I just installed opendkim on my Slackware box running sendmail. I created the public and private keys, started the opendkim process, and
put the public key in my DNS, and added the filter line in my sendmail.mc. Testing it with dkimvalidator.com, I see that a DKIM header is created; but it has a bad RSA signature.

I'm at a loss as to how to troubleshoot this; the very nature of cryptographic hashes dictates that there's no such thing as "almost working". Either everything is right, or it isn't. If it isn't then the hash will be totally different.

All I can guess is that there's some kind of rewriting happening after the DKIM signature is created. Can anybody supply a clue? Maybe some common sendmail option?

Fixed. It turned out that my public key was wrong. I found it with...

https://dkimvalidator.com

This website gives you a random-ish email address. You go to your mailer and send an email to this address. Then click, and it gives you a voluminous report about the DKIM and SPF characteristics of the email and your
domain.

I copied the public key into a file on my server. Then copied the "key" part of the key file into another file. Then compared the files, first with diff, then by loading them both into a text editor and bouncing back & forth between them. Strangely, the first several characters were the same, and the last several characters also the same. But characters in the middle were different.

I updated the public key in my DNS and all was well.

1 members found this post helpful.

I now have working DKIM, SPF, DMARC & TLS. So I should have good deliverability. At least until the Gods of Email figure out more stuff to throw at me .