HowtoForge Forums | HowtoForge - Linux Howtos and Tutorials

HowtoForge Forums | HowtoForge - Linux Howtos and Tutorials (
-   Installation/Configuration (
-   -   Domainkey Configuration (

ndorphine 25th April 2007 19:56

Domainkey Configuration
For the past couple of days I've been trying in vain to setup domainkey filtering with postfix. I've followed the tutorial at and have been through john longs ( example numerous times but my mails simply aren't being signed. In my postfix log I get the following


Apr 25 17:34:53 stgsrv postfix/smtpd[7392]: connect from localhost.localdomain[]
Apr 25 17:34:53 stgsrv postfix/smtpd[7389]: NOQUEUE: client=localhost.localdomain[]
Apr 25 17:34:53 stgsrv postfix/smtpd[7392]: 3843F9C451: client=localhost.localdomain[]
Apr 25 17:34:53 stgsrv[29557]: DomainKeys verification - neutral (no signature; no policy for;

The mails get sent t but without being signed.
I've followed both examples closely and read around fairly extensively, This is driving me nuts.

my looks like this

smtp      inet  n      -      n      -      -      smtpd
        -o smtpd_proxy_filter=
        -o smtpd_client_connection_count_limit=10 inet n  -      n      -        -      smtpd
    -o smtpd_authorized_xforward_hosts=
    -o smtpd_client_restrictions=
    -o smtpd_helo_restrictions=
    -o smtpd_sender_restrictions=
    -o smtpd_recipient_restrictions=permit_mynetworks,reject
    -o smtpd_data_restrictions=
    -o mynetworks=
    -o receive_override_options=no_unknown_recipient_checks
pickup    fifo  n      -      n      60      1      pickup
        -o content_filter=dksign:

for inbound filter and like this

submission  inet  n    -      n      -      -      smtpd
    -o smtpd_etrn_restrictions=reject
    -o smtpd_sasl_auth_enable=yes
    -o content_filter=dksign:[]:10027
    -o receive_override_options=no_address_mappings
    -o smtpd_recipient_restrictions=permit_mynetworks,permit_sasl_authenticated,reject

# specify the location of the DomainKeys signing filter
dksign    unix  -      -      n      -      10      smtp
    -o smtp_send_xforward_command=yes
    -o smtp_discard_ehlo_keywords=8bitmime

# service for accepting messages FROM the DomainKeys signing filter
# inet  n  -      n      -      10      smtpd
    -o smtpd_use_tls=no
    -o content_filter=
    -o receive_override_options=no_unknown_recipient_checks,no_header_body_checks
    -o smtpd_helo_restrictions=
    -o smtpd_client_restrictions=
    -o smtpd_sender_restrictions=
    -o smtpd_recipient_restrictions=permit_mynetworks,reject
    -o mynetworks=
    -o smtpd_authorized_xforward_hosts=

For the outbound filter

All the mails are generated by a Rails app on the localhost.
Fedora Core 6
Postfix 2.4
dkfilter 0.11

If there's another surefire way to sign with domainkeys let me know :)

ethanlifka 29th December 2008 01:44

same issue
I too am having the same problem, but I did get the policy to verify.

for the policy make sure you have a TXT entry in your dns for the policy with your TXT entry for the key.

e.g. IN TXT "t=y; o=~; n="

restart dns then wait for dns to update.

you can check it locally
# dig TXT

Remote CMD check
> set type=txt

but I still get a "no signature" even though my key is verified and pass, but yahoo " DomainKeys verification - neutral (no signature; domain testing);"

ethanlifka 2nd January 2009 05:06

Solved my issue.
I missed the part about port 587. In order to have email signed you need to change the outbound port from 25(default) to 587. In Outlook I went to my account properties Advanced Tab. (for each account). I now that it can be a hassel to have all you clients change this in outlook, but domainkeys cannot sign and verify on the same port. In Webmail I changed the smtp.class.php and phpmailer.class.php to use port 587 instead of 25. This important if your users will be using your server side email programs such as talaen or squirrelmail. My classes for talaen were in /webmail/inc/.

Although I recently changed from dkfilter to DKIM and still holds true for DKIM.

All times are GMT +2. The time now is 01:23.

Powered by vBulletin® Version 3.8.7
Copyright ©2000 - 2014, vBulletin Solutions, Inc.