Hi, I am using (Debian 10 Buster) ISPConfig 3.1.15p3 by following this tutorial : perfect-server-debian-10-buster-apache-bind-dovecot-ispconfig-3-1/ When i use smtp server (port 587 with SSL) the emails sent is with DKIM signed However when I am sending emails they are not being signed I searched quite a bit but I failed to find the problem even by following this : blog.schaal-24.de/dkim/debug-2/?lang=en I even started a reconfiguration and it still does not work. I don't know where to look, can you help me please ? Thank you
What is the difference in these two ways of sending? There is info also about DKIM configuration in the e-mail setup tutorial linked to in my signature. if that does not help, do this: https://www.howtoforge.com/community/threads/please-read-before-posting.58408/
Thank you Taleman I imagine the other is using port 25 without ssl, right? This is a report : Code: ~# cat htf_report.txt | more ##### SERVER ##### IP-address (as per hostname): ***.***.***.*** [WARN] could not determine server's ip address by ifconfig [INFO] OS version is Debian GNU/Linux 10 (buster) [INFO] ISPConfig is installed. ##### ISPCONFIG ##### ISPConfig version is 3.1.15p3 ##### VERSION CHECK ##### [INFO] php (cli) version is 7.3.21-1+0~20200807.66+debian10~1.gbp18a1c2 ##### PORT CHECK ##### ##### MAIL SERVER CHECK ##### ##### RUNNING SERVER PROCESSES ##### [INFO] I found the following web server(s): Apache 2 (PID 14985) [INFO] I found the following mail server(s): Postfix (PID 14467) [INFO] I found the following pop3 server(s): Dovecot (PID 14519) [INFO] I found the following imap server(s): Dovecot (PID 14519) [INFO] I found the following ftp server(s): PureFTP (PID 14648) ##### LISTENING PORTS ##### (only () Local (Address) ***.***.***.***:53 (14658/named) [localhost]:53 (14658/named) [anywhere]:21 (14648/pure-ftpd) [anywhere]:22 (687/sshd) [localhost]:953 (14658/named) [anywhere]:25 (14467/master) [anywhere]:993 (14519/dovecot) [anywhere]:995 (14519/dovecot) [localhost]:10023 (848/postgrey) [localhost]:10024 (14506/amavisd-new) [localhost]:10025 (14467/master) [localhost]:10026 (14506/amavisd-new) [localhost]:10027 (14467/master) [anywhere]:587 (14467/master) [localhost]:11211 (642/memcached) [anywhere]:110 (14519/dovecot) [anywhere]:143 (14519/dovecot) [anywhere]:465 (14467/master) *:*:*:*::*:53 (14658/named) *:*:*:*::*:21 (14648/pure-ftpd) *:*:*:*::*:22 (687/sshd) *:*:*:*::*:953 (14658/named) *:*:*:*::*:25 (14467/master) *:*:*:*::*:443 (14985/apache2) *:*:*:*::*:993 (14519/dovecot) *:*:*:*::*:995 (14519/dovecot) *:*:*:*::*:10023 (848/postgrey) *:*:*:*::*:10024 (14506/amavisd-new) *:*:*:*::*:10026 (14506/amavisd-new) *:*:*:*::*:3306 (14156/mysqld) *:*:*:*::*:587 (14467/master) [localhost]10 (14519/dovecot) [localhost]43 (14519/dovecot) *:*:*:*::*:8080 (14985/apache2) *:*:*:*::*:80 (14985/apache2) *:*:*:*::*:8081 (14985/apache2) *:*:*:*::*:465 (14467/master) ##### IPTABLES ##### Chain INPUT (policy ACCEPT) target prot opt source destination f2b-dovecot tcp -- [anywhere]/0 [anywhere]/0 multiport dports 110,995,143,993,587,465,4190 f2b-sshd tcp -- [anywhere]/0 [anywhere]/0 multiport dports 22 Chain FORWARD (policy ACCEPT) target prot opt source destination Chain OUTPUT (policy ACCEPT) target prot opt source destination Chain f2b-sshd (1 references) target prot opt source destination REJECT all -- ***.***.***.*** [anywhere]/0 reject-with icmp-port-unreachable REJECT all -- ***.***.***.*** [anywhere]/0 reject-with icmp-port-unreachable REJECT all -- ***.***.***.*** [anywhere]/0 reject-with icmp-port-unreachable REJECT all -- ***.***.***.*** [anywhere]/0 reject-with icmp-port-unreachable REJECT all -- ***.***.***.*** [anywhere]/0 reject-with icmp-port-unreachable REJECT all -- ***.***.***.*** [anywhere]/0 reject-with icmp-port-unreachable RETURN all -- [anywhere]/0 [anywhere]/0 Chain f2b-dovecot (1 references) target prot opt source destination RETURN all -- [anywhere]/0 [anywhere]/0
The listing is not complete, lines from the end are missing. I have no idea. You could maybe describe exactly how you send an e-mail that does not get DKIM signed. The tutorial linked to in my signature shows some ways to test e-mail server. Try sending with webmail and check whether it gets DKIM signed.
Yes sorry I forgot a part, I edited the report. With roundcube, the email arrives signed on dkimvalidator.com on the other hand when I send in SSH command line, the email is not signed ... Same when I receive an email sent from my website Otherwise everything is good SPF, DMARC ...
Email sent from the command line is not authenticated through postfix and will therefore not be signed. Only email you sent through your smtp server with your account will be signed.
Ok thank you, however on an server (debian jessie +virtualmin) with command line, the emails sent were signed, is there a setting to be made?
The emails were probably relayed through a email account there. You can set this up for your cli send mails aswell, but that's not necessary imo (at least for my use cases )
Okay, thank you And emails sent by my website (with phpmailer) are not signed, do you need to make adjustments?
Take a look at https://stackoverflow.com/a/23032060 That explains how to set up a smtp account for phpmailer.
I don't remember if there is an issue created for this (dkim sign mail injected from sendmail/cli), but it has been mentioned/discussed a little. You might try switching to rspamd and see if signing there works, I don't remember if it did, but I don't believe anyone has ever posted an example config for amavis to make it work, nor does it work "out of the box".
