View All Products
Compute
Storage
Databases
Networking
Developer Tools
Delivery
Security
Services
Industries
Pricing
Community
Engage With Us
Community Questions DKIM Postfix configuration- opendkim-testkey returns unknown hash error
Log in to Ask a Question

DKIM Postfix configuration- opendkim-testkey returns unknown hash error

email

1. I am in process of configuring mail server with DKIM per instructions on Linode tutorial ~~[https://www.linode.com/docs/email/postfix/configure-spf-and-dkim-in-postfix-on-debian-8" target="_blank">](https://www.linode.com/docs/email/postf … n-debian-8">https://www.linode.com/docs/email/postfix/configure-spf-and-dkim-in-postfix-on-debian-8](. Things work well for me until I have to test configuration with opendkim-testkey -vvv command and receive error:

opendkim-testkey: using default configfile /etc/opendkim.conf
opendkim-testkey: checking key '201702._domainkey.example.co'
opendkim-testkey: unknown hash 'rsa-sha256'

Current TXT record on DNS looks like so:````
v=DKIM1; h=rsa-sha256; k=rsa; s=email;kjlksjjlsjjdls….

2\. Here is what I have done that seems to have a positive effect on the situation.

If I edit and remove````
h=rsa-sha256

from TXT record on my DNS to look like following:````
v=DKIM1; k=rsa; s=email;kjlksjjlsjjdls….

When I run opendkim-testkey -vvv this time around key seem to be OK but not secure.

opendkim-testkey: using default configfile /etc/opendkim.conf
opendkim-testkey: checking key '201702._domainkey.example.co'
opendkim-testkey: key not secure
opendkim-testkey: key OK
````

What do I need to do to correct the unknown hash error? Am I missing something on my server configurations that is causing the error?

3 Replies

I'm using CentOS 7 with this script so maybe you could take a look at the configuration and compare it with yours?

here is the: opendkim.conf

Take a look here, see if that sheds some light on the issue: https://github.com/linode/docs/pull/620

Thanks guys for the replies.

I re-read the linode instructions again and it seems that in their implementation, they simply omitted the "h=rsa-sha256" section.

They also seems to indicate that moving forward after the "key not secure message" is fine. :-/

Since then I've been running with the key as with the "h=rsa-sha256" flag and DKIM test and checks came back positive.

Solution suggest by @alexfornuto link here at https://github.com/linode/docs/pull/620 seems like a promising fix. Will try in out to see if error goes away in a few weeks when I have to change the keys again.

Thanks again!!! :-)

Reply

Please enter an answer
Tips:

You can mention users to notify them: @username

You can use Markdown to format your question. For more examples see the Markdown Cheatsheet.

> I’m a blockquote.

I’m a blockquote.

[I'm a link] (https://www.google.com)

I'm a link

**I am bold** I am bold

*I am italicized* I am italicized

Log in to Reply
Community Code of Conduct