#1  
Old 5th March 2013, 08:39
misterm misterm is offline
Senior Member
 
Join Date: Aug 2005
Posts: 515
Thanks: 13
Thanked 7 Times in 6 Posts
Question amavis dkim enable

hello
Quote:
After a long fight i finally managed to get dkim signatures to work!
In fact this job is pretty simple:
After you generate the key file (in my case i had 3 key files for three different domains) use the showkeys command to display the key and create a TXT record in MyDns (just use the ISPConfig DNS Interface it will work), after that you have to wait for the changes to reflect on the internet.
I think 24 hours will be enough.

Here is how 50-user amanvisd conf file looks like:

#$enable_dkim_verification = 1;
$enable_dkim_signing = 1;
@dkim_signature_options_bysender_maps = (
{ '.' => { ttl => 21*24*3600, c => 'relaxed/simple' } } );
@mynetworks = qw(0.0.0.0/8 127.0.0.0/8 192.168.1.0/24 x.x.x.x/32);
dkim_key('mail.domain1.com', 'mail', '/var/db/dkim/domain1.com.key.pem');
dkim_key('mail.domain2.com', 'mail', '/var/db/dkim/domain3.com.key.pem');
dkim_key('mail.domain3.com', 'mail', '/var/db/dkim/domain3.com.key.pem');

Now lets cut this into pieces:

$enable_dkim_verification = 1;

I commented this out because i really dont need that amavisd to check the incoming mail for signatures because some useful mails might get spam flagged. If you really think that you will need this you can uncomment this line.

$enable_dkim_signing = 1;

This line enables dkim signing for outgoing mail.

@dkim_signature_options_bysender_maps = (
{ '.' => { ttl => 21*24*3600, c => 'relaxed/simple' } } );

This one sets some dkim signature properties like: hashing algorhitm and key's TTL. I recommend to leave this as it is unless you really know what you are doing.

Now the fun part is here:

@mynetworks = qw(0.0.0.0/8 127.0.0.0/8 192.168.1.0/24 1.2.3.4/32);

Here is a list of hosts that are allowed to send mails thru you mail server, in other words the trusted networks for which amavisd will sign the emails. You have to add here the ip classes/addresses from where you will send your emails. In my case all the emails are sent by The Webmail interface (which uses the loopback address 127.0.0.1/8) and a public ip address which belongs to my network's NAT Gateway (1.2.3.4/32 , Notice the /32 mask which indicates thats only one ip address and not the whole class /24). If you are using your gateway/router as mail server too you will onlu have to add private ip class which your router is serving on (ie: 192.168.1.0/24).

In my case the problem was that i have separate machines for the mail server and gateway and i didnt had a record for my gateway's ip address and amavisd refused to sign my emails.

Anyway now all its working like it should. The funny part is that the stupid Yahoo still marks my messages as spam but this is just matter of time until their spam filters will gather enough information and put my hosts on whitelist.

Hope this will help!
Cheers!


Later Edit: As i was saying some time ago... Yahoo was still marking my messages as spam. A few days ago i did another check, and... surprise... all of my messages got straight into Yahoo's Inbox. Thats so good news... so for those which are disapointed after setting up DKIM signs and the messages end in spam folder don't worry, its just a matter of time... so all you have to do is to wait.
Is that this tutorial is still relevant?
For the date of online.
Thank you for écalairer because I want to achieve for several areas, but it does not work, as I think.
Thank you for your help
MM
Reply With Quote
Sponsored Links
  #2  
Old 12th August 2013, 11:37
florix.net florix.net is offline
Member
 
Join Date: Oct 2010
Posts: 42
Thanks: 4
Thanked 1 Time in 1 Post
 
Default that worked ....

The server IP address was not present in mynetworks ..

I have added that and all outgoing mails are signed now ..

Thanks
Reply With Quote
Reply

Bookmarks

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump

Similar Threads
Thread Thread Starter Forum Replies Last Post
amavis dkim problem ciprianflorea Installation/Configuration 16 7th September 2012 17:35
how to enable logging for amavis Ovidiu General 2 13th November 2009 16:06
Installation -- pcre_exec.c:403: internal compiler error: Segmentation fault zerman Installation/Configuration 2 23rd September 2008 23:58
PHP install problem SgtM Installation/Configuration 6 7th April 2007 17:45
ERROR: The PHP binary coming with ISPConfig does not work properly on your system! micko_escalade Installation/Configuration 35 30th March 2007 11:31


All times are GMT +2. The time now is 01:31.


Powered by vBulletin® Version 3.8.7
Copyright ©2000 - 2014, vBulletin Solutions, Inc.