BSD & *nix, CPANEL/WHM

DKIM issue on Cpanel Server with Cloudflare DNS :(

By

1. Last night, I got complaint from my customer said that their server can’t send email to some gov agencies.

2. Usually if this happen, you should check your mail server blacklist or reputation.

3. Done check, the server was in good reputation and doesn’t listed on any RBL (You may check at https://www.senderbase.org/lookup/ or https://mxtoolbox.com/blacklists.aspx

4. So why the recipient does not accept our email ? The error code was : 554 5.7.1 (You are not allowed to connect)

5. From the error code, it’s doesn’t help you to troubleshoot since there are no details why we are not allowed to connect?

6. I have take several options to mitigate this issue. But this is not confirm that you are always welcome to any mail server.

7. Enable clamav scan for outgoing mail.

8. Configure DKIM on local NS. Since i’m using cloudflare, i need to copy the DKIM into cloudflare DNS.

9. DKIM record has been filled on the clouflare but the error still out there. I got error p= field must be base64 encoded (http://dkimcore.org/c/keycheck)

10. I just copy and paste the value of TXT DKIM.

12. I follow step by step how to setup DKIM on cloudflare, but error still there.

13. Then i looked into the details of the p= value with other domain which is with a good DKIM record. After compared, there are
3 spot look suspicious after query(dig default._domainkey.domain.com TXT). This is the value from cpanel DNS :

“v=DKIM1; k=rsa; p=MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAv+w6CJDDntA3Zwmk0p
f+5qCnmTE1NxA1zaVCZCtwWsuzPdbxdBpDb9R7lYB0V0zWzUAr8NGvnRsRJzYEZHRy6Gv5fplky15mJBppsy
6anSqU9V/n8dEUY6kE0BbwTJL0WJqxwlu+CJ8RS1lGl99XacpWl4Dgf0mhDZlv4ViB+hW1Gv9ao/0aQ+mWN
mWzYLYZD” 29mx0OM+bwepI1vMyW87mU4i0yi2KMrJRnqOG+lGVJp5qd5ooVpfH0VcHb4HI6ho8phlNa7
p/s4uG4pNKCXGET5OAr0E+tWE36nAbWIYsUrjTakbc6bBATXnK80tJf7tIf7zxCfIjqPOIZtwNPklQIDAQAB\;

What do you need to do when paste it into Cloudflare Edit Record: TXT content is like this:

v=DKIM1; k=rsa; p=MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAv+w6CJDDntA3Zwmk0pf+5q
CnmTE1NxA1zaVCZCtwWsuzPdbxdBpDb9R7lYB0V0zWzUAr8NGvnRsRJzYEZHRy6Gv5fplky15mJBppsy6anSq
U9V/n8dEUY6kE0BbwTJL0WJqxwlu+CJ8RS1lGl99XacpWl4Dgf0mhDZlv4ViB+hW1Gv9ao/0aQ+mWNmWzY
LYZD29mx0OM+bwepI1vMyW87mU4i0yi2KMrJRnqOG+lGVJp5qd5ooVpfH0VcHb4HI6ho8phlNa7p/s4uG4p
NKCXGET5OAr0E+tWE36nAbWIYsUrjTakbc6bBATXnK80tJf7tIf7zxCfIjqPOIZtwNPklQIDAQAB;

– Remove quotation mark ” at “v=DKIM1
– Remove quotation mark ” at ” 29mx0OM+bwepI1 and should no space.
– Remove \ before ; at the end.

This article was written by matn0t.