HowtoForge Forums | HowtoForge - Linux Howtos and Tutorials

HowtoForge Forums | HowtoForge - Linux Howtos and Tutorials (http://www.howtoforge.com/forums/index.php)
-   Installation/Configuration (http://www.howtoforge.com/forums/forumdisplay.php?f=27)
-   -   DKIM with amavisd-new installation problem (http://www.howtoforge.com/forums/showthread.php?t=46530)

Sinchan 13th June 2010 18:41

DKIM with amavisd-new installation problem
 
Hi all,
I have ISPConfig 3.0.2.1 on my debian lenny and now i want to implement domainkeys since all my email marked as ***SPAM*** when received from yahoo email.
I follow perfect debian guide. And in that guide say to install amavisd-new.
Then, now i'll try to follow DKIM FaqForge and IJS's DKIM, but in this DKIM guide thats say amavisd (not amavisd-new).

Since iam never found amavisd command and amavisd.conf, then i'll try like this :
1. Create keys :
Code:

# updatedb
# locate amavisd.conf
/usr/share/doc/amavisd-new/examples/amavisd.conf-default.gz
/usr/share/doc/amavisd-new/examples/amavisd.conf-sample.gz
# which amavisd
# which amavisd-new
/usr/sbin/amavisd-new

# mkdir /etc/amavis/dkim
# amavisd-new genrsa /etc/amavis/dkim/hidden-mydomain-com.key.pem
Private RSA key successfully written to file "/etc/amavis/dkim/hidden-mydomain-com.key.pem" (1024 bits, PEM format)

2. Insert domain keys and enable dkim in /etc/amavis/conf.d/50-user :
Code:

# vi /etc/amavis/conf.d/50-user
[...]
$inet_socket_port = [10024,10026,9998];
$enable_dkim_signing = 1;
dkim_key('mydomain.com', 'mail', '/etc/amavis/dkim/hidden-mydomain-com.key.pem');
$interface_policy{'10026'} = 'ORIGINATING';
$policy_bank{'ORIGINATING'} = {
  originating => 1,
  smtpd_discard_ehlo_keywords => ['8BITMIME'],
};
[...]

3. Restart amavis and postfix service
Code:

# /etc/init.d/amavis restart
Stopping amavisd: amavisd-new.
Starting amavisd: amavisd-new.
unicorn:~# /etc/init.d/postfix reload
Reloading Postfix configuration...done.

4. Show keys and add to TXT DNS Records :
Code:

# amavisd-new showkeys
mail._domainkey.mydomain.com.        3600 TXT (
  "v=DKIM1; p="
  "abcdefg"
  "hijklmn"
  "opqrstu"
  "vwxyz")

In ISPConfig dns, iam insert txt record :
Code:

Hostname : mail._domainkey.mydomain.com.
Text : v=DKIM1; p=abcdefghijklmnopqrstuvwxyz

5. Test keys :
Code:

# amavisd-new testkeys
TESTING: mail._domainkey.mydomain.com => invalid (public key: not available)

Any suggestions about this problem please ?
notes : i already have PTR and SPF record before

admins 14th June 2010 09:07

Remove DKIM, remove SPF and correct your envirement.
After this work yahoo don't mark you as spam?

Did you checked your IPs in blacklist?

admins

Sinchan 14th June 2010 17:08

Quote:

Originally Posted by admins (Post 231112)
Remove DKIM, remove SPF and correct your envirement.
After this work yahoo don't mark you as spam?

Hi Admins, thanks for your reply.
Before I tried using DKIM, I just rely on PTR records.
I try to send email from my google account, and can be received properly without any spam headers. But when sending emails from yahoo accounts, received email deemed as spam.
Then I tried to add the SPF record "v = spf1 a mx -all", but the results obtained from the same as before. Because of this problem, I try DKIM implementation.
And what do you mean with correct my environment? can you more specify with more detail please?

Quote:

Originally Posted by admins (Post 231112)
Did you checked your IPs in blacklist?

admins

Yeah, I've checked the server IP address from this website, and the results is clean.

I wish to ask you, why do you suggest for not using DKIM? Is this not a good method to solve this problem?

admins 14th June 2010 17:20

DKIM is not good, spf is old and not effective.

1. Send a mail to trash (at) mailcarrier(dot)ch so I could check your header and see why you are tagged as spam

Check following:
1. correct A-Record with the name in your domain for your server
2. check if you've a correct PTR-Record
3. delete spf entries
4. delete dkim entries
5. restart services
6. send the mail authentificated
7. Enable the port 587 and use it instead of port 25

send now the mail

admins

Sinchan 14th June 2010 18:32

hi admins,
thanks again for your reply ..
I've sent two emails.
first, forward ***spam*** messages from my yahoo account, and second, send email from my email client using submission port.
i look forward for your reply and many thanks ;)

admins 15th June 2010 18:47

now your PTR (Reverse DNS) is active...

Sinchan 16th June 2010 04:58

last night i'd try sending email from my Yahoo! account but still no luck :mad:
I was sent my second email a few minutes ago. Plz check it out and many thanks for your helps. :)


All times are GMT +2. The time now is 13:16.

Powered by vBulletin® Version 3.8.7
Copyright ©2000 - 2014, vBulletin Solutions, Inc.