DKIM Not signing emails

Discussion in 'Installation/Configuration' started by pkpas78, Sep 7, 2020.

  1. pkpas78

    pkpas78 New Member

    Hi,

    I am using (Debian 10 Buster) ISPConfig 3.1.15p3 by following this tutorial : perfect-server-debian-10-buster-apache-bind-dovecot-ispconfig-3-1/
    When i use smtp server (port 587 with SSL) the emails sent is with DKIM signed
    However when I am sending emails they are not being signed
    I searched quite a bit but I failed to find the problem even by following this : blog.schaal-24.de/dkim/debug-2/?lang=en
    I even started a reconfiguration and it still does not work. I don't know where to look, can you help me please ?

    Thank you
     
  2. Taleman

    Taleman Well-Known Member HowtoForge Supporter

    What is the difference in these two ways of sending?
    There is info also about DKIM configuration in the e-mail setup tutorial linked to in my signature.
    if that does not help, do this: https://www.howtoforge.com/community/threads/please-read-before-posting.58408/
     
  3. pkpas78

    pkpas78 New Member

    Thank you Taleman

    I imagine the other is using port 25 without ssl, right?

    This is a report :
    Code:
    ~# cat htf_report.txt | more
    
    ##### SERVER #####
    IP-address (as per hostname): ***.***.***.***
    [WARN] could not determine server's ip address by ifconfig
    [INFO] OS version is Debian GNU/Linux 10 (buster)
    
    [INFO] ISPConfig is installed.
    
    ##### ISPCONFIG #####
    ISPConfig version is 3.1.15p3
    
    
    ##### VERSION CHECK #####
    
    [INFO] php (cli) version is 7.3.21-1+0~20200807.66+debian10~1.gbp18a1c2
    
    ##### PORT CHECK #####
    
    
    ##### MAIL SERVER CHECK #####
    
    
    ##### RUNNING SERVER PROCESSES #####
    
    [INFO] I found the following web server(s):
            Apache 2 (PID 14985)
    [INFO] I found the following mail server(s):
            Postfix (PID 14467)
    [INFO] I found the following pop3 server(s):
            Dovecot (PID 14519)
    [INFO] I found the following imap server(s):
            Dovecot (PID 14519)
    [INFO] I found the following ftp server(s):
            PureFTP (PID 14648)
    
    ##### LISTENING PORTS #####
    (only           ()
    Local           (Address)
    ***.***.***.***:53              (14658/named)
    [localhost]:53          (14658/named)
    [anywhere]:21           (14648/pure-ftpd)
    [anywhere]:22           (687/sshd)
    [localhost]:953         (14658/named)
    [anywhere]:25           (14467/master)
    [anywhere]:993          (14519/dovecot)
    [anywhere]:995          (14519/dovecot)
    [localhost]:10023               (848/postgrey)
    [localhost]:10024               (14506/amavisd-new)
    [localhost]:10025               (14467/master)
    [localhost]:10026               (14506/amavisd-new)
    [localhost]:10027               (14467/master)
    [anywhere]:587          (14467/master)
    [localhost]:11211               (642/memcached)
    [anywhere]:110          (14519/dovecot)
    [anywhere]:143          (14519/dovecot)
    [anywhere]:465          (14467/master)
    *:*:*:*::*:53           (14658/named)
    *:*:*:*::*:21           (14648/pure-ftpd)
    *:*:*:*::*:22           (687/sshd)
    *:*:*:*::*:953          (14658/named)
    *:*:*:*::*:25           (14467/master)
    *:*:*:*::*:443          (14985/apache2)
    *:*:*:*::*:993          (14519/dovecot)
    *:*:*:*::*:995          (14519/dovecot)
    *:*:*:*::*:10023                (848/postgrey)
    *:*:*:*::*:10024                (14506/amavisd-new)
    *:*:*:*::*:10026                (14506/amavisd-new)
    *:*:*:*::*:3306         (14156/mysqld)
    *:*:*:*::*:587          (14467/master)
    [localhost]10           (14519/dovecot)
    [localhost]43           (14519/dovecot)
    *:*:*:*::*:8080         (14985/apache2)
    *:*:*:*::*:80           (14985/apache2)
    *:*:*:*::*:8081         (14985/apache2)
    *:*:*:*::*:465          (14467/master)
    
