I followed up this guide but I getting trouble to get all outbound email to be signed. For incoming mails it appears verified ok. incoming email message header sent from gmail.com Code: X-DKIM: Sendmail DKIM Filter v2.2.1 mail.tesna.net 326414DF962B Authentication-Results: mail.tesna.net; dkim=pass (1024-bit key) [email protected] I followed every step in the guide, but I'm not able to make it works. here's the log from /var/log/maillog: (XXX is my ID/IP addresss) Code: Mar 13 22:32:34 server1 dkim-filter[5335]: Sendmail DKIM Filter v2.2.1 starting (args: -u dkim-milt -p local:/var/run/dkim-milter/dkim.sock -d tesna.net -k /etc/dkim-milter/tesna.net_default.key.pem -s default -b sv -c simple -S rsa-sha1 -C bad=r,dns=t,int=t,no=a,miss=r -h -l -D -P /var/run/dkim-filter0.pid) Mar 13 22:32:44 server1 postfix/postfix-script: stopping the Postfix mail system Mar 13 22:32:44 server1 postfix/master[22423]: terminating on signal 15 Mar 13 22:32:48 server1 sendmail[5787]: alias database /etc/aliases rebuilt by root Mar 13 22:32:48 server1 sendmail[5787]: /etc/aliases: 76 aliases, longest 10 bytes, 765 bytes total Mar 13 22:32:54 server1 postfix/postfix-script: starting the Postfix mail system Mar 13 22:32:54 server1 postfix/master[7270]: daemon started -- version 2.3.3, configuration /etc/postfix Mar 13 22:35:38 server1 postfix/smtpd[19815]: warning: XXX.XXX.XXX.XXX: hostname rsvd-XXX-XXX.XXX.XXX.XXX.in-addr.arpa verification failed: Name or service not known Mar 13 22:35:38 server1 postfix/smtpd[19815]: connect from unknown[203.169.59.126] Mar 13 22:35:43 server1 postfix/smtpd[19815]: 638EE4DF962B: client=unknown[203.169.59.126] Mar 13 22:35:45 server1 postfix/cleanup[20274]: 638EE4DF962B: message-id=<[email protected]> Mar 13 22:35:45 server1 dkim-filter[5335]: (unknown-jobid) external host rsvd-jgc-126.59.169.203.in-addr.arpa attempted to send as tesna.net Mar 13 22:35:45 server1 postfix/qmgr[7276]: 638EE4DF962B: from=<[email protected]>, size=592, nrcpt=1 (queue active) Mar 13 22:35:46 server1 postfix/smtpd[19815]: disconnect from unknown[203.169.59.126] Mar 13 22:35:46 server1 postfix/smtp[21510]: 638EE4DF962B: to=<[email protected]>, relay=gmail-smtp-in.l.google.com[72.14.247.27]:25, delay=5.5, delays=4.2/0.01/0.39/0.89, dsn=2.0.0, status=sent (250 2.0.0 OK 1205472946 32si21938537aga.20) Mar 13 22:35:46 server1 postfix/qmgr[7276]: 638EE4DF962B: removed and this this the log when receiving email from gmail Code: Mar 13 21:52:39 server1 postfix/smtpd[24512]: connect from fg-out-1718.google.com[72.14.220.158] Mar 13 21:52:43 server1 postfix/smtpd[24512]: 326414DF962B: client=fg-out-1718.google.com[72.14.220.158] Mar 13 21:52:43 server1 postfix/cleanup[25654]: 326414DF962B: message-id=<[email protected]> Mar 13 21:52:43 server1 dkim-filter[14012]: 326414DF962B SSL error:04067069:rsa routines:RSA_EAY_PUBLIC_DECRYPT:pkcs1 padding too short Mar 13 21:52:43 server1 postfix/qmgr[22444]: 326414DF962B: from=<[email protected]>, size=1801, nrcpt=1 (queue active) Mar 13 21:52:43 server1 postfix/local[25717]: 326414DF962B: to=<[email protected]>, relay=local, delay=3.3, delays=3.2/0.1/0/0, dsn=2.0.0, status=sent (delivered to mailbox) Mar 13 21:52:43 server1 postfix/qmgr[22444]: 326414DF962B: removed Mar 13 21:53:14 server1 postfix/smtpd[24512]: disconnect from fg-out-1718.google.com[72.14.220.158]
Please post your config, am sure its just a small this as postfix is able to talk to the milter. Are you trying to sign multiple domains ?
