Go Back   HowtoForge Forums | HowtoForge - Linux Howtos and Tutorials > ISPConfig 3 > Installation/Configuration

Do you like HowtoForge? Please consider supporting us by becoming a subscriber.
Reply
 
Thread Tools Display Modes
  #1  
Old 15th August 2010, 11:00
pawan pawan is offline
Senior Member
 
Join Date: Jul 2010
Posts: 222
Thanks: 44
Thanked 6 Times in 6 Posts
Default how to check that my outgoing mails are DKIM Signed.

I have generated the private key.

edited the DNS suitably.

amavisd-new testkeys passed.

I have also restarted amavisd.

But mail sent to yahoo address -
Code:
domainkeys=neutral (no sig); from=example.com; dkim=neutral (no sig)
Please help me check that the domain keys are signed or how to troubleshoot the same.

Last edited by pawan; 15th August 2010 at 12:13.
Reply With Quote
Sponsored Links
  #2  
Old 16th August 2010, 17:12
Mark_NL Mark_NL is offline
Senior Member
 
Join Date: Sep 2008
Location: The Netherlands
Posts: 912
Thanks: 12
Thanked 100 Times in 96 Posts
Default

If you sign through amavisd, you might be able to use this..

I've added this to my /etc/amavis/conf.d/50-user:
Code:
# DKiM check
$enable_dkim_verification = 1;
$enable_dkim_signing = 1;
dkim_key('domain.tld', 'default', '/etc/amavis/dkimpriv.key');
@dkim_signature_options_bysender_maps = (
    { '.' => { ttl => 21*24*3600, c => 'relaxed/simple' } } );
@mynetworks = qw(0.0.0.0/8 127.0.0.0/8 192.168.0.0/16);
Reply With Quote
  #3  
Old 16th August 2010, 22:40
pawan pawan is offline
Senior Member
 
Join Date: Jul 2010
Posts: 222
Thanks: 44
Thanked 6 Times in 6 Posts
Default how to check that my outgoing mails are DKIM Signed.

Dear Mark_NL
Thanks so much for your reply.

Please take a look and tell me what I am doing wrong.

My code in /etc/amavis/conf.d/50-user file look like this.

Code:
#$enable_dkim_verification = 1;
$enable_dkim_signing = 1;
@dkim_signature_options_bysender_maps = (
{ '.' => { ttl => 21*24*3600, c => 'relaxed/simple' } } );
#@mynetworks = qw(0.0.0.0/8 127.0.0.0/8 192.168.0.1/24 59.90.144.48/32);
$interface_policy{'10024'} = 'DKIM_ALWAYS'; 
$policy_bank{'DKIM_ALWAYS'} = { originating => 1, };
dkim_key('mail.mywebhostings.biz', 'mail', '/var/db/dkim/mywebhostings.biz.key.pem');
dkim_key('mail.mywebsolutions.co.in', 'mail', '/var/db/dkim/mywebsolutions.co.in.key.pem');
is it ok. or do I need to change the code. as the command
Code:
pawan@server1:~$ sudo amavisd-new testkeys
TESTING#1: mail._domainkey.mail.mywebhostings.biz => pass
TESTING#2: mail._domainkey.mail.mywebsolutions.co.in => invalid (public key: not available)
pawan@server1:~$ sudo amavisd-new testkeys
TESTING#1: mail._domainkey.mail.mywebhostings.biz => pass
TESTING#2: mail._domainkey.mail.mywebsolutions.co.in => pass
pawan@server1:~$
So what I am doing wrong. One time the command amavisd-new testkeys fails and
immediately on the same command repeat it passes the test.
Reply With Quote
  #4  
Old 17th August 2010, 00:32
Mark_NL Mark_NL is offline
Senior Member
 
Join Date: Sep 2008
Location: The Netherlands
Posts: 912
Thanks: 12
Thanked 100 Times in 96 Posts
Default

sounds to me like a lazy/slow nameserver ..

TESTING#2: mail._domainkey.mail.mywebsolutions.co.in => invalid (public key: not available)

means it can't find the TXT record "mail._domainkey" .. the 2nd time you tried, you got a response from the nameserver, that happens sometimes when a NS is slow/busy or whatever it's doing.

besides that, looking at your config, are you sending out user@mail.mywebhostings.biz as "from" address, or user@mywebhostings.biz ?

if it's the second one, you need to change your TXT record as well ..

