Dkim : b=signature absent

MaitreCake · 28 September 2020 19:59

Hello everybody,

I have a strange issue regarding signing outgoing emails with DKIM.
I did follow this tutorial to set it up but the private key does not add to the email.
My DNS looks propoperly set, but the b field stay empty :

DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; l=790; s=cmoi;

t=1601319841; c=relaxed/simple;

h=From:To:Date:Subject;

d=septentriontours.com; i=voyages@septentriontours.com;

z=From:=20=3D?UTF-8?Q?Septentrion_Tours_-_Votre_R=3DC3=3DA9ceptif_=3D28DMC=3D29_Hauts-de-Fran?=3D=20=3D?UTF-8?Q?ce?=3D=20<voyages@septentriontours.com>

|To:=20test-5978b069@appmaildev.com

|Date:=20Mon,=2028=20Sep=202020=2019:04:01=20+0000

|Subject:=20test=20ton=20DKIM;

bh=VKAR1r2JjZJngY9egdyvjCRjzvVqioippRpg3XxKOVk=;

b=

I amended my class.phpmailer.php as follow :

      /**
 * DKIM selector.
 * @var string
 */
public $DKIM_selector = 'cmoi';

/**
 * DKIM Identity.
 * Usually the email address used as the source of the email.
 * @var string
 */
*/
    public $DKIM_identity = 'voyages@septentriontours.com';

/**
 * DKIM passphrase.
 * Used if your key is encrypted.
 * @var string
 */
public $DKIM_passphrase = '';

/**
 * DKIM signing domain name.
 * @example 'example.com'
 * @var string
 */
public $DKIM_domain = 'septentriontours.com';

/**
 * DKIM private key file path.
 * @var string
 */
public $DKIM_private = '/etc/dkim/beautifullkey.key';

/**
 * DKIM private key string.
 * If set, takes precedence over `$DKIM_private`.
 * @var string
 */

/** public $DKIM_private_string = ''; */

My paired-keys had been generated using openSSL following this post

As you can see, I commented public $DKIM_private_string = ‘’; to be sure there was no conflict with it. I double-checked the path to the private key field. And I did try to chown the key file to www-data without any success. I set it back to root / 0400.

Did I miss something. What is the proper CHOWN CHMOD setting for the private key file ?
Do I need to change something somewhere else ?

I am kind of a noob but I did google this stuff for the last three weeks, and I did not find anything to help me.

By the way, my Suite CRM is Version 7.10.25 / Sugar Version 6.5.25 (Build 344) hosted on a ubutun 18.04 server.

Any help or clue regarding this issue would be very very appreciated.

MaitreCake · 29 September 2020 19:08

If anyone could point me any relevant documentation, I would be more than delighted.

Zeronaut · 21 October 2022 16:03

Hi @MaitreCake,
I ran into the same problem with my own self hosted SuiteCRM system and figure out the correct ownership and permissions to add.

SuiteCRM running in docker container with image: docker.io/bitnami/suitecrm
Version 7.12.2
Sugar Version 6.5.25 (Build 344)
Database in mariadb container that runs alongside the suitecrm docker container

So what I found for mine, your own settings may vary, and I’ll tell you how I found mine:
Where ever the SuiteCRM app is installed in my case I’m looking at the container under /bitnami/suitecrm/

ls -lash /bitnami/suitecrm

Results will look like the following:

   0 -rw-rw-r--   1 daemon root      0 Jan 20  2022 .buildcomplete
8.0K -rw-r--r--   1 daemon daemon 4.1K Jan 20  2022 .htaccess
4.0K drwxrwxr-x   5 daemon root   4.0K Jan 20  2022 Api
4.0K -rw-rw-r--   1 daemon root   2.6K Jan 20  2022 HandleAjaxCall.php
 36K -rw-rw-r--   1 daemon root    34K Jan 20  2022 LICENSE.txt

Now we know the user:group to chown, and the privileges as you already mentioned should be set to 0400, I’ve tested those and they are sufficient without allowing anything more to happen.

So then the way to get your key signature working is the following two commands (substitute your file location in there, mine is /etc/dkimkey.private). Note that I’m root by default in the docker container, so you’ll want to become root or use sudo as appropriate on your server.

chown daemon:root /etc/dkimkey.private
chmod 0400 /etc/dkimkey.private

If you have any more questions, let me know.
Bonne chance!