XF 2.2 DKIM showing valid on MXToolBox but not on GMAIL & Xenforo

J

John917

Active member
My SPF and DMARC is working fine. However, after testing outbound mail on Xenforo ACP to my gmail, gmail, microsoft email, and xenforo says DKIM is failing.

Google screenshot:

1661423838555.png

Microsoft has similar results but with this added:
Code: 
header.from=website.com;
dkim=fail (invalid public key) header.d=website.com;
dkim=fail (signature did not verify) header.d=website.com; arc=pass (0 oda=0 ltdi=0 93)

MxToolBox says it's ok though:
1661412312270.png

This is how my dns record looks like:
1661412386329.png

Anything I'm doing wrong? Any way to troubleshoot this further? I might just had the wrong key by accidentally changing it on xenforo though. So I redid it and updated my DNS and am waiting to see if it fixes it.

Also any idea why my confirmation emails take forever to send? When I use the "test outbound email" tool in Xenforo ACP, it sends instantly. When sending validation email, it takes like 3-5 minutes for it to deliver. Google on the other hand reports it send quickly but it didn't....
1661424976372.webp

Also, the email that I'm using "noreply@website.com" is actually not even setup. So if people were to email it, I won't be receiving it. Not sure if this matters.

*Update
Showing valid on https://dkimcore.org/c/keycheck also.
Is the key generated by Xenforo 1024 or 2048 bit? Maybe it's 2048 bit and gmail/microsoft email don't support it?
Found something else interesting:
"Also any idea why my confirmation emails take forever to send? When I use the "test outbound email" tool in Xenforo ACP, it sends instantly. When sending validation email, it takes like 3-5 minutes for it to deliver. Google on the other hand reports it send quickly but it didn't...."
1661424976372.webp
 
Last edited:
Sort by date Sort by votes
Tracy Perry said:
Do you have DKIM signing going on at the MTA level also?
Click to expand...
Hi Tracy, how do I go about checking that? I run a linux server if you are referring to setting it up on the server end, rather than just Xenforo Admin Control Panel?

If I have to set things up on my server settings, is it just a config edit? Which file or directory?
 
Upvote 0 Downvote
How do you deliver your mail?
Do you use something like Mail in a Box?
Do you use Google Workspace business account with an associated domain?
Do you use Amazon SES?

It's not a "simple config edit". If you are processing through another MTA (Amazon SES for example), they sign it with their DKIM unless you SPECIFICALLY, during setup, define a custom DKIM.

Even if you are having XF do DKIM signing.. did you make the necessary DKIM entries in your DNS for the domain?
 
Upvote 0 Downvote
Tracy Perry said:
How do you deliver your mail?
Do you use something like Mail in a Box?
Do you use Google Workspace business account with an associated domain?
Do you use Amazon SES?

It's not a "simple config edit". If you are processing through another MTA (Amazon SES for example), they sign it with their DKIM unless you SPECIFICALLY, during setup, define a custom DKIM.

Even if you are having XF do DKIM signing.. did you make the necessary DKIM entries in your DNS for the domain?
Click to expand...
Hi tracy, for the last question are you referring to this?
1661426708612.png

I found this spamming my mail.log. IP is probably the receiving end because it isn't my server ip.
1661426699785.png

I'm using CPanel so I didn't really set it up myself. I think the problem is that I'm using noreply@website.com while I haven't really setup the email service in my server properly.

Is that what you are referring to?

Thanks for the help.

*I might be better off getting a Google Workspace email and connecting it to my DNS.
 
Last edited:
Upvote 0 Downvote
John917 said:
Hi tracy, for the last question are you referring to this?
View attachment 272514

I found this spamming my mail.log. IP is probably the receiving end because it isn't my server ip.
View attachment 272513

I'm using CPanel so I didn't really set it up myself. I think the problem is that I'm using noreply@website.com while I haven't really setup the email service in my server properly.

Is that what you are referring to?

Thanks for the help.
Click to expand...
Not really.. who/where is handling your email for your domain?
What you show is a TXT record for the DKIM.. it SHOULD match whatever is configured in XenForo.
Are you using SMTP to send the email or PHP (if the latter, I'd suggest using SMTP and setting up an actual email account).
Is Global Communication Net your ISP provider by chance... or are they hosting your site?

In my case, now for my site, I am using the free Amazon SES level (50K a day delivery rate) to process all my outbound mail from a sub-domain of my main domain. I am having NO problems sending to Hotmail/Outlook/Live emails, unlike before whenI used my own Mail in a Box setup on a Digital Ocean VPS (their IP's are for crap for being clean) or even using a GMail Workspace domain related account.
The Amazon SES was somewhat hard to set up (took about 2 ounces of high quality bourbon before I my brain was able to figure it out) but now I'm getting great delivery.
 
