[clug] Debugging mail delivery issues

Scott Ferguson scott.ferguson.clug at gmail.com
Fri Apr 19 07:32:42 UTC 2019

On 4/19/19 1:53 PM, jm via linux wrote:
> On 19/4/19 10:30, Scott Ferguson via linux wrote:
>> You don't 'need' DMARC, but you 'should' have DKIM - which you don't.
>> Hence your problems with mimecast.com, I'm surprised you haven't had
>> problems with runbox or gmx also.
> Added DKIM as you suggested. Is there a service out there I can email
> and get a report it's working?

You can read the header for the 's' value, or using the Thunderbird
plugin mentioned further down i.e. send yourself an email and check the
results. I can't check the DKIM in the original email you sent the list,
the list's DKIM checks, and the header showed that the body hash in your
original post failed.

But plenty of other ways.

Online tools:-
I found the free account at mxtoolbox useful when setting up DKIM, SPF,
and DMARC the first time:- https://mxtoolbox.com/Public/Login.aspx

Linux tools:-
dig default._domainkey.ghostgum.com TXT (assuming you followed the guide
and created a "default" key instead of a "google" key, substitute google
instead otherwise). NOTE: that the result indicates your DKIM is *not*
set... compare the output to:-
dig google._domainkey.scottferguson.com.au TXT

Thunderbird plugin:-
There is also one called "ThunderSec", which used to be good, but is not
supported in the version of Thunderbird running on my Debian workbox.

> mxtoolbox reports a valid DNS record. Emailing myself shows the email is
> signed. So, fingers cross it's all correct.

I hope you find the fix easy, it took me a few hours to get my head
around it the first time.


