Go Back   HowtoForge Forums | HowtoForge - Linux Howtos and Tutorials > ISPConfig 3 > Installation/Configuration

Do you like HowtoForge? Please consider supporting us by becoming a subscriber.
Reply
 
Thread Tools Display Modes
  #11  
Old 21st March 2010, 06:17
esmiz esmiz is offline
Member
 
Join Date: Dec 2009
Posts: 44
Thanks: 4
Thanked 3 Times in 3 Posts
Default

Hi Ciprianflorea

Do you know if that method is 100% reliable?
Please don misunderstand me. I know that it works, but I would be more confident using it, if you can guarantee it's harmless.

regards
Reply With Quote
Sponsored Links
  #12  
Old 21st March 2010, 09:57
ciprianflorea ciprianflorea is offline
Junior Member
 
Join Date: Nov 2009
Posts: 23
Thanks: 1
Thanked 5 Times in 3 Posts
Default

Quote:
Originally Posted by esmiz View Post
Hi Ciprianflorea

Do you know if that method is 100% reliable?
Please don misunderstand me. I know that it works, but I would be more confident using it, if you can guarantee it's harmless.

regards
Hi mate,

using DKIM_ALWAYS is very safe because your smtp server relies on authenticated users. Although my_networks part is a strict declaration of allowed hosts/networks dkim_always allow email signing only for authenticated users which is very reliable for remote users and clients who have a dynamic ip address.

I have dkim_always on three of my servers and its all good.
Reply With Quote
  #13  
Old 21st March 2010, 19:06
esmiz esmiz is offline
Member
 
Join Date: Dec 2009
Posts: 44
Thanks: 4
Thanked 3 Times in 3 Posts
Default

Thanks for your explanation.

I asked that question here but I didn't get an answer.

I couldn't find any mention about this method in the official amavisd-new docs, that's why I suspected it was not advisable.

Regards
Reply With Quote
  #14  
Old 28th April 2010, 23:52
binaryrogue binaryrogue is offline
Member
 
Join Date: Apr 2008
Posts: 89
Thanks: 5
Thanked 0 Times in 0 Posts
Default

ciprianflorea - In your screenshot, it shows the "Hostname" as mail._domainkey.mail.etc.., When I try to put mine in, it says hostname was not valid.

Was your screenshot exactly the way how you impliment your DKIM entries?
http://img692.yfrog.com/img692/4725/dkiml.jpg
Reply With Quote
  #15  
Old 22nd August 2010, 17:47
ciprianflorea ciprianflorea is offline
Junior Member
 
Join Date: Nov 2009
Posts: 23
Thanks: 1
Thanked 5 Times in 3 Posts
Default

Quote:
Originally Posted by binaryrogue View Post
ciprianflorea - In your screenshot, it shows the "Hostname" as mail._domainkey.mail.etc.., When I try to put mine in, it says hostname was not valid.

Was your screenshot exactly the way how you impliment your DKIM entries?
http://img692.yfrog.com/img692/4725/dkiml.jpg
Its about how you declare the key in amavisd conf file

ie:

for:
dkim_key('mail.xxx.com, 'mail', '/var/db/dkim/xxx.com.key.pem');


the dns entry will be:

mail._domainkey.mail.xxx.com.
Reply With Quote
  #16  
Old 15th September 2010, 16:46
rare rare is offline
Junior Member
 
Join Date: May 2007
Posts: 12
Thanks: 0
Thanked 1 Time in 1 Post
Send a message via Skype™ to rare
Default

Hi,

can anybody that succeded in setting amavisd to sign outgoing mail with dkim send me conf files for postfix (main.cf and master.cs).

We tried something with dkim-milter so there is many config lines, I am not sure which one is for what, probably because of that we can achieve dkim signing using amavisd.

Dns settings are ok, there is an record, and amavisd is configured according to this forum thread, but it is still not working.