Code:
dkim_key('mywebhostings.biz', 'mail', '/var/db/dkim/mywebhostings.biz.key.pem');
dkim_key('mywebsolutions.co.in', 'mail', '/var/db/dkim/mywebsolutions.co.in.key.pem');
in combination with a TXT for domain "mywebhostings.biz":
Code:
mail._domainkey TXT <your public key>
would be better.

you should go for this output:
Code:
pawan@server1:~$ sudo amavisd-new testkeys
TESTING#1: mail._domainkey.mywebhostings.biz => pass
TESTING#2: mail._domainkey.mywebsolutions.co.in => pass
Reply With Quote
The Following User Says Thank You to Mark_NL For This Useful Post:
pawan (17th August 2010)
  #5  
Old 17th August 2010, 17:48
pawan pawan is offline
Senior Member
 
Join Date: Jul 2010
Posts: 222
Thanks: 44
Thanked 6 Times in 6 Posts
Default how to check that my outgoing mails are DKIM Signed.

Dear Mark_NL

Thank you so much.
Your guidance are really very valuable.

Now I am getting dkim= pass (ok)
but domainkeys=neutral (no sig), is it OK.

besides the mail is still going to SPAM Box. So what other steps should I take to deliver the mail to INBOX.


Code:
X-Originating-IP: [59.90.144.48]
Authentication-Results: mta168.mail.in.yahoo.com  from=mywebhostings.biz; domainkeys=neutral (no sig);  from=mywebhostings.biz; dkim=pass (ok)
Received: from 59.90.144.48  (EHLO server1.mywebsolutions.co.in) (59.90.144.48)
  by mta168.mail.in.yahoo.com with SMTP; Tue, 17 Aug 2010 18:41:57 +0530
Received: from localhost (localhost.localdomain [127.0.0.1])
Reply With Quote
  #6  
Old 17th August 2010, 19:00
Mark_NL Mark_NL is offline
Senior Member
 
Join Date: Sep 2008
Location: The Netherlands
Posts: 912
Thanks: 12
Thanked 100 Times in 96 Posts
Default

mostly all mail goes into the spambox by default, unless you're paying for a program like senderscore.

supply the complete headers of the mail you received in your spambox.
Reply With Quote
  #7  
Old 17th August 2010, 19:53
pawan pawan is offline
Senior Member
 
Join Date: Jul 2010
Posts: 222
Thanks: 44
Thanked 6 Times in 6 Posts
Default how to check that my outgoing mails are DKIM Signed.

Dear Mark_NL

Below is the full header received in yahoo mail.

One more strange thing I have noticed is that mails sent from mywebhostings.biz sometimes pass SPF & sometimes the header goes like this

Code:
Received-SPF: none (mta187.mail.in.yahoo.com: domain of pkjoshi@mywebhostings.biz does not designate permitted sender hosts)

Below is the full header received in yahoo mail.

