Postfix and Dkim-milter - not logging in maillog or message not sending at all

Discussion in 'HOWTO-Related Questions' started by nskate, Jan 31, 2010.

  1. nskate

    nskate New Member

    We setup both postfix and dkim-milter successfully according to the HowtoForge and everything is running it seems.

    Some settings were updated for our domain. But now when we try to mail nothing is being sent. There is no logging what so ever so we can't figure out what the email is doing. It does not leave the server.

    /var/log/maillog (no logging there of any error or message)
    /var/log/message (no logging here at all either)

    If we disable dkim-milter and just have postfix running the mail does send. But our goal is to have the DKIM stam on emails. Our dns record is correctly upated as well but if email doesn't even leave the server what gives?

    Thanks for help,

    Shootz
     
  2. nskate

    nskate New Member

    DKMI is the bottleneck

    When both DKMI and Postfix is running, mail stays in queue and stays... we shut off dkmi-milter then restart postfix (after commenting out the couple lines in /etc/postfix/main.cf) the emails gets sent right away.

    What could be the problem with DKMI holding the emails on the server?
     
  3. nskate

    nskate New Member

    Our DKim-milter conf file

    # Default values
    #
    USER="dkim-milt"
    PORT="local:/var/run/dkim-milter/dkim.sock"
    SIGNING_DOMAIN="<our domain here>.com"
    SELECTOR_NAME="default"
    KEYFILE="/etc/dkim-milter/${SIGNING_DOMAIN}_${SELECTOR_NAME}.key.pem"
    SIGNER=yes
    VERIFIER=yes
    CANON=simple
    SIGALG=rsa-sha1
    REJECTION="bad=r,dns=t,int=t,no=a,miss=r"
    EXTRA_ARGS="-h -l -D"
    MILTER_GROUP="mail"


    Also, there is another documenation on the web we found:
    https://help.ubuntu.com/community/Postfix/dkim-milter

    These guys says to put two config files:
    /etc/dkim-filter.conf
    /etc/default/dkim-filter

    Is this right? Your documents on this website says nothing about those files:
    http://www.howtoforge.com/postfix-dkim-with-dkim-milter-centos5.1
     
    Last edited: Jan 31, 2010
  4. topdog

    topdog Active Member HowtoForge Supporter

  5. nskate

    nskate New Member

  6. nskate

    nskate New Member

    import read failed(0).

    After followin the first step in the updated HowTo.
     
  7. topdog

    topdog Active Member HowtoForge Supporter

    Can you post the actual log ?
     
  8. nskate

    nskate New Member

    ok we downloaded the rpm directly from your site and did rpm -Uvh and it installed.

    there is a question about DNS and what exactly needs to be put there. on your example:

    default._domainkey IN TXT "v=DKIM1; g=*; k=rsa; p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDG81CNNVOlWwfhENOZEnJKNlikTB3Dnb5kUC8/zvht/S8SQnx+YgZ/KG7KOus0By8cIDDvwn3ElVRVQ6Jhz/HcvPU5DXCAC5owLBf/gX5tvAnjF1vSL8ZBetxquVHyJQpMFH3VW37m/mxPTGmDL+zJVW+CKpUcI8BJD03iW2l1CwIDAQAB"
    ; ----- DKIM default for topdog-software.com

    the TXT Name is: default._domainkey
    the TXT value we put is: v=DKIM1; g=*; k=rsa; p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDG81CNNVOlWwfhENOZEnJKNlikTB3Dnb5kUC8/zvht/S8SQnx+YgZ/KG7KOus0By8cIDDvwn3ElVRVQ6Jhz/HcvPU5DXCAC5owLBf/gX5tvAnjF1vSL8ZBetxquVHyJQpMFH3VW37m/mxPTGmDL+zJVW+CKpUcI8BJD03iW2l1CwIDAQAB

    of course the values will be reflected to our own key, but the format and the items put into the input boxes using GoDaddy's Total DNS this is what we do correct?

