Centos 7 - latest os and ispconfig Not runing bind, as I didnt want a local DNS server, I have external DNS After 8 hours of chasing a gmail problem down, I've come to realize that the server just isn't signing the emails withj DKIM data. I have used external tools to test spif, dmarc and dkim, