HowtoForge Forums | HowtoForge - Linux Howtos and Tutorials

HowtoForge Forums | HowtoForge - Linux Howtos and Tutorials (http://www.howtoforge.com/forums/index.php)
-   Installation/Configuration (http://www.howtoforge.com/forums/forumdisplay.php?f=27)
-   -   amavis dkim enable (http://www.howtoforge.com/forums/showthread.php?t=60819)

misterm 5th March 2013 08:39

amavis dkim enable
 
hello
Quote:

After a long fight i finally managed to get dkim signatures to work!
In fact this job is pretty simple:
After you generate the key file (in my case i had 3 key files for three different domains) use the showkeys command to display the key and create a TXT record in MyDns (just use the ISPConfig DNS Interface it will work), after that you have to wait for the changes to reflect on the internet.
I think 24 hours will be enough.

Here is how 50-user amanvisd conf file looks like:

#$enable_dkim_verification = 1;
$enable_dkim_signing = 1;
@dkim_signature_options_bysender_maps = (
{ '.' => { ttl => 21*24*3600, c => 'relaxed/simple' } } );
@mynetworks = qw(0.0.0.0/8 127.0.0.0/8 192.168.1.0/24 x.x.x.x/32);
dkim_key('mail.domain1.com', 'mail', '/var/db/dkim/domain1.com.key.pem');
dkim_key('mail.domain2.com', 'mail', '/var/db/dkim/domain3.com.key.pem');
dkim_key('mail.domain3.com', 'mail', '/var/db/dkim/domain3.com.key.pem');

Now lets cut this into pieces:

$enable_dkim_verification = 1;

I commented this out because i really dont need that amavisd to check the incoming mail for signatures because some useful mails might get spam flagged. If you really think that you will need this you can uncomment this line.

$enable_dkim_signing = 1;

This line enables dkim signing for outgoing mail.

@dkim_signature_options_bysender_maps = (
{ '.' => { ttl => 21*24*3600, c => 'relaxed/simple' } } );

This one sets some dkim signature properties like: hashing algorhitm and key's TTL. I recommend to leave this as it is unless you really know what you are doing.

Now the fun part is here:

@mynetworks = qw(0.0.0.0/8 127.0.0.0/8 192.168.1.0/24 1.2.3.4/32);

Here is a list of hosts that are allowed to send mails thru you mail server, in other words the trusted networks for which amavisd will sign the emails. You have to add here the ip classes/addresses from where you will send your emails. In my case all the emails are sent by The Webmail interface (which uses the loopback address 127.0.0.1/8) and a public ip address which belongs to my network's NAT Gateway (1.2.3.4/32 , Notice the /32 mask which indicates thats only one ip address and not the whole class /24). If you are using your gateway/router as mail server too you will onlu have to add private ip class which your router is serving on (ie: 192.168.1.0/24).

In my case the problem was that i have separate machines for the mail server and gateway and i didnt had a record for my gateway's ip address and amavisd refused to sign my emails.

Anyway now all its working like it should. The funny part is that the stupid Yahoo still marks my messages as spam but this is just matter of time until their spam filters will gather enough information and put my hosts on whitelist.

Hope this will help!
Cheers!


Later Edit: As i was saying some time ago... Yahoo was still marking my messages as spam. A few days ago i did another check, and... surprise... all of my messages got straight into Yahoo's Inbox. Thats so good news... so for those which are disapointed after setting up DKIM signs and the messages end in spam folder don't worry, its just a matter of time... so all you have to do is to wait.
Is that this tutorial is still relevant?
For the date of online.
Thank you for écalairer because I want to achieve for several areas, but it does not work, as I think.
Thank you for your help
MM

florix.net 12th August 2013 11:37

that worked ....
 
The server IP address was not present in mynetworks ..

I have added that and all outgoing mails are signed now ..

Thanks


All times are GMT +2. The time now is 12:14.

Powered by vBulletin® Version 3.8.7
Copyright ©2000 - 2014, vBulletin Solutions, Inc.