Code:
From Pawan Joshi Tue Aug 17 13:11:47 2010
X-Apparently-To: pjoshi_sbp@yahoo.co.in via 121.101.151.3; Tue, 17 Aug 2010 18:41:58 +0530
Return-Path: <pkjoshi@mywebhostings.biz>
X-YahooFilteredBulk: 59.90.144.48
Received-SPF: pass (mta168.mail.in.yahoo.com: domain of pkjoshi@mywebhostings.biz designates 59.90.144.48 as permitted sender)
X-YMailISG: 82lik90cZAq3uBla4oBWOJbJmiOcWjGnx.l6DdQpzR8Oy9lu
 b8FIVK1uGilG_lOGYSrN_gTBBUYyt5flfxVuM8Z0qFu.ROmhh2qYbJk9jvVM
 wP3onf7ozvGxNKxyNEPmxghdVbtH7ZlpB3SXxnrg3iD2EdTBKq4vnrEdtiBY
 vkMuXV65P7s.jM7EDr7vEXclKBONv8KZ7xW0Py6BDRCeTgXg6obAT8BdEj5I
 XaeQZynZO2EdO9jb1Y.WCSWism7sJq4jT8aEUJkyV942YrMve_up5nnlxEqn
 rPntML29BjKeW5CsnuXTMAI_S3R.RG2MuFxpNkrFgPFb2GKR_F62lpgrIeaj
 9l75hRG84olnPzWYoGFL6L.RFW0DqZK42vivV6n3A.2FxhyUSybX.scdZxb7
 BG4MUQx16tEzOJbtdGfN2neInINE97SfE5RZ4959OnZURrFCy5MpgRdDDCgp
 _iJw6fQEt.H8rLDDSeKem68zmn_6YrKGg3n90vVQ74ied1sLWlCqm4gBhBE-
X-Originating-IP: [59.90.144.48]
Authentication-Results: mta168.mail.in.yahoo.com  from=mywebhostings.biz; domainkeys=neutral (no sig);  from=mywebhostings.biz; dkim=pass (ok)
Received: from 59.90.144.48  (EHLO server1.mywebsolutions.co.in) (59.90.144.48)
  by mta168.mail.in.yahoo.com with SMTP; Tue, 17 Aug 2010 18:41:57 +0530
Received: from localhost (localhost.localdomain [127.0.0.1])
	by server1.mywebsolutions.co.in (Postfix) with ESMTP id B0CF38407B5
	for <pjoshi_sbp@yahoo.co.in>; Tue, 17 Aug 2010 18:41:56 +0530 (IST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=
	mywebhostings.biz; h=content-transfer-encoding:x-mailer
	:mime-version:message-id:date:date:organization:content-type
	:content-type:reply-to:from:from:subject:subject:received
	:received; s=mail; t=1282050708; x=1283865108; bh=mKB0wziAdfhmwB
	N/UF9EWoHBhwYlHYMkcMyS1fKev4Y=; b=PGpupV4kcgydATPJ3RqsARaSKOPTtA
	oDoWW5LAGUJADShPK3olr+2HgmOKFQxsQCVSkQU3bD7LLurYs2TqSmy+BcZWYcNP
	ggmhlY8Seykd0vQD98YFCK6rBy2IEgO8/Bq+fIGTvuz4W+cpXzictdzH7JO/cXC3
	njYFtal7WpUHs=
X-Virus-Scanned: Debian amavisd-new at server1.mywebsolutions.co.in
Received: from server1.mywebsolutions.co.in ([127.0.0.1])
	by localhost (server1.mywebsolutions.co.in [127.0.0.1]) (amavisd-new, port 10024)
	with ESMTP id Xb4uFqSnKt4O for <pjoshi_sbp@yahoo.co.in>;
	Tue, 17 Aug 2010 18:41:48 +0530 (IST)
Received: from [192.168.0.10] (unknown [192.168.0.1])
	(Authenticated sender: pkjoshi@mywebhostings.biz)
	by server1.mywebsolutions.co.in (Postfix) with ESMTPA id 46D438406E4
	for <pjoshi_sbp@yahoo.co.in>; Tue, 17 Aug 2010 18:41:48 +0530 (IST)
Subject: after changes now getting DKIM PASS
From: Pawan Joshi <pkjoshi@mywebhostings.biz>
Reply-To: pkjoshi@mywebhostings.biz
To: pjoshi_sbp@yahoo.co.in
Content-Type: text/plain
Organization: mywebhostings
Date: Tue, 17 Aug 2010 18:41:47 +0530
Message-ID: <1282050707.10665.0.camel@server1.mywebsolutions.co.in>
Mime-Version: 1.0
X-Mailer: Evolution 2.28.3 
Content-Transfer-Encoding: 7bit
Content-Length: 62
Reply With Quote
  #8  
Old 17th August 2010, 22:22
Mark_NL Mark_NL is offline
Senior Member
 
Join Date: Sep 2008
Location: The Netherlands
Posts: 912
Thanks: 12
Thanked 100 Times in 96 Posts
Default

hmm it all looks fine to me ..

i did notice

mark@vuurmuur:~$ host 59.90.144.48
Name: mywebsolutions.co.in
Address: 59.90.144.48

reversed all fine?

and i still think your NS servers are lazy .. set a higher TTL for the TXT record, and it's all cached in no time on the net.
Reply With Quote
  #9  
Old 17th August 2010, 22:47
pawan pawan is offline
Senior Member
 
Join Date: Jul 2010
Posts: 222
Thanks: 44
Thanked 6 Times in 6 Posts
Default how to check that my outgoing mails are DKIM Signed.

Dear Mark_NL

I really feel so obliged for your help.

The TTL value at present is 86400 for TXT record, will 14400 will be ideal.

besides I am also giving below a header detail from gmail. Please have a look.
I have marked the line in bold, which i feel is not OK,

which says SPF neither permitted nor denied, beside dkim=neutral (bad format)

But I need your comment and suggestion.