Upvote 0 Downvote
Tracy Perry said:
Not really.. who/where is handling your email for your domain?
What you show is a TXT record for the DKIM.. it SHOULD match whatever is configured in XenForo.
Are you using SMTP to send the email or PHP (if the latter, I'd suggest using SMTP and setting up an actual email account).

In my case, now for my site, I am using the free Amazon SES level (50K a day delivery rate) to process all my outbound mail from a sub-domain of my main domain. I am having NO problems sending to Hotmail/Outlook/Live emails, unlike before whenI used my own Mail in a Box setup on a Digital Ocean VPS (their IP's are for crap for being clean) or even using a GMail Workspace domain related account.
The Amazon SES was somewhat hard to set up (took about 2 ounces of high quality bourbon before I my brain was able to figure it out) but now I'm getting great delivery.
Click to expand...
THank you for that tracy. Yes, I'm using something from CPanel on my own VPS. Didn't know that Gmail Workspace had crap IP's.

I'll try the Amazon SES route for now. Would you be interested in helping me do this for a fee? Or perhaps link me some great tutorials so I don't end up passing out on my table here xD been working 12 hours straight and just took a walk 10 mins ago.
 
Upvote 0 Downvote
John917 said:
THank you for that tracy. Yes, I'm using something from CPanel on my own VPS. Didn't know that Gmail Workspace had crap IP's.

I'll try the Amazon SES route for now. Would you be interested in helping me do this for a fee? Or perhaps link me some great tutorials so I don't end up passing out on my table here xD been working 12 hours straight and just took a walk 10 mins ago.
Click to expand...
Gmail doesn't.. and if you are sending through them.. that is probably what the issue is as the DKIM you are sending is not the same as what Gmail is attaching.

How EXACTLY are you sending your outbound email. If going through Gmail, I'm assuming you already have an account set up that you use that is associated with the domain, and if so, there are instructions how to set your Google WorkSpace DKIM up.... if you are using a standard GMail account...DON'T!
Get a REAL email account associated with your domain.

I used to do this stuff for others here.. and usually for free. But unluckily my time for the last 8 months or so is REALLY limited, as I am trying to get my current site off the ground, having to create content for it, which, because of the topic area, involves hours of time late at night doing captures.
The Amazon SES stuff is not that hard to set up.. but if you have issues, you might ask @MattW if he might be interested. He's one of the few that I've dealt here that I would trust with my system.
 
Last edited:
Upvote 0 Downvote
Tracy Perry said:
Gmail doesn't.. and if you are sending through them.. that is probably what the issue is as the DKIM you are sending is not the same as what Gmail is attaching.

How EXACTLY are you sending your outbound email. If going through Gmail, I'm assuming you already have an account set up that you use that is associated with the domain, and if so, there are instructions how to set your Google WorkSpace DKIM up.... if you are using a standard GMail account...DON'T!
Get a REAL email account associated with your domain.
Click to expand...
Well what I meant is I used Gmail workspace with my own domain before. Currently I was trying to get dkim working with my own vps and mail server on the same vps. I'm not too good with setting up a mail server on a vps and also not sure if my ip on the vps is any good. On top of that making it work with xenforo.

Just to clarify ur saying google workspace has good ip's? If so, what made you go with Amazon ses?

Heard great things about Amazon ses. But Googles option seems easier to manage and set up. Also I dont have a server with Amazon so I'll be paying for ses but they are filthy cheap.
 
Upvote 0 Downvote
Yes, Google Workspace generally has clean IP's... but bang for the buck I'd be looking more at Amazon SES for simple sending of your email...and use other accounts for your bounced/unsubscribe receipts. Your mail sender doesn't have to be on the same server as your mail receiver.
 
Last edited:
Upvote 0 Downvote
You must log in or register to reply here.

Similar threads

digitalpoint
  • Suggestion Suggestion
Implemented Signing of outgoing emails with DKIM
Replies
5
Views
14K
Chris D
Chris D
Muhammad Asif
  • Locked
Not a bug Confirmation email is taking more than 5 minutes for gmail account users
Replies
1
Views
391
Chris D
Chris D
Kangy
  • Question Question
XF 2.0 Gmail users not receiving emails
2
Replies
20
Views
4K
Sim
Sim
borgqueenx
  • Question Question
XF 1.5 Help with email delivery/spam!!! Tried so much already...
Replies
10
Views
4K
fingon
fingon
M
  • Question Question
XF 1.5 GMail Smtp SSL Could not open socket on an ubuntu XAMPP Server
Replies
4
Views
4K
TPerry
TPerry
Top Bottom