    We don't actually put the entire content into the TXT Value:
    default._domainkey IN TXT "v=DKIM1; g=*; k=rsa; p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDG81CNNVOlWwfhENOZEnJKNlikTB3Dnb5kUC8/zvht/S8SQnx+YgZ/KG7KOus0By8cIDDvwn3ElVRVQ6Jhz/HcvPU5DXCAC5owLBf/gX5tvAnjF1vSL8ZBetxquVHyJQpMFH3VW37m/mxPTGmDL+zJVW+CKpUcI8BJD03iW2l1CwIDAQAB"
    ; ----- DKIM default for topdog-software.com

    Thank you,
     
  9. topdog

    topdog Active Member HowtoForge Supporter

    I do not know about the godaddy interface but the key is basically a TXT record. your understanding below is correct.
     
  10. nskate

    nskate New Member

    Ok we did a test mail to our google account and read the full header. We see:

    X-DKIM: Sendmail DKIM Filter v2.8.2 <our domain>.com B698A1B0038

    Is that correct? Should there be an actual key file there, the long pem or something?
     
  11. topdog

    topdog Active Member HowtoForge Supporter

    You should have a DKIM-Signature header as well, and if your setup is correct then gmail will indicate that the check passed.
     
  12. nskate

    nskate New Member

    Only thing DKIM related is what we posted above:

    X-DKIM: Sendmail DKIM Filter v2.8.2 <our domain>.com B698A1B0038

    There is no sig or no confirmation. Perhaps DNS has not updated yet?

    For GoDaddy, they have two input fields, TXT Name and TXT Value. We have the follow below:

    TXT Name: default._domainkey
    TXT Value: v=DKIM1; g=*; k=rsa; p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQC1Kzf7W3l1OwG2eGPTNm c9EMo2s+0V0iw1e+IyS6XNcP5c2wkmogT+sTZ5zlwQgpQDNtSbYlI3A4yk+b TovieJl+1c1+cfti+hVzr4UqD504sxRBwwwRuOeKx7VqLW9JRvLhVjo2p3ot kKmAnjqrLK7tWfsnd9hArCO5zLJCIzPwIDAQAB

    And also:
    TXT Name: _adsp._domainkey
    TXT Value: dkim=unknown

    Any way to check to see if these DNS setting are live?
     
  13. topdog

    topdog Active Member HowtoForge Supporter

  14. nskate

    nskate New Member

    Let's say our domain is "domain.com", on that test page, we put domain.com and it says "input valid domain". Then we put www.domain.com and it says No problems to report.

    So even so, the sig and verification is not showing up on the header of google emails. Should we rename our pem and all the other settings to www.domain.com instead of domain.com?

    -- edit --
    We did further testing on that sendmail test site. We even put www.domain.com and selector as "defoot" and it says No problems to report... humm

    So our domain name in particular, without www. it produces error input valid domain name. This might be an issue.
     
    Last edited: Feb 1, 2010
  15. topdog

    topdog Active Member HowtoForge Supporter

    you need to fix your DNS records it seems you have added the TXT records to your www not to domain.com and of course u will not be sending mail from @www ?
     
  16. nskate

    nskate New Member

    It seems it's a DNS issue and our domain name has not propogated everywhere yet. We will try the test again each day.

    Your updated Dkim-milter documentation was very helpful and got our system up and running. The signatures and such we can work it out at this end once our DNS is fully registered globally.

    thumbs up!
     
  17. nskate

    nskate New Member

    Just want to update on the progress for those that may run into similar thing.

    1. We installed postfix using yum rpm install
    2. We then found this documentation by topdog:
    http://www.topdog.za.net/postfix_dkim_milter

    3. We had import problems on the first step of the documentation
    4. We downloaded the rpm directy from the topdog site knowing our "uname -a"
    5. Installed the RPM, followed all the steps of the documentation
    6. We sent test emails and the DKIM didn't sign
    7. Had to edit /etc/mail/dkim/trusted-hosts and add 127.0.0.1 and also our domain name
    8. EVERYTHING WORKS NOW

    Thank you topdog!

    Shootz
     

Share This Page