No I'm not trying to sign multiple domains, maybe I'll try that once this works. here's my /etc/sysconfig/dkim-milter Code: USER="dkim-milt" PORT=local:/var/run/dkim-milter/dkim.sock SIGNING_DOMAIN="tesna.net" SELECTOR_NAME="default" KEYFILE="/etc/dkim-milter/${SIGNING_DOMAIN}_${SELECTOR_NAME}.key.pem" SIGNER=yes VERIFIER=yes CANON=simple SIGALG=rsa-sha1 REJECTION="bad=r,dns=t,int=t,no=a,miss=r" EXTRA_ARGS="-h -l -D" and I add this on main.cf postfix config file Code: smtpd_milters = unix:/var/run/dkim-milter/dkim.sock non_smtpd_milters = unix:/var/run/dkim-milter/dkim.sock
Code: [root@server1 ~]# ls -l /etc/dkim-milter/ total 4 -rwx------ 1 dkim-milt dkim-milt 891 Mar 12 20:29 tesna.net_default.key.pem Btw, yesterday I tried to also add dk-milter into postfix with different selector name (default for dkim, dk for domainkeys). But it behaves the same way as dkim-milter. Only verify incoming mails. Code: X-DKIM: Sendmail DKIM Filter v2.2.1 mail.tesna.net 47E4B4DF95AC Authentication-Results: mail.tesna.net; dkim=pass (1024-bit key) [email protected] X-DomainKeys: Sendmail DomainKeys Filter v0.6.0 mail.tesna.net 47E4B4DF95AC Authentication-Results: mail.tesna.net [email protected]; domainkeys=pass (testing) Code: smtpd_milters = unix:/var/run/dk-milter/dk.sock unix:/var/run/dkim-milter/dkim.sock non_smtpd_milters = unix:/var/run/dk-milter/dk.sock unix:/var/run/dkim-milter/dkim.sock Code: [root@server1 domainkeys]# ls -l /etc/mail/domainkeys/ total 4 -rw------- 1 dk-milt dk-milt 493 Mar 15 01:02 dk_tesna.net.pem dk-milter condig: Code: USER="dk-milt" PORT="local:/var/run/dk-milter/dk.sock" SIGNING_DOMAIN="tesna.net" SELECTOR_NAME="dk" KEYFILE="/etc/mail/domainkeys/dk_${SIGNING_DOMAIN}.pem" SIGNER=yes VERIFIER=yes CANON=simple REJECTION="bad=r,dns=t,int=t,no=a,miss=r" EXTRA_ARGS="-h -l -D" MILTER_GROUP="mail"
Update, after I reconfigure smtpd to use tls somehow the outgoing emails are signed using both DK and DKIM. Thanks for your support!
Are you sure it was not working before TLS ? as your config is correct, what replies were you getting from the test autoresponder ?
