DKIM signing with amavis (dig shows the record propagated)

Todor Todorov todor at
Tue Dec 18 21:04:47 CET 2012

Hi everyone,

I know this question has been asked before and I swear, I read
everything I could find on the net.  Still, amavisd-new testkeys results
in "invalid (public key: not available)" and I fail to sign my mail.

Here is my setup... This is a Ubuntu 11.04 server with Amavisd-new 2.6.5
and postfix 2.8.5.  I created my signing key with 'amavisd-new genrsa
/etc/amavis/' and changed the amavis config
as follows

( file /etc/amavis/comf.d/21-ubuntu_defaults...)
$enable_dkim_verification = 1;
$enable_dkim_signing = 1;
dkim_key('', 'dkim',
@dkim_signature_options_bysender_maps = ( { '.' => { ttl => 21*24*3600,
c => 'relaxed/simple' } } );
@mynetworks = qw(;

amavisd-new showkeys gives me the entry I have to make into DNS, which I
did and after a while dig gives back:
$> dig -t txt

; <<>> DiG 9.7.3 <<>> -t txt
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 24080
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 0

; IN    TXT

;; ANSWER SECTION: 2985 IN TXT    "v=DKIM1\;

;; Query time: 10 msec
;; WHEN: Tue Dec 18 14:47:28 2012
;; MSG SIZE  rcvd: 289

I copied the public key from 'amavisd-new showkeys' and the dig result
to 2 separate txt files and compared with diff just to see if I missed a
character or something... Not the case, the strings are absolutely the
same.  But 'amavisd-new testkeys' results in:

TESTING#1:    => invalid (public key: not

I also made sure that the key file is readable by root and the amavis
group, but that did not solve anything. And so I am stumped; no idea how
to proceed from here and why isn't this working...  I would appreciate
it very much, if someone more knowledgeable could help me out.  Thanks!

Best regards,
T. Todorov

More information about the amavis-users mailing list