#1  
Old 25th April 2007, 19:56
ndorphine ndorphine is offline
Junior Member
 
Join Date: Apr 2007
Posts: 1
Thanks: 0
Thanked 0 Times in 0 Posts
Default Domainkey Configuration

Hi,
For the past couple of days I've been trying in vain to setup domainkey filtering with postfix. I've followed the tutorial at http://www.howtoforge.com/postfix_dk...implementation and have been through john longs (http://jason.long.name/dkfilter/) example numerous times but my mails simply aren't being signed. In my postfix log I get the following

Code:
Apr 25 17:34:53 stgsrv postfix/smtpd[7392]: connect from localhost.localdomain[127.0.0.1]
Apr 25 17:34:53 stgsrv postfix/smtpd[7389]: NOQUEUE: client=localhost.localdomain[127.0.0.1]
Apr 25 17:34:53 stgsrv postfix/smtpd[7392]: 3843F9C451: client=localhost.localdomain[127.0.0.1]
Apr 25 17:34:53 stgsrv dkfilter.in[29557]: DomainKeys verification - neutral (no signature; no policy for MYDOMAIN.com);
The mails get sent t but without being signed.
I've followed both examples closely and read around fairly extensively, This is driving me nuts.

my master.cf looks like this
Code:
smtp      inet  n       -       n       -       -       smtpd
        -o smtpd_proxy_filter=127.0.0.1:10025
        -o smtpd_client_connection_count_limit=10
127.0.0.1:10026 inet n  -       n       -        -      smtpd
    -o smtpd_authorized_xforward_hosts=127.0.0.0/8
    -o smtpd_client_restrictions=
    -o smtpd_helo_restrictions=
    -o smtpd_sender_restrictions=
    -o smtpd_recipient_restrictions=permit_mynetworks,reject
    -o smtpd_data_restrictions=
    -o mynetworks=127.0.0.0/8
    -o receive_override_options=no_unknown_recipient_checks
pickup    fifo  n       -       n       60      1       pickup
        -o content_filter=dksign:127.0.0.1:10027
for inbound filter and like this
Code:
submission  inet  n     -       n       -       -       smtpd
    -o smtpd_etrn_restrictions=reject
    -o smtpd_sasl_auth_enable=yes
    -o content_filter=dksign:[127.0.0.1]:10027
    -o receive_override_options=no_address_mappings
    -o smtpd_recipient_restrictions=permit_mynetworks,permit_sasl_authenticated,reject

#
# specify the location of the DomainKeys signing filter
#
dksign    unix  -       -       n       -       10      smtp
    -o smtp_send_xforward_command=yes
    -o smtp_discard_ehlo_keywords=8bitmime

#
# service for accepting messages FROM the DomainKeys signing filter
#
127.0.0.1:10028 inet  n  -      n       -       10      smtpd
    -o smtpd_use_tls=no
    -o content_filter=
    -o receive_override_options=no_unknown_recipient_checks,no_header_body_checks
    -o smtpd_helo_restrictions=
    -o smtpd_client_restrictions=
    -o smtpd_sender_restrictions=
    -o smtpd_recipient_restrictions=permit_mynetworks,reject
    -o mynetworks=127.0.0.0/8
    -o smtpd_authorized_xforward_hosts=127.0.0.0/8
For the outbound filter

All the mails are generated by a Rails app on the localhost.
Fedora Core 6
Postfix 2.4
dkfilter 0.11

If there's another surefire way to sign with domainkeys let me know
Reply With Quote
Sponsored Links
  #2  
Old 29th December 2008, 01:44
ethanlifka ethanlifka is offline
Junior Member
 
Join Date: Aug 2008
Posts: 29
Thanks: 0
Thanked 6 Times in 4 Posts
Default same issue

I too am having the same problem, but I did get the policy to verify.

for the policy make sure you have a TXT entry in your dns for the policy with your TXT entry for the key.

e.g.
_domainkey.yourdomain.com IN TXT "t=y; o=~; n=http://www.mydomain.com/contact.html"

restart dns then wait for dns to update.

you can check it locally
# dig _domain.yourdomain.com TXT

Remote CMD check
nslookup
> set type=txt
> _domain.yourdomain.com

but I still get a "no signature" even though my key is verified and pass, but yahoo " DomainKeys verification - neutral (no signature; domain testing);"

Last edited by ethanlifka; 29th December 2008 at 01:46. Reason: new
Reply With Quote
  #3  
Old 2nd January 2009, 05:06
ethanlifka ethanlifka is offline
Junior Member
 
Join Date: Aug 2008
Posts: 29
Thanks: 0
Thanked 6 Times in 4 Posts
Default Solved my issue.

I missed the part about port 587. In order to have email signed you need to change the outbound port from 25(default) to 587. In Outlook I went to my account properties Advanced Tab. (for each account). I now that it can be a hassel to have all you clients change this in outlook, but domainkeys cannot sign and verify on the same port. In Webmail I changed the smtp.class.php and phpmailer.class.php to use port 587 instead of 25. This important if your users will be using your server side email programs such as talaen or squirrelmail. My classes for talaen were in /webmail/inc/.

Although I recently changed from dkfilter to DKIM and still holds true for DKIM.
Reply With Quote
Reply

Bookmarks

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump

Similar Threads
Thread Thread Starter Forum Replies Last Post
Loading configuration file lance Kernel Questions 2 28th February 2007 21:40
problem in cpan configuration reply me Urgent faiqmahmoodch Installation/Configuration 1 27th August 2006 17:58
Postfix Installation and Configuration akomaoako2k Installation/Configuration 1 31st July 2006 10:08
ispconfig and mambo shajazzi Installation/Configuration 70 28th March 2006 20:29
ISPConfig pop3 problem mphayesuk General 21 31st October 2005 11:53


All times are GMT +2. The time now is 09:10.


Powered by vBulletin® Version 3.8.7
Copyright ©2000 - 2014, vBulletin Solutions, Inc.