DKim isseu

Discussion in 'General' started by irobot, Jun 16, 2017.

  1. irobot

    irobot New Member

    Installed the ispconfig 3
    debian jessie
    all fresh and no real errors accept the fstab

    Now created a domain, swithed the ip to the new server, created mail etc, enabled ssl LE
    So all fine and all works now enabled DKIM and here we go :confused:
    Back to my domain provider just to be shure copy'ed my old DKIM and pasted the new Dkim Key saved and waited for a couple of hours
    Immidiatly i notice differant things as you can see below
    v=DKIM1; k=rsa; s=email;
    v=DKIM1; t=s;

    Then tested the mail and send it to hotmail and voila
    hotmail.com; dkim=fail (no key for signature)
    So the questions i have whatsupp with the 2 differant v=DKIM ?
    Why do i get the error on hotmail ?
     
  2. florian030

    florian030 ISPConfig Developer ISPConfig Developer

  3. irobot

    irobot New Member

    well checked it this morning again and it seems to be working now
    strange it worked directly on my mailprogram on pc and the check with mxtoolbox was also fine yesterday
    seems hotmail takes time i think

    anyway thnx seems to be solved now
     
  4. bandit

    bandit New Member

    sorry to bring up this old topic ... but i have the same problem ... the weird condition are ... all manual test are positif (no errors, dns ok, mail server (amavis test) ok ... but when i do test to link below and all other link like these below, i have the same result, dkim not signed.
    any advice would be appreciated :)

    Check signed mails
    send a mail to:
    [email protected]25.com
    or
    [email protected]
    Web-Services:
    www.appmaildev.com
    www.brandonchecketts.com
     
  5. florian030

    florian030 ISPConfig Developer ISPConfig Developer

    check your postfix-config and make sure, that the content-filter is definied and the two tag_as_-files are in place.
     
  6. bandit

    bandit New Member

    i think it's good ... never touch those files ...

    Code:
    smtpd_sender_restrictions = check_sender_access regexp:/etc/postfix/tag_as_originating.re , reject_authenticated_sender_login_mismatch, permit_mynetworks, permit_sasl_authenticated, check_sender_access mysql:/etc/postfix/mysql-virtual_sender.cf, check_sender_access regexp:/etc/postfix/tag_as_foreign.re
    [root@m01 postfix]# cat tag_as_foreign.re
    /^/ FILTER amavis:[127.0.0.1]:10024

    [root@m01 postfix]# cat tag_as_originating.re
    /^/ FILTER amavis:[127.0.0.1]:10026
     
    Last edited: Dec 7, 2017
  7. bandit

    bandit New Member

    This is what i got this morning ... funny right? got valid key, amavisd approved ... now with permerror :) ... dkim using 1024
    Screen Shot 2017-12-08 at 11.20.33.png Screen Shot 2017-12-08 at 11.21.05.png
    Code:
    [root@m01 ~]# amavisd testkeys
    TESTING#1: m1._domainkey.xxxx.com    => pass
    TESTING#2: m01._domainkey.yyyy.com     => pass
    already tried to generate new key for 1 domain, 5 mnt for dkim in dns (1 hour last setting), still the same, will wait for another hour.
    Screen Shot 2017-12-08 at 11.34.39.png
    another domain remain not signed
     
    Last edited: Dec 8, 2017
  8. florian030

    florian030 ISPConfig Developer ISPConfig Developer

    as you can see in your screenshot: there is (currently) no key available. make sure, that you enabled dkim for the domain and the selector is not empty.
     
  9. bandit

    bandit New Member

    actually i don't think the record are not good, i've test these manually in several web for dkim format and querry, turns out everything's ok.
    I have similar problem before (ispconfig 3.0.x), but that's because of dns config, i can't query the key. already fix it.
    i think it's different now, since all dkim record test are positive.
    still have no clue why ... i'll deactivate dkim for awhile i think, until i found the solution.

    apologize for the pict, the reason i didn't put the whole pict because i want to hide my real domain :) ... please check the complete record on dns and mail server (with fake domain) ... hope these would help

    For yyyy.com
    Code:
    m01._domainkey.yyyy.com. 600  IN TXT "v=DKIM1 p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDBCAC7JlZi/ERMdbmjfx843knhwh7dEESIakNI7YUyQ94gJqme8cl8HsYAayVsQygqHLG3FEi0bWJ1whtqokc53ggxXwRuH9bLmVkQCPrqvNBk6XbioUDaaGi6GOJ2u3e2Osukq0dze5W+7ukNYTDID1vNy/9RRW8tCTlF7lHI8wIDAQAB"
    for xxxx.com
    Code:
    m1._domainkey.xxxx.com. 600   TXT IN "v=DKIM1; p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQC2A/bZjdVLEWTmoKkd9jkCHMFp76/OaJZnJuEzfo79FoDVBorY+wzVhWIerwzSrCNNwY9VFi9bWs8DcHj7qUIF4bYqftBfKJN2e3t2ipiHpCRSaxYpcceZZiP5qmY+qVHjTWVoy4FH4vxn8CA9mFlmGJyUlI05gLoxGOaSmNVeJQIDAQAB"
    amavisd on server (centos 6.9)
    Code:
    [root@m01 ~]# amavisd showkeys
    ; key#1, domain yyyy.com, /var/lib/amavis/dkim/yyyy.com.private
    m1._domainkey.yyyy.com.    3600 TXT (
      "v=DKIM1; p="
      "MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQC2A/bZjdVLEWTmoKkd9jkCHMFp"
      "76/OaJZnJuEzfo79FoDVBorY+wzVhWIerwzSrCNNwY9VFi9bWs8DcHj7qUIF4bYq"
      "ftBfKJN2e3t2ipiHpCRSaxYpcceZZiP5qmY+qVHjTWVoy4FH4vxn8CA9mFlmGJyU"
      "lI05gLoxGOaSmNVeJQIDAQAB")
    
    ; key#2, domain xxxx.com, /var/lib/amavis/dkim/xxxx.com.private
    m01._domainkey.xxxx.com.    3600 TXT (
      "v=DKIM1; p="
      "MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDBCAC7JlZi/ERMdbmjfx843knh"
      "wh7dEESIakNI7YUyQ94gJqme8cl8HsYAayVsQygqHLG3FEi0bWJ1whtqokc53ggx"
      "XwRuH9bLmVkQCPrqvNBk6XbioUDaaGi6GOJ2u3e2Osukq0dze5W+7ukNYTDID1vN"
      "y/9RRW8tCTlF7lHI8wIDAQAB")
    
    [root@m01 ~]# amavisd testkeys
    TESTING#1: m1._domainkey.yyyy.com    => pass
    TESTING#2: m01._domainkey.xxxx.com    => pass
    notes: dns and mail are not in the same system / server.
     
    Last edited: Dec 8, 2017

Share This Page