Go Back   HowtoForge Forums | HowtoForge - Linux Howtos and Tutorials > ISPConfig 3 > Installation/Configuration

Do you like HowtoForge? Please consider supporting us by becoming a subscriber.
Reply
 
Thread Tools Display Modes
  #1  
Old 8th August 2013, 13:08
MrWolf MrWolf is offline
Member
 
Join Date: Jul 2013
Location: Quebec / Canada
Posts: 39
Thanks: 3
Thanked 9 Times in 5 Posts
Question DKIM amavis email not signed

Hi,

I fallowed this guide from Florian: http://blog.schaal-24.de/?p=2223&lang=en

and it works, I get:
Code:
amavisd-new testkeys
TESTING#1: default._domainkey.mydomain.com      => pass
When I go on: http://dkimcore.org/c/keycheck to check the dkim on the dns, I get:
Code:
This is a valid DKIM key record
but when I send an email to: check-auth@verifier.port25.com to check if everything is good I get this result:
Code:
==========================================================
Summary of Results
==========================================================
SPF check:          pass
DomainKeys check:   neutral
DKIM check:         neutral
Sender-ID check:    pass
SpamAssassin check: ham
----------------------------------------------------------
DomainKeys check details:
----------------------------------------------------------
Result:         neutral (message not signed)
ID(s) verified: header.From=myname@mydomain.com DNS record(s):

----------------------------------------------------------
DKIM check details:
----------------------------------------------------------
Result:         neutral (message not signed)
ID(s) verified: 

NOTE: DKIM checking has been performed based on the latest DKIM specs (RFC 4871 or draft-ietf-dkim-base-10) and verification may fail for older versions.  If you are using Port25's PowerMTA, you need to use version 3.2r11 or later to get a compatible version of DKIM.
and the amavis part of the header of the email sent is:
Code:
Received: from localhost (localhost [127.0.0.1])
	by ns2.mydomain.com (Postfix) with ESMTP id 0C6E240006D
	for <check-auth@verifier.port25.com>; Thu,  8 Aug 2013 05:57:33 -0400 (EDT)
X-Virus-Scanned: Debian amavisd-new at ns2.mydomain.com
Received: from ns2.mydomain.com ([IPv6:::ffff:127.0.0.1])
	by localhost (ns2.mydomain.com [::ffff:127.0.0.1]) (amavisd-new, port 10024)
	with ESMTP id ZszVRidPhEP4 for <check-auth@verifier.port25.com>;
	Thu,  8 Aug 2013 05:57:32 -0400 (EDT)
can anyone help me to find why my email aren't signed?

Thank you
Reply With Quote
Sponsored Links
  #2  
Old 8th August 2013, 13:56
florian030 florian030 is offline
Senior Member
 
Join Date: Oct 2012
Posts: 276
Thanks: 8
Thanked 72 Times in 63 Posts
Default

Please note that this patch is a beta-version and not part of the offical ispconfig-version.

Did you add your public-key to the DNS? see http://www.ijs.si/software/amavisd/a...docs.html#dkim
__________________
regards
Florian

blog.schaal-24.de
Reply With Quote
  #3  
Old 8th August 2013, 18:17
MrWolf MrWolf is offline
Member
 
Join Date: Jul 2013
Location: Quebec / Canada
Posts: 39
Thanks: 3
Thanked 9 Times in 5 Posts
Default

Thanks for your answer Florian,

I know it's a beta patch and it works great on ispconfig. my problem seems to be on amavis.

yes the dns part is good, that's why I get this
Code:
This is a valid DKIM key record
when I test the dns part

Thank you
Reply With Quote
  #4  
Old 8th August 2013, 20:56
florian030 florian030 is offline
Senior Member
 
Join Date: Oct 2012
Posts: 276
Thanks: 8
Thanked 72 Times in 63 Posts
Default

Are you sure, that your amavisd supports DKIM-Signing/Verifing (perl mail::dkim)?

After restarting amavisd you must see something like

Code:
Module Mail::DKIM::Signer  0.39
Module Mail::DKIM::Verifier 0.39
in your amavis-log.

Otherwise you must install perl-Mail-DKIM to make sure, that
Code:
Mail::DKIM
is installed.
__________________
regards
Florian

blog.schaal-24.de
Reply With Quote
  #5  
Old 9th August 2013, 02:14
MrWolf MrWolf is offline
Member
 
Join Date: Jul 2013
Location: Quebec / Canada
Posts: 39
Thanks: 3
Thanked 9 Times in 5 Posts
Default

Yes I do...