yes I'm sure it wasn't working. Other than enabling the TLS I'm also enabling smtp-auth. Code: Note: The authentication results are not available as there was no signature header or the signature could not be verified Btw, bit out of topic. I tried to add virus/spam scanner using amavisd, but the emails are bounced back when I enable DK+DKIM milters + amavisd content_checker. However, if I enable only the amavisd content filter only (disable DK+DKIM milters) or vice versa, my postfix is able to receive emails. What spam filtering/virus checking engine did you use on your mail server configured with dkim milters? Code: Mar 16 21:16:13 server1 postfix/smtpd[24391]: connect from fg-out-1718.google.com[72.14.220.155] Mar 16 21:16:13 server1 postfix/smtpd[24391]: E265B4E11B6C: client=fg-out-1718.google.com[72.14.220.155] Mar 16 21:16:14 server1 postfix/cleanup[24418]: E265B4E11B6C: message-id=<[email protected]> Mar 16 21:16:14 server1 dkim-filter[15403]: E265B4E11B6C SSL error:04067069:rsa routines:RSA_EAY_PUBLIC_DECRYPT:pkcs1 padding too short Mar 16 21:16:14 server1 postfix/qmgr[21902]: E265B4E11B6C: from=<[email protected]>, size=1800, nrcpt=1 (queue active) Mar 16 21:16:15 server1 postfix/smtpd[24433]: connect from unknown[127.0.0.1] Mar 17 04:16:15 server1 postfix/smtpd[24433]: NOQUEUE: milter-reject: CONNECT from unknown[127.0.0.1]: 451 4.7.1 Service unavailable - try again later; proto=SMTP Mar 17 04:16:15 server1 postfix/smtpd[24433]: NOQUEUE: milter-reject: EHLO from unknown[127.0.0.1]: 451 4.7.1 Service unavailable - try again later; proto=SMTP Mar 17 04:16:15 server1 postfix/smtpd[24433]: NOQUEUE: milter-reject: MAIL from unknown[127.0.0.1]: 451 4.7.1 Service unavailable - try again later; proto=ESMTP helo=<localhost> Mar 16 21:16:15 server1 amavis[28352]: (28352-02) Negative SMTP resp to DATA: 503 5.5.1 Error: need MAIL command Mar 17 04:16:15 server1 postfix/smtpd[24433]: disconnect from unknown[127.0.0.1] Mar 16 21:16:15 server1 amavis[28352]: (28352-02) Negative SMTP resp. to QUIT: 503 5.5.1 Error: need RCPT command Mar 16 21:16:15 server1 amavis[28352]: (28352-02) (!)FWD via SMTP: <[email protected]> -> <[email protected]>,BODY=7BIT 451 4.6.0 Failed, id=28352-02, from MTA([127.0.0.1]:10025): 451 4.7.1 Service unavailable - try again later Mar 16 21:16:15 server1 amavis[28352]: (28352-02) Blocked MTA-BLOCKED, [72.14.220.155] [72.14.220.155] <[email protected]> -> <[email protected]>, Message-ID: <[email protected]>, mail_id: cZWcsLfuyozB, Hits: 0, size: 2088, 901 ms Mar 16 21:16:15 server1 postfix/smtp[24423]: E265B4E11B6C: to=<[email protected]>, relay=127.0.0.1[127.0.0.1]:10024, delay=1.7, delays=0.78/0.01/0/0.9, dsn=4.7.1, status=deferred (host 127.0.0.1[127.0.0.1] said: 451 4.7.1 Service unavailable - try again later (in reply to end of DATA command))
Amavis for me is too resource intensive, i have everything hooked into my postfix. virus/image/pdf spam -> clamav via clamav-milter spam -> spamassassin via spamass-milter domain keys -> dk-milter dkim -> dkim-milter rbls -> spamhaus and spamcop rogue clients -> postfix checks And all works well highly effective
Thanks for your suggestion I really appreciate it. Btw, I've configured spamass-milter and clamav-milter according to one of your guide (http://howtoforge.com/virtual-hosting-with-virtualmin-on-centos5.1), except I didn't add the fuccy ocr thing. But both seems fine but spams are not tagged or the results/scores are not added to email headers. I got the headers from dkim, dk, clamav, spf indicated the auth/scanning results but not spamassassin. here's the log of sample email sent from yahoo to my email account Code: Mar 24 14:36:13 server1 postfix/virtual[11916]: 6C86B48503E4: to=<[email protected]>, relay=virtual, delay=0.35, delays=0.01/0.33/0/0, dsn=2.0.0, status=deliverable (delivers to