    
    
    
    ##### IPTABLES #####
    Chain INPUT (policy ACCEPT)
    target     prot opt source               destination
    f2b-dovecot  tcp  --  [anywhere]/0            [anywhere]/0            multiport dports 110,995,143,993,587,465,4190
    f2b-sshd   tcp  --  [anywhere]/0            [anywhere]/0            multiport dports 22
    
    Chain FORWARD (policy ACCEPT)
    target     prot opt source               destination
    
    Chain OUTPUT (policy ACCEPT)
    target     prot opt source               destination
    
    Chain f2b-sshd (1 references)
    target     prot opt source               destination
    REJECT     all  --  ***.***.***.***         [anywhere]/0            reject-with icmp-port-unreachable
    REJECT     all  --  ***.***.***.***       [anywhere]/0            reject-with icmp-port-unreachable
    REJECT     all  --  ***.***.***.***        [anywhere]/0            reject-with icmp-port-unreachable
    REJECT     all  --  ***.***.***.***        [anywhere]/0            reject-with icmp-port-unreachable
    REJECT     all  --  ***.***.***.***       [anywhere]/0            reject-with icmp-port-unreachable
    REJECT     all  --  ***.***.***.***        [anywhere]/0            reject-with icmp-port-unreachable
    RETURN     all  --  [anywhere]/0            [anywhere]/0
    
    Chain f2b-dovecot (1 references)
    target     prot opt source               destination
    RETURN     all  --  [anywhere]/0            [anywhere]/0
    
     
    Last edited: Sep 7, 2020
  4. Taleman

    Taleman Well-Known Member HowtoForge Supporter

    The listing is not complete, lines from the end are missing.
    I have no idea.
    You could maybe describe exactly how you send an e-mail that does not get DKIM signed.
    The tutorial linked to in my signature shows some ways to test e-mail server. Try sending with webmail and check whether it gets DKIM signed.
     
  5. pkpas78

    pkpas78 New Member

    Yes sorry I forgot a part, I edited the report.
    With roundcube, the email arrives signed on dkimvalidator.com on the other hand when I send in SSH command line, the email is not signed ... Same when I receive an email sent from my website
    Otherwise everything is good SPF, DMARC ...
     
  6. Th0m

    Th0m ISPConfig Developer ISPConfig Developer

    Email sent from the command line is not authenticated through postfix and will therefore not be signed. Only email you sent through your smtp server with your account will be signed.
     
    pkpas78 likes this.
  7. pkpas78

    pkpas78 New Member

    Ok thank you, however on an server (debian jessie +virtualmin) with command line, the emails sent were signed, is there a setting to be made?
     
  8. Th0m

    Th0m ISPConfig Developer ISPConfig Developer

    The emails were probably relayed through a email account there. You can set this up for your cli send mails aswell, but that's not necessary imo (at least for my use cases ;) )
     
  9. pkpas78

    pkpas78 New Member

    Okay, thank you :)
    And emails sent by my website (with phpmailer) are not signed, do you need to make adjustments?
     
  10. Th0m

    Th0m ISPConfig Developer ISPConfig Developer

    pkpas78 likes this.
  11. pkpas78

    pkpas78 New Member

    Okay, thanks ;)
     
    Th0m likes this.
  12. Jesse Norell

    Jesse Norell ISPConfig Developer ISPConfig Developer

    I don't remember if there is an issue created for this (dkim sign mail injected from sendmail/cli), but it has been mentioned/discussed a little. You might try switching to rspamd and see if signing there works, I don't remember if it did, but I don't believe anyone has ever posted an example config for amavis to make it work, nor does it work "out of the box".
     
    pkpas78 likes this.
  13. pkpas78

    pkpas78 New Member

    I would look that way too, thank you
     

Share This Page