Amvisd DKIM issue postfix not matching

I am having issue Amvisd DKIM using postfix. I cant figure out what is wrong been trying to figure it out for a few days, to me it seems the email are being signed correctly by amvisd but it is not matching my public key.


When i run amavisd showkeys I get the below output
; key#1, domain ngvemail.com, /var/db/dkim/ngvemail.com.pem
default._domainkey.ngvemail.com.        3600 TXT (
  "v=DKIM1; p="
  "MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDJldKngdR9Ru5VQQndzLo+ktKb"
  "CNU7o6tfAhxtPu/11AVpyUl9dv7cS3+JENT6MmX2Gy5W7D82LScgktmxetuMJG6t"
  "lbd+DuAMdaZgAOu4LwVO+nRiBr7xw6+o3paol2MljUPGl5k5YB0nQBGKDoKZ71gR"
  "9wNqFBExNsx7MW3cWwIDAQAB")




When I run amavisd testkeys
TESTING#1: default._domainkey.ngvemail.com   => invalid (public key: missing p= tag)


Running the fig command dig default._domainkey.ngvemail.com txt
;; QUESTION SECTION:
;default._domainkey.ngvemail.com. IN    TXT

;; ANSWER SECTION:
default._domainkey.ngvemail.com. 1799 IN TXT    "\"v=DKIM1\; k=rsa\; \" \"p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDJldKngdR9Ru5VQQndzLo+ktKbCNU7o6tfAhxtPu/11AVpyUl9dv7cS3+JENT6MmX2Gy5W7D82LScgktmxetuMJG6tlbd+DuAMdaZgAOu4LwVO+nRiBr7xw6+o3paol2MljUPGl5k5YB0nQBGKDoKZ71gR9wNqFBExNsx7MW3cWwIDAQAB\""



I cant figure out why amvisd testkey fails also when sending a email to my google account my keys dont match

Authentication-Results: mx.google.com;
dkim=neutral (no signature) header.i=@ngvemail.com


DKIM-Signature: v=1; a=rsa-sha256; d=ngvemail.com; h=mime-version
      :content-type:content-type:content-language:accept-language
      :message-id:subject:subject:date:date:from:from:received
      :received:received; s=default; t=1437694957; x=1439509358; bh=JF
      Ok6hXTeVAVMqjoOz689ONNsrR9+5T84DqNAyodRt0=; b=DuA5yXMMNYm9+Yx7nq
      n32ZW6QcZUSJUa7Fu+2tdb6gHUoHt32/3SLMSmSa6s/ix7xiebI29O1G4/QWixzV
      opqIaEzgr2sAaiRCmIg1e2Do32ME6D0bBZYYOuxhSrMI4zXaD7679u8ezBrMKqym
      rHkzi+rLkp++W1RRmGdpRC2t8=




My amavisd.conf setting i am using are below
dkim_key('ngvemail.com', 'default', '/var/db/dkim/ngvemail.com.pem');
@dkim_signature_options_bysender_maps = ( {
    "ngvemail.com"  => { d => "ngvemail.com", a => 'rsa-sha256', ttl => 21*24*3600, c => 'simple' },
    });
Eric ConstantineAsked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

Zephyr ICTCloud ArchitectCommented:
Is the DKIM string in your txt-record all on 1 line, not in multiple lines ... That can sometimes cause strange things to happen ... ?
0
Eric ConstantineAuthor Commented:
the dns dkim txt string we look up with dig is all on one line the and the amavisd showkeys
 command shows the key on multiply lines but i belive this is normal.
0
Zephyr ICTCloud ArchitectCommented:
Please take a look at 2. Syntax Error ... It seems like that is what you are experiencing ...
1

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
Eric ConstantineAuthor Commented:
Thanks this looks to of solved one issue I am now getting

below error with amavisd testkey
TESTING#1: default._domainkey.ngvemail.com   => invalid (public key: unsupported version)

gmail give me error
dkim=neutral (bad version) header.i=@ngvemail.com

dig show
dig +short default._domainkey.ngvemail.com. txt
"v=DKIM1 k=rsa p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDJldKngdR9Ru5VQQndzLo+ktKbCNU7o6tfAhxtPu/11AVpyUl9dv7cS3+JENT6MmX2Gy5W7D82LScgktmxetuMJG6tlbd+DuAMdaZgAOu4LwVO+nRiBr7xw6+o3paol2MljUPGl5k5YB0nQBGKDoKZ71gR9wNqFBExNsx7MW3cWwIDAQAB"

I am think the issue is that the dig show k=rsa in the dns key but when I do amavisd showkey it is now showing
default._domainkey.ngvemail.com.        3600 TXT (
  "v=DKIM1; p="
  "MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDJldKngdR9Ru5VQQndzLo+ktKb"
  "CNU7o6tfAhxtPu/11AVpyUl9dv7cS3+JENT6MmX2Gy5W7D82LScgktmxetuMJG6t"
  "lbd+DuAMdaZgAOu4LwVO+nRiBr7xw6+o3paol2MljUPGl5k5YB0nQBGKDoKZ71gR"
  "9wNqFBExNsx7MW3cWwIDAQAB")

Would appreciate any further thoughts before i get my dns provider to change the key again.
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Email Servers

From novice to tech pro — start learning today.

Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.