Code:
Delivered-To: orissaitbazaar@gmail.com
Received: by 10.229.86.134 with SMTP id s6cs114425qcl;
        Tue, 17 Aug 2010 10:04:27 -0700 (PDT)
Received: by 10.90.115.9 with SMTP id n9mr4593968agc.137.1282064666488;
        Tue, 17 Aug 2010 10:04:26 -0700 (PDT)
Return-Path: <pkjoshi@mywebhostings.biz>
Received: from server1.mywebsolutions.co.in (mywebsolutions.co.in [59.90.144.48])
        by mx.google.com with ESMTP id a10si12724927ibd.83.2010.08.17.10.04.18;
        Tue, 17 Aug 2010 10:04:25 -0700 (PDT)
Received-SPF: neutral (google.com: 59.90.144.48 is neither permitted nor denied by best guess record for domain of pkjoshi@mywebhostings.biz) client-ip=59.90.144.48;
Authentication-Results: mx.google.com; spf=neutral (google.com: 59.90.144.48 is neither permitted nor denied by best guess record for domain of pkjoshi@mywebhostings.biz) smtp.mail=pkjoshi@mywebhostings.biz; dkim=neutral (bad format) header.i=@mywebhostings.biz
Received: from localhost (localhost.localdomain [127.0.0.1])
	by server1.mywebsolutions.co.in (Postfix) with ESMTP id 02E398404B5;
	Tue, 17 Aug 2010 22:34:16 +0530 (IST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=
	mywebhostings.biz; h=content-transfer-encoding:x-mailer
	:mime-version:message-id:date:date:organization:content-type
	:content-type:reply-to:from:from:subject:subject:received
	:received; s=mail; t=1282064645; x=1283879045; bh=mKB0wziAdfhmwB
	N/UF9EWoHBhwYlHYMkcMyS1fKev4Y=; b=c9PjGztqHOyq5LKPn86CYxsbzvZMNk
	E4BiQvZ45ebg4lDp+4mFEr4PXDxBLI6iDIUqrM297XWkAqXVJORPjkQsDbRq6GI2
	lhhwVR/4S3BVi6Bm/5Ontxux76l620BCTDsmof2zjeQl/jNfR7mfWM9L6UYHN2QC
	Wmpqezstu5VkI=
X-Virus-Scanned: Debian amavisd-new at server1.mywebsolutions.co.in
Received: from server1.mywebsolutions.co.in ([127.0.0.1])
	by localhost (server1.mywebsolutions.co.in [127.0.0.1]) (amavisd-new, port 10024)
	with ESMTP id ZREt62mXxBux; Tue, 17 Aug 2010 22:34:05 +0530 (IST)
Received: from [192.168.0.10] (unknown [192.168.0.1])
	(Authenticated sender: pkjoshi@mywebhostings.biz)
	by server1.mywebsolutions.co.in (Postfix) with ESMTPA id 012A284006E;
	Tue, 17 Aug 2010 22:34:04 +0530 (IST)
Subject: after changes now getting DKIM PASS -2
From: Pawan Joshi <pkjoshi@mywebhostings.biz>
Reply-To: pkjoshi@mywebhostings.biz
To: orissaitbazaar@gmail.com
Cc: orissaitbazaar@rediffmail.com
Content-Type: text/plain
Organization: mywebhostings
Date: Tue, 17 Aug 2010 22:34:04 +0530
Message-ID: <1282064644.10665.2.camel@server1.mywebsolutions.co.in>
Mime-Version: 1.0
X-Mailer: Evolution 2.28.3 
Content-Transfer-Encoding: 7bit

after changes now getting DKIM PASS for mywebsolutions.co.in
Reply With Quote
  #10  
Old 17th August 2010, 22:56
Mark_NL Mark_NL is offline
Senior Member
 
Join Date: Sep 2008
Location: The Netherlands
Posts: 912
Thanks: 12
Thanked 100 Times in 96 Posts
 
Default

can you show me the content of your dns zones?
Reply With Quote
Reply

Bookmarks

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump

Similar Threads
Thread Thread Starter Forum Replies Last Post
monitrc configuration for Debian ISPConfig 3 server Hans Tips/Tricks/Mods 2 28th March 2011 00:22
Forbidden 403; Samba access; config of maildeamon fawkes Installation/Configuration 4 14th January 2010 19:16
Check outgoing mail? spam? spuppy General 2 24th March 2008 17:27
ISP Config not working in mandriva 2008 bigdavid889 Server Operation 8 28th February 2008 21:05
Postifx - moving incoming and outgoing mails to different account webbies Server Operation 2 4th June 2007 10:41


All times are GMT +2. The time now is 06:20.


Powered by vBulletin® Version 3.8.7
Copyright ©2000 - 2014, vBulletin Solutions, Inc.