMARC, DKIM etc setup on our domains.
Trying to get us setup properly and have SPF and DMARC working, DKIM is another
story.
Setup on the server, sent the key to our ISP for the DNS to be added.
Headers show the signature is being included.
DKIM-Signature: v=1; a=rsa-sha256; d=redacted.gov<http://redacted.gov/>; s=1;
c=relaxed/relaxed;
t=1677851456; h=from:subject:to:date:message-id;(rest of key)
Also from the headers:
Authentication-Results: inbound.redacted.net<http://inbound.redacted.net/>;
spf=pass smtp.mailfrom=redacted@ redacted.gov<http://redacted.gov/>;
dkim=fail header.d= redacted.gov<http://redacted.gov/>;
dmarc=pass (policy=none; pct=100; status=pass);
arc=none
Any suggestion where to go from here? We are having all emails blocked by AT,
no idea why so trying to get all our ducks in a row and make sure we are doing
everything the “right” way.
___
mailop mailing list
mailop@mailop.org<mailto:mailop@mailop.org>
https://list.mailop.org/listinfo/mailop
--
The Delivery Experts
Laura Atkins
Word to the Wise
la...@wordtothewise.com<mailto:la...@wordtothewise.com>
Email Delivery Blog: http://wordtothewise.com/blog
___
mailop mailing list
mailop@mailop.org<mailto:mailop@mailop.org>
https://list.mailop.org/listinfo/mailop
___
mailop mailing list
mailop@mailop.org
https://list.mailop.org/listinfo/mailop