Description
This article describes that the DKIM key must be generated on FortiMail, which then provides a file containing a preconfigured DNS TXT record available for download. However, it is not possible to modify any parameters related to the DKIM key generation process. Since most DNS solutions enforce a 255-character limit per line, FortiMail allows the download of the DKIM record in a multi-string format to accommodate this limitation.
Example of downloaded file:
test._domainkey IN TXT ("t=y; k=rsa; p=" "MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvH83XJcrIv8PRDkmCDh0kq5SyCeo7U3UTsLEP
zjOxU/tHojPZ3av/5JNRGVwuEppzXUI0DE+q+qUgpiICXqbbdZpurVz9qPEfyikWpuDxeSmJb5ioUap4OenHOFEM+/UV42B7DCrytXgo+o5btV0sn0eoquR""VK4Hzuixw+uQTuzRlGnBqv0FbUgVBJwYSX9DZdlGjvvmJ
f93rZaLhnXzPVUc+PH5JndZkPi6ScM+ZYkaspcCXC5VY1+ZRd16HO1hSgyrE7ciLfiZ9T3oXsNu92
DLX22+oj+k0v5Io7t63IgpyKc3TI9hQL7oNy07MKdGrNRsDOMWgEBguvP1Qa+2QwIDAQAB")
zjOxU/tHojPZ3av/5JNRGVwuEppzXUI0DE+q+qUgpiICXqbbdZpurVz9qPEfyikWpuDxeSmJb5ioUap4OenHOFEM+/UV42B7DCrytXgo+o5btV0sn0eoquR""VK4Hzuixw+uQTuzRlGnBqv0FbUgVBJwYSX9DZdlGjvvmJ
f93rZaLhnXzPVUc+PH5JndZkPi6ScM+ZYkaspcCXC5VY1+ZRd16HO1hSgyrE7ciLfiZ9T3oXsNu92
DLX22+oj+k0v5Io7t63IgpyKc3TI9hQL7oNy07MKdGrNRsDOMWgEBguvP1Qa+2QwIDAQAB")
Consult the FortiMail Admin Guide: FortiMail for more information about DKIM configuration.
In some cases, the DNS TXT record does not work when inserted into the DNS server. With some online validating tools, errors for this DNS TXT record can be seen, for example, 'This is not a good DKIM key record'.
In some cases, the DNS TXT record does not work when inserted into the DNS server. With some online validating tools, errors for this DNS TXT record can be seen, for example, 'This is not a good DKIM key record'.
Scope
FortiMail.
Solution
The maximum single string length of a TXT record is limited to 255 bytes. If the string of a TXT record is longer, then the TXT record will not be valid.
As defined in RFC1035, a DNS TXT record can be composed of more than one string. FortiMail creates the DKIM key exactly in this way. The TXT record consists of several string parts enclosed in parentheses, effectively making the TXT record longer than 255 bytes.
This is a description in RFC 4408.
To fix the issue, the proper configuration has to be done on the DNS server side.
For DNS solutions that support TXT lines longer than 255 bytes, download and import the single-string format file:
As defined in RFC1035, a DNS TXT record can be composed of more than one string. FortiMail creates the DKIM key exactly in this way. The TXT record consists of several string parts enclosed in parentheses, effectively making the TXT record longer than 255 bytes.
This is a description in RFC 4408.
To fix the issue, the proper configuration has to be done on the DNS server side.
For DNS solutions that support TXT lines longer than 255 bytes, download and import the single-string format file:
