DKIM seems to be working but I get " dkim=temperror (no key for signature) "

DKIM with Postfix on Ubuntu 20.04

part of the e-mail header as it arrives at my google mail account:

ARC-Authentication-Results: i=1; mx.google.com;
       dkim=temperror (no key for signature) [email protected] header.s=smtpmail header.b=MdGUxaPe;
       spf=pass (google.com: best guess record for domain of [email protected] designates 147.182.132.193 as permitted sender) [email protected];
       dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=rapidseohost.com
Return-Path: <[email protected]>
Received: from smtpmail.rapidseohost.com (smtpmail.rapidseohost.com. [147.182.132.193])
        by mx.google.com with ESMTPS id k13si244481qvc.109.2021.06.23.15.53.37
        for <[email protected]>
        (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);
        Wed, 23 Jun 2021 15:53:37 -0700 (PDT)
Received-SPF: pass (google.com: best guess record for domain of [email protected] designates 147.182.132.193 as permitted sender) client-ip=147.182.132.193;
Authentication-Results: mx.google.com;
       dkim=temperror (no key for signature) [email protected] header.s=smtpmail header.b=MdGUxaPe;
       spf=pass (google.com: best guess record for domain of [email protected] designates 147.182.132.193 as permitted sender) [email protected];
       dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=rapidseohost.com
Received: by smtpmail.rapidseohost.com (Postfix, from userid 0) id 4ED14FC3C0; Wed, 23 Jun 2021 22:53:37 +0000 (UTC)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=smtpmail.rapidseohost.com; s=smtpmail; t=1624488817; bh=WBggpZrfs7F0OzQkyE7LiZPHyfFFhl7N4CNav2f5YVw=; h=Subject:To:Date:From:From; b=MdGUxaPeNiXZrtSo91A2YQ/jZJPIAM6O9y+BBSS1vE51CIyZAR294V5Xpv2L3inK+
     66ocOYtKX27jE215AP5O71pHyCvy6HFC8bIDZ7s2MMAFlhywdQYXxvtAZ5hsbwllrA
     BHvG6gof1Ev33c8mLlArlt7Xcm3ra2oaAU6txHGk=

I thought it was a subdomain issue so I tried two different selector records. I have DKIM TXT records in my DNS for both:

  • smtpmail._domainkey.rapidseohost.com
  • smtpmail._domainkey.smtp.rapidseohost.com

Both have the same DKIM value.

I also have a DKIM record for gmail suite with google selector which works just fine:

  • google._domainkey.rapidseohost.com

Would appreciate help with this.


Solution 1:

The Return-Path: header references your sending envelope address ending in @smtpmail.rapidseohost.com and your host is called smtpmail.rapidseohost.com, that is different form smtp.rapidseohost.com.

Change the sending address, or add the records for that subdomain.