DKIM

Discussion in 'Installation/Configuration' started by Antoine85, Sep 13, 2018.

Tags:
  1. Antoine85

    Antoine85 New Member

    Hello , I just finished an installation of ispconfig but the DKIM signature does not work here screenshots of my configuration Thank you for your help Antoine

    im running on Debian Jessie

    ##### SERVER #####
    IP-address (as per hostname): [localhost]
    IP-address(es) (as per ifconfig): ***.***.***.***
    [WARN] ip addresses from hostname differ from ifconfig output. Please check your ip settings.
    [INFO] ISPConfig is installed.

    ##### ISPCONFIG #####
    ISPConfig version is 3.1.13


    ##### VERSION CHECK #####

    [INFO] php (cli) version is 5.6.37-0+deb8u1
    [INFO] php-cgi (used for cgi php in default vhost!) is version 5.6.37-0+deb8u1

    ##### PORT CHECK #####


    ##### MAIL SERVER CHECK #####


    ##### RUNNING SERVER PROCESSES #####

    [INFO] I found the following web server(s):
    Apache 2 (PID 5054)
    [INFO] I found the following mail server(s):
    Unknown process (smtpd) (PID 11010)
    [INFO] I found the following pop3 server(s):
    Dovecot (PID 21367)
    [INFO] I found the following imap server(s):
    Unknown process (init) (PID 1)
    [INFO] I found the following ftp server(s):
    PureFTP (PID 1165)

    ##### LISTENING PORTS #####
    (only ()
    Local (Address)
    [anywhere]:993 (1/init)
    [anywhere]:995 (21367/dovecot)
    [localhost]:10024 (4147/amavisd-new)
    [localhost]:10025 (21359/master)
    [localhost]:10026 (4147/amavisd-new)
    [anywhere]:3306 (1024/mysqld)
    [localhost]:10027 (21359/master)
    [anywhere]:587 (21359/master)
    [localhost]:11211 (418/memcached)
    [anywhere]:110 (21367/dovecot)
    [anywhere]:143 (1/init)
    [anywhere]:465 (21359/master)
    [anywhere]:21 (1165/pure-ftpd)
    ***.***.***.***:53 (419/named)
    [localhost]:53 (419/named)
    [anywhere]:22 (644/sshd)
    [anywhere]:25 (11010/smtpd)
    [localhost]:953 (419/named)
    *:*:*:*::*:993 (1/init)
    *:*:*:*::*:995 (21367/dovecot)
    *:*:*:*::*:10024 (4147/amavisd-new)
    *:*:*:*::*:10026 (4147/amavisd-new)
    *:*:*:*::*:587 (21359/master)
    [localhost]10 (21367/dovecot)
    [localhost]43 (1/init)
    *:*:*:*::*:8080 (5054/apache2)
    *:*:*:*::*:80 (5054/apache2)
    *:*:*:*::*:8081 (5054/apache2)
    *:*:*:*::*:465 (21359/master)
    *:*:*:*::*:21 (1165/pure-ftpd)
    *:*:*:*::*:53 (419/named)
    *:*:*:*::*:22 (644/sshd)
    *:*:*:*::*:25 (11010/smtpd)
    *:*:*:*::*:953 (419/named)
    *:*:*:*::*:443 (5054/apache2)




    ##### IPTABLES #####
    Chain INPUT (policy ACCEPT)
    target prot opt source destination
    fail2ban-ssh tcp -- [anywhere]/0 [anywhere]/0 multiport dports 22

    Chain FORWARD (policy ACCEPT)
    target prot opt source destination

    Chain OUTPUT (policy ACCEPT)
    target prot opt source destination

    Chain fail2ban-ssh (1 references)
    target prot opt source destination
    REJECT all -- ***.***.***.*** [anywhere]/0 reject-with icmp-port-unreachable
    RETURN all -- [anywhere]/0 [anywhere]/0
     

    Attached Files:

    Last edited: Sep 13, 2018
  2. Antoine85

    Antoine85 New Member

    He find the key but ...

    [email protected]:/var/lib/amavis/dkim# amavisd-new testkeys
    TESTING#1 genovino.fr: default._domainkey.genovino.fr => invalid (public key: not available)
     
  3. florian030

    florian030 ISPConfig Developer ISPConfig Developer

    If there is not public-key, the name-server does not has the right record. I think, your problem is a non-respondig DNS (i can not query any record from your dns).
     
  4. Antoine85

    Antoine85 New Member

    The problem would come from the DNS server which does not solve the domain genovino.fr

    dev.2001aspaceodyssey.fr named
    [423]: client 7********** # 44726 (genovino.fr): query (cache) 'genovino.com/MX/IN' denied

    yet I have my zone of active zone
     
  5. Antoine85

    Antoine85 New Member

    So what's the solution?
     
  6. till

    till Super Moderator Staff Member ISPConfig Developer

    Find out why your DNS server does not resolve that domain. Is there a zone file with .err file ending for that zone?
     
  7. Antoine85

    Antoine85 New Member

    Here is my DNS zone

    upload_2018-9-25_10-13-45.png
     
  8. Antoine85

    Antoine85 New Member

    and my resolv.conf

    nameserver 8.8.8.8
    nameserver 127.0.0.1
     
  9. Taleman

    Taleman Well-Known Member HowtoForge Supporter

  10. Antoine85

    Antoine85 New Member

    Hello , I will do the test thank you. I use the fast configuration from ISP config yet Thank you
     
  11. Antoine85

    Antoine85 New Member

    I just added the two zone in type A but that does not fit situation




    host ns1.genovino.fr 163.172.121.82
    Using domain server:
    Name: 163.172.121.82
    Address: 163.172.121.82#53
    Aliases:
    Host ns1.genovino.fr not found: 2(SERVFAIL)

    [email protected]:~# host ns2.genovino.fr 163.172.121.82
    Using domain server:
    Name: 163.172.121.82
    Address: 163.172.121.82#53
    Aliases:

    Host ns2.genovino.fr not found: 2(SERVFAIL)
     
  12. Taleman

    Taleman Well-Known Member HowtoForge Supporter

    Strange, I would have thoght the tutorial helps to find all usual mistakes. Do you have suggestions on what to add to the instructions or the testing descriptions that would have helped find out what is wrong with your setup?
     
  13. till

    till Super Moderator Staff Member ISPConfig Developer

    Please check the zone file directory, is the zone still saved with .err ending? and post a new screenshot that shows the records that you have now in that zone.
     
  14. Antoine85

    Antoine85 New Member

  15. Antoine85

    Antoine85 New Member

    [email protected]:/etc/bind# ls -l
    -rw-r--r-- 1 root bind 869 sept. 25 14:12 pri.genovino.fr.err
     
  16. Taleman

    Taleman Well-Known Member HowtoForge Supporter

    Use the tutorial I posted the link to. The named-checkzone command should tell you what is wrong with that zone.
     
  17. till

    till Super Moderator Staff Member ISPConfig Developer

    You missed adding a few dots, all fully qualified domain names must end with a dot, so the dot is missing in the two newly added A records. And the NS record where the data field contains an IP is wrong and needs to be deleted.
     
  18. Antoine85

    Antoine85 New Member

    Hello , Indeed the daddition of dot at the end of my zone corrects the problem can you force the addition of dot at the end of each field in the next version to avoid this kind of problem? thanks for the help
     
  19. till

    till Super Moderator Staff Member ISPConfig Developer

    It's not that easy as a dot is not always needed. ISPConfig can not know if you tried to create a subdomain there or if you tried to refer to the master zone in the data field.
     

Share This Page