maildir) Mar 24 14:36:13 server1 postfix/qmgr[17787]: 6C86B48503E4: removed Mar 24 14:36:47 server1 postfix/policy-spf[12116]: handler sender_policy_framework: is decisive. Mar 24 14:36:47 server1 postfix/policy-spf[12116]: : Policy action=PREPEND Received-SPF: none (yahoo.com: No applicable sender policy available) receiver=server1.tesna.net; identity=mfrom; envelope-from="[email protected]"; helo=web58413.mail.re3.yahoo.com; client-ip=68.142.236.181 Mar 24 14:36:47 server1 postfix/smtpd[11872]: 9AF5E48503E4: client=web58413.mail.re3.yahoo.com[68.142.236.181] Mar 24 14:36:47 server1 postfix/cleanup[11912]: 9AF5E48503E4: message-id=<[email protected]> Mar 24 14:36:48 server1 spamd[30667]: spamd: connection from xxx.xxxx.net [127.0.0.1] at port 45600 Mar 24 14:36:48 server1 spamd[30667]: spamd: setuid to root succeeded Mar 24 14:36:48 server1 spamd[30667]: spamd: still running as root: user not specified with -u, not found, or set to root, falling back to nobody Mar 24 14:36:48 server1 spamd[30667]: spamd: processing message <[email protected]> for root:99 Mar 24 14:36:48 server1 spamd[30667]: spamd: clean message (0.0/5.0) for root:99 in 0.3 seconds, 3956 bytes. Mar 24 14:36:48 server1 spamd[30667]: spamd: result: . 0 - scantime=0.3,size=3956,user=root,uid=99,required_score=5.0,rhost=xxxx.xxxx.net,raddr=127.0.0.1,rport=45600,mid=<[email protected]>,autolearn=ham Mar 24 14:36:48 server1 spamass-milter[30032]: Could not extract score from <> Mar 24 14:36:48 server1 spamd[26346]: prefork: child states: II Mar 24 14:36:48 server1 postfix/qmgr[17787]: 9AF5E48503E4: from=<[email protected]>, size=3766, nrcpt=1 (queue active) Mar 24 14:36:49 server1 postfix/smtpd[11872]: disconnect from web58413.mail.re3.yahoo.com[68.142.236.181] Mar 24 14:36:52 server1 postfix/virtual[11916]: 9AF5E48503E4: to=<[email protected]>, relay=virtual, delay=40, delays=36/0/0/3.8, dsn=2.0.0, status=sent (delivered to maildir) and this is the header from my email Code: Received-SPF: none (yahoo.com: No applicable sender policy available) receiver=xxxx.xxxx.net; identity=mfrom; envelope-from="[email protected]"; helo=web58413.mail.re3.yahoo.com; client-ip=68.142.236.181 X-DomainKeys: Sendmail DomainKeys Filter v0.6.0 mail.tesna.net 9AF5E48503E4 Authentication-Results: XXXX [email protected]; domainkeys=pass (testing) X-DKIM: Sendmail DKIM Filter v2.2.1 xxx.xxx.net 9AF5E48503E4 Received: from web58413.mail.re3.yahoo.com (web58413.mail.re3.yahoo.com [68.142.236.181]) by xxxx.xxxx.net (Postfix) with SMTP id 9AF5E48503E4 for <[email protected]>; Mon, 24 Mar 2008 14:36:12 +0900 (JST) Received: (qmail 39910 invoked by uid 60001); 24 Mar 2008 05:36:11 -0000 DomainKey-Signature: a=rsa-sha1; q=dns; c=nofws; s=s1024; d=yahoo.com; h=X-YMail-OSG:Received:Date:From:Subject:To:In-Reply-To:MIME-Version:Content-Type:Content-Transfer-Encoding:Message-ID; b=1gliDB/3G8RjcILSGAVwyIsz482AvKg2cYQsH2JR/um3n7Gp0jIEJYhOv1iR6t/P8p4s7zdxU3IJcDEu4SdNd6oxNjTWzHnvfK+8zHW0f8gCFQL7a4SFH8dADRVjpzT1lOeaQNx9ioSXAT5pLahLgJLOC6HvMSfoeN68EmjM2Pc=; X-YMail-OSG: PGLq8qAVM1nPWn3Mmlhwo2_bASw0evNEDJx2UFlUA77yWksib01x_XqBWcWEsEsNqbgbHd3ptXu0JnbgE6.bKWkBWv1QNEmBarfVQqgiGGBcjKE- Received: from [203.169.59.126] by web58413.mail.re3.yahoo.com via HTTP; Sun, 23 Mar 2008 22:36:11 PDT Date: Sun, 23 Mar 2008 22:36:11 -0700 (PDT) From: XXXXXX Subject: testing To: XXXXXX In-Reply-To: <20080324135701.20932@localhost> MIME-Version: 1.0 Content-Type: text/plain; charset=iso-8859-1 Content-Transfer-Encoding: 8bit Message-ID: <[email protected]> X-Virus-Scanned: ClamAV version 0.92.1, clamav-milter version 0.92.1 on xxxx.xxxx.net X-Virus-Status: Clean X-Spam-Checker-Version: SpamAssassin 3.2.4 (2008-01-01) on xxxx.xxxx.net Or that is the behavior normal? I saw the score in the logs above, but then after that it says couldn't extract score from <> ?