There are some settings:
Code:
$ dig -t TXT foo._domainkey.odmorise.info
foo._domainkey.odmorise.info. 86400 IN  TXT     "v=DKIM1\;p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQC/r50PSUTLQLdqjEoHaK/K8FJIcunp93vEdw5HbBJPwwZDWQfWHRJ0ato6VTcwUU+fvpGJDSKaLFcgtFmWpSybLOoM/CovTpPz/sWbQ2LsEGthAA0gmJVsWfbI7ewCYHHTRdH7UKdBc1tVDQnBZpo5Ttltig0+a5dRQwFexrdxSwIDAQAB"
Code:
$ tail /etc/amavisdamavisd.conf                                                                                                                              
dkim_key('odmorise.info', 'foo', '/var/db/dkim/odmorise-foo.key.pem');
@dkim_signature_options_bysender_maps = (
    { '.' => { ttl => 21*24*3600, c => 'relaxed/simple' } } );
$interface_policy{'10024'} = 'DKIM_ALWAYS';
$policy_bank{'DKIM_ALWAYS'} = { originating => 1, };
#@mynetworks = qw(0.0.0.0/8 127.0.0.0/8 188.40.93.84/32);  # list your internal networks                                                                                         
#$enable_dkim_verification = 1;                                                                                                                                                  
$enable_dkim_signing = 1;
Code:
$ tail -f /etc/postfix/main.cf

#smtpd_milters = inet:188.40.93.84:10035
#non_smtpd_milters = inet:188.40.93.84:10035
Code:
$ tail -f /etc/postfix/master.cf -n 100
#  ${nexthop} ${user}

amavis unix - - - - 2 smtp
        -o smtp_data_done_timeout=1200
        -o smtp_send_xforward_command=yes

127.0.0.1:10025 inet n - - - - smtpd
        -o content_filter=
        -o local_recipient_maps=
        -o relay_recipient_maps=
        -o smtpd_restriction_classes=
        -o smtpd_client_restrictions=
        -o smtpd_helo_restrictions=
        -o smtpd_sender_restrictions=
        -o smtpd_recipient_restrictions=permit_mynetworks,reject
        -o mynetworks=127.0.0.0/8
        -o strict_rfc821_envelopes=yes
        -o receive_override_options=no_unknown_recipient_checks,no_header_body_checks
        -o smtpd_bind_address=127.0.0.1


smtp      inet  n       -       n       -       -       smtpd
    -o smtpd_proxy_filter=127.0.0.1:10025
    -o smtpd_client_connection_count_limit=10
.... and many more lines like this
I am not sure how it should be set

Thanks for help in advance
__________________
My world of web design.http://www.napravisajt.com/.
Reply With Quote
  #17  
Old 7th September 2012, 17:35
Wisdown Wisdown is offline
Member
 
Join Date: Aug 2012
Posts: 82
Thanks: 7
Thanked 2 Times in 2 Posts
 
Default

I know the topic is old, but...

You guys got Domainkeys working with this setup?

I did all steps (http://www.faqforge.com/linux/how-to...d-ispconfig-3/) , and then sended an mail to:

check-auth@verifier.port25.com

For check, and got this as result:

================================================== ========
Summary of Results
================================================== ========
SPF check: pass
DomainKeys check: neutral
DKIM check: pass
Sender-ID check: pass
SpamAssassin check: ham

Seems i missed something, or need more steps to get DomainKeys working too.
Someone have an guide for this extra steps?
Reply With Quote
Reply

Bookmarks

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump

Similar Threads
Thread Thread Starter Forum Replies Last Post
Strange email problem for one of my domains... any help appreciated paulrobert_a Installation/Configuration 5 9th August 2010 14:15
Can't make it work. DKIM with Sendmail fail (signature doesn't verify) ethic Server Operation 0 15th May 2009 00:52
postfix mysql on fedora core5 igongora Installation/Configuration 7 17th April 2007 04:40
CLAMAV & amavis updating problem herbie Server Operation 0 15th February 2007 23:03
SMTP TLS Problem with Mail Client dschmid Installation/Configuration 1 9th December 2005 01:56


All times are GMT +2. The time now is 12:24.


Powered by vBulletin® Version 3.8.7
Copyright ©2000 - 2014, vBulletin Solutions, Inc.