Code:
Aug  8 19:09:14 ns1 amavis[23702]: Module Mail::DKIM::Signer  0.39
Aug  8 19:09:14 ns1 amavis[23702]: Module Mail::DKIM::Verifier 0.39
Reply With Quote
  #6  
Old 9th August 2013, 02:28
MrWolf MrWolf is offline
Member
 
Join Date: Jul 2013
Location: Quebec / Canada
Posts: 39
Thanks: 3
Thanked 9 Times in 5 Posts
Default

This is what I get when I send an email:

Code:
Aug  8 19:19:06 ns2 postfix/smtpd[22349]: connect from localhost[127.0.0.1]
Aug  8 19:19:06 ns2 postfix/smtpd[22349]: BBC8840006D: client=localhost[127.0.0.1]
Aug  8 19:19:06 ns2 postfix/cleanup[22343]: BBC8840006D: message-id=<000001ce948d$abfdf550$03f9dff0$@mydomain.com>
Aug  8 19:19:06 ns2 postfix/qmgr[18191]: BBC8840006D: from=<myname@mydomain.com>, size=3073, nrcpt=1 (queue active)
Aug  8 19:19:06 ns2 amavis[22296]: (22296-01) Passed CLEAN {RelayedOpenRelay}, [1.2.3.4]:16280 <myname@mydomain.com> -> <check-auth@verifier.port25.com>, Queue-ID: 71AF340006A, Message-ID: <000001ce948d$abfdf550$03f9dff0$@mydomain.com>, mail_id: EWdd1eBDfHHt, Hits: -0.001, size: 2602, queued_as: BBC8840006D, 259 ms
Aug  8 19:19:06 ns2 postfix/smtp[22344]: 71AF340006A: to=<check-auth@verifier.port25.com>, relay=127.0.0.1[127.0.0.1]:10024, delay=0.34, delays=0.07/0/0/0.26, dsn=2.0.0, status=sent (250 2.0.0 from MTA(smtp:[127.0.0.1]:10025): 250 2.0.0 Ok: queued as BBC8840006D)
Aug  8 19:19:06 ns2 postfix/qmgr[18191]: 71AF340006A: removed
Aug  8 19:19:07 ns2 postfix/smtp[22350]: BBC8840006D: to=<check-auth@verifier.port25.com>, relay=verifier.port25.com[96.244.219.19]:25, delay=0.71, delays=0/0.01/0.46/0.24, dsn=2.6.0, status=sent (250 2.6.0 message received)
Aug  8 19:19:07 ns2 postfix/qmgr[18191]: BBC8840006D: removed
should I see something about dkim or amavis other then scanning for antivirus?
Reply With Quote
  #7  
Old 9th August 2013, 03:49
MrWolf MrWolf is offline
Member
 
Join Date: Jul 2013
Location: Quebec / Canada
Posts: 39
Thanks: 3
Thanked 9 Times in 5 Posts
Default

Before someone ask...

this is my config file:

/etc/amavis/conf.d/50-user (same as Florian's guide with this added)
Code:
$inet_socket_port = [10024,10026];
$interface_policy{'10026'} = 'ORIGINATING';
$policy_bank{'ORIGINATING'} = { originating => 1, };
/etc/postfix/master.cf
Code:
smtp      inet  n       -       -       -       -       smtpd
submission inet n       -       -       -       -       smtpd
  -o syslog_name=postfix/submission
  -o smtpd_tls_security_level=encrypt
  -o smtpd_sasl_auth_enable=yes
  -o smtpd_client_restrictions=permit_sasl_authenticated,reject
  -o content_filter=smtp-amavis:[127.0.0.1]:10026
smtps     inet  n       -       -       -       -       smtpd
  -o syslog_name=postfix/smtps
  -o smtpd_tls_wrappermode=yes
  -o smtpd_sasl_auth_enable=yes
  -o smtpd_client_restrictions=permit_sasl_authenticated,reject
...default stuff...
amavis unix - - - - 2 smtp
        -o smtp_data_done_timeout=1200
        -o smtp_send_xforward_command=yes

127.0.0.1:10025 inet n - - - - smtpd
        -o content_filter=
        -o local_recipient_maps=
        -o relay_recipient_maps=
        -o smtpd_restriction_classes=
        -o smtpd_client_restrictions=
        -o smtpd_helo_restrictions=
        -o smtpd_sender_restrictions=
        -o smtpd_recipient_restrictions=permit_mynetworks,reject
        -o mynetworks=127.0.0.0/8
        -o strict_rfc821_envelopes=yes
        -o receive_override_options=no_unknown_recipient_checks,no_header_body_checks
Thank you
Reply With Quote
  #8  
Old 9th August 2013, 10:34
florian030 florian030 is offline
Senior Member
 
Join Date: Oct 2012
Posts: 276
Thanks: 8
Thanked 72 Times in 63 Posts
Default

As you can see, the mail is not ORGINATING. Amavis signs only local outgoing mails with the DKIM-key.

Code:
amavis[22296]: (22296-01) Passed CLEAN {RelayedOpenRelay},
You can add
Code:
@mynetworks = qw( 127.0.0.0/8 [::1] [FE80::]/10 [FEC0::]/10
                  10.0.0.0/8 172.16.0.0/12 192.168.0.0/16 );
to amavis.
__________________
regards
Florian

blog.schaal-24.de
Reply With Quote
  #9  
Old 9th August 2013, 13:05
MrWolf MrWolf is offline
Member
 
Join Date: Jul 2013
Location: Quebec / Canada
Posts: 39
Thanks: 3
Thanked 9 Times in 5 Posts
Default

same result:
Code:
Summary of Results
==========================================================
SPF check:          pass
DomainKeys check:   neutral
DKIM check:         neutral
Sender-ID check:    pass
SpamAssassin check: ham
mail.log:
Code:
Aug  9 05:55:46 ns1 postfix/smtpd[26791]: connect from localhost[127.0.0.1]
Aug  9 05:55:46 ns1 postfix/smtpd[26791]: 372C440006D: client=localhost[127.0.0.1]
Aug  9 05:55:46 ns1 postfix/cleanup[26785]: 372C440006D: message-id=<000001ce94e6$9c3a79f0$d4af6dd0$@mydomain.com>
Aug  9 05:55:46 ns1 postfix/qmgr[25720]: 372C440006D: from=<myname@mydomain.com>, size=3097, nrcpt=1 (queue active)
Aug  9 05:55:46 ns1 amavis[26705]: (26705-01) Passed CLEAN {RelayedOpenRelay}, [184.162.x.x]:14692 <myname@mydomain.com> -> <check-auth@verifier.port25.com>, Queue-ID: C8EAF40006A, Message-ID: <000001ce94e6$9c3a79f0$d4af6dd0$@mydomain.com>, mail_id: 29rjibHP_t52, Hits: -0.001, size: 2626, queued_as: 372C440006D, 364 ms
Aug  9 05:55:46 ns1 postfix/smtp[26786]: C8EAF40006A: to=<check-auth@verifier.port25.com>, relay=127.0.0.1[127.0.0.1]:10024, delay=0.44, delays=0.07/0.01/0.01/0.36, dsn=2.0.0, status=sent (250 2.0.0 from MTA(smtp:[127.0.0.1]:10025): 250 2.0.0 Ok: queued as 372C440006D)
Aug  9 05:55:46 ns1 postfix/qmgr[25720]: C8EAF40006A: removed
Reply With Quote
  #10  
Old 14th August 2013, 05:03
MrWolf MrWolf is offline
Member
 
Join Date: Jul 2013
Location: Quebec / Canada
Posts: 39
Thanks: 3
Thanked 9 Times in 5 Posts
 
Default

I finally found what's missing...

from scratch...

this guide to install debian with ispconfig: http://www.howtoforge.com/perfect-se...ispconfig-3-p3

this guide to add the dkim-patch to ispconfig: http://blog.schaal-24.de/?p=2223&lang=en

then, modify these files:
/etc/postfix/main.cf
Code:
smtpd_sender_restrictions = check_sender_access regexp:/etc/postfix/tag_as_originating.re, permit_mynetworks, permit_sasl_authenticated, check_sender_access mysql:/etc/postfix/mysql-virtual_sender.cf, check_sender_access regexp:/etc/postfix/tag_as_foreign.re
/etc/postfix/tag_as_originating.re
Code:
/^/  FILTER amavis:[127.0.0.1]:10026
/etc/postfix/tag_as_foreign.re
Code:
/^/  FILTER amavis:[127.0.0.1]:10024
/etc/amavis/conf.d/50-user
Code:
$inet_socket_port = [10024,10026];

$interface_policy{'10026'} = 'ORIGINATING';

$policy_bank{'ORIGINATING'} = {
        originating => 1,
        smtpd_discard_ehlo_keywords => ['8BITMIME'],
};
and now my outgoing email are signed

Thanks to Florian for your help
Reply With Quote
The Following 3 Users Say Thank You to MrWolf For This Useful Post:
florian030 (14th August 2013), nokia80 (2nd October 2014), stef157 (14th August 2013)
Reply

Bookmarks

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump

Similar Threads
Thread Thread Starter Forum Replies Last Post
amavis dkim enable misterm Installation/Configuration 1 12th August 2013 12:37
Gmail and Port25 Email Test Require IPv6 addresses now bpmee Server Operation 0 3rd April 2013 08:40
Cant send email, wrong IPs for amavis and postfix? andreasnrb Installation/Configuration 3 23rd March 2010 11:53
hotmail rejects outgoing email nzimas Server Operation 3 1st May 2009 04:39
email forwarding locally consumes all resources rdells General 20 1st May 2006 20:43


All times are GMT +2. The time now is 07:56.


Powered by vBulletin® Version 3.8.7
Copyright ©2000 - 2014, vBulletin Solutions, Inc.