No it is not normal behavior, but the -m option to the milter tells it not to modify the message, it is spamassassin that is supposed to add the headers. My setup does add this Code: X-Spam-Status: No, score=-2.6 required=5.0 tests=BAYES_00,SPF_PASS, UNPARSEABLE_RELAY autolearn=ham version=3.2.4 X-Spam-Checker-Version: SpamAssassin 3.2.4 (2008-01-01) on tdss.co.za
finally the issue has been solved. After I tried to uninstall spamassasin and configure it again no luck, then I tried maybe I need to add fuzzy OCR thing, also no luck. Then I tried to add these paremeters into my /etc/mail/spamassassin/local.cf file Code: add_header spam Flag _YESNOCAPS_ add_header all Status _YESNO_, score=_SCORE_ required=_REQD_ tests=_TESTS_ autolearn=_AUTOLEARN_ version=_VERSION_ add_header all Level _STARS(*)_ suddenly the headers are there. Code: X-Spam-Status: No, score=0.0 required=5.0 tests=none autolearn=ham version=3.2.4 X-Spam-Checker-Version: SpamAssassin 3.2.4 (2008-01-01) on xxx.xxxx But why on the tests shows none.. hmm maybe I'll go through the manpages And one more thing, can I have tesseract rpm? I think the OCR doesn't work yet because this one keeps shows up in the logs Code: 2008-03-25 16:42:43 [30357] Cannot find executable for tesseract
DKIM Error when following Postfix dkim-milter tutorial :-( Hi, Excellent tutorials but I'm getting an annoying error at the point after mkdir mkdir /etc/dkim-milter : where changing owner.... chown: `dkim-milt.dkim-milt': invalid user As far as I can tell - there's no files installed from rpm http://www.c-corp.net/linux/centos/5/general/RPMS/i386/dkim-milter-2.2.1-1.i386.rpm after running either !! Please help, as I have spent 4 hours trying to track down whatever is wrong and being a noobie to dedicated Linux servers and Virtual Hosting... I'm losing my mind. I havent got a folder either at /var/run/dkim-milter so something is failing !
DKIM Error when following Postfix dkim-milter tutorial :-( Hi TopDog..... its really nice that you replied so quickly to me...... ok.... I downloaded the file to my computer and SHTTP'd over to the server, checked file size and all looks correct... I run the rpm !! exactly the same text strings as before.... no install package file notes or anything. I also had to delet the folder in step2 as had already created from time before - I thought I'd try to delete just in case something to do with permissions... anyway... nope! This is a copy of everything through the SHH console: [root@ns10 /]# rpm dkim-milter-2.2.1-1.i386.rpm --nodeps RPM version 4.4.2 Copyright (C) 1998-2002 - Red Hat, Inc. This program may be freely redistributed under the terms of the GNU GPL Usage: rpm [-aKfgpWHqV] [-aKfgpWHqVcdils] [-aKfgpWHqVcdilsaKfgpWHqV] [-aKfgpWHqV cdilsaKfgpWHqV] [-aKfgpWHqVcdilsaKfgpWHqV] [-aKfgpWHqVcdilsaKfgpWHqVK] [-aKfgpWH qVcdilsaKfgpWHqVK] [-aKfgpWHqVcdilsaKfgpWHqVKi] [-aKfgpWHqVcdilsaKfgpWHqVKiv] [- aKfgpWHqVcdilsaKfgpWHqVKiv] [-aKfgpWHqVcdilsaKfgpWHqVKiv?] [-a|--all] [-f|--file ] [-g|--group] [-p|--package] [-W|--ftswalk] [--pkgid] [--hdrid] [--fileid] [--specfile] [--triggeredby] [--whatrequires] [--whatprovides] [--nomanifest] [-c|--configfiles] [-d|--docfiles] [--dump] [-l|--list] [--queryformat=QUERYFORMAT] [-s|--state] [--nomd5] [--nofiles] [--nodeps] [--noscript] [--comfollow] [--logical] [--nochdir] [--nostat] [--physical] [--seedot] [--xdev] [--whiteout] [--addsign] [-K|--checksig] [--delsign] [--import] [--resign] [--nodigest] [--nosignature] [--initdb] [--rebuilddb] [--aid] [--allfiles] [--allmatches] [--badreloc] [-e|--erase <package>+] [--excludedocs] [--excludepath=<path>] [--fileconflicts] [--force] [-F|--freshen <packagefile>+] [-h|--hash] [--ignorearch] [--ignoreos] [--ignoresize] [-i|--install] [--justdb] [--nodeps] [--nomd5] [--nocontexts] [--noorder] [--nosuggest] [--noscripts] [--notriggers] [--oldpackage] [--percent] [--prefix=<dir>] [--relocate=<old>=<new>] [--repackage] [--replacefiles] [--replacepkgs] [--test] [-U|--upgrade <packagefile>+] [-D|--define 'MACRO EXPR'] [-E|--eval 'EXPR'] [--macros=<FILE:...>] [--nodigest] [--nosignature] [--rcfile=<FILE:...>] [-r|--root ROOT] [--querytags] [--showrc] [--quiet] [-v|--verbose] [--version] [-?|--help] [--usage] [--scripts] [--setperms] [--setugids] [--conflicts] [--obsoletes] [--provides] [--requires] [--info] [--changelog] [--xml] [--triggers] [--last] [--filesbypkg] [--fileclass] [--filecolor] [--filecontext] [--fscontext] [--recontext] [--fileprovide] [--filerequire] [--redhatprovides] [--redhatrequires] [--buildpolicy=<policy>] [--with=<option>] [--without=<option>] [root@ns10 /]# mkdir /etc/dkim-milter mkdir: cannot create directory `/etc/dkim-milter': File exists [root@ns10 /]# mkdir /etc/dkim-milter [root@ns10 /]# chown dkim-milt.dkim-milt /etc/dkim-milter chown: `dkim-milt.dkim-milt': invalid user [root@ns10 /]# Running CentOS 5.1 with Webmin latest. Tried to install Virtualmin as instructed but on completion it killed my connection to the server's IP and couldnt get it back on either SSL or the normal ports.... so I removed Virtualmin, uninstalled and then reinstalled Webmin and purchased 10 domain licence of Virtualmin Pro and successfully installed via Pro install script. So I have functioning joint console of Webmin, and Virtualmin.... besides the problems with Setting Up Postfix DKIM With dkim-milter, I have been progressing with the Virtual Hosting on CentOS with Virtualmin Tutorial to the point of the Apache server and the php.ini tweaks !! Hoping to go back and sort out the issue with DKIM. Also, btw... the Pro version of Virtualmin has some sort of clamav-milter installed, which when I got to the tutorial step to install Clamav - I got the warning: Package clamav - 0.93-1.el5.x86_64 is already installed. --> Processing Conflict: clamav-filesystem conflicts clamav > 0.93-1.el5 --> Finished Dependency Resolution Error: clamav-filesystem conflicts with clamav > 0.93-1.el5 so I clearly left that bit.
To install the rpm you need this command Code: rpm -Uvh dkim-milter-2.2.1-1.i386.rpm I suggest that if you want to run my virtual hosting setup you start with a fresh install. My howto is based on the GPL version of virtualmin, the pro version is great how ever i am currently evaluating it with the intention of writing a howto on it in the near future, so just be aware of the few differences while following the howto.
chown syntax FWIW, the chown line was spelled incorrectly several times ... substitute the period for a colon between the user and group names and you'll have better luck! chown username:groupname /some_path
There is nothing wrong with the chown command, the chown command can be used in two ways Code: chown user.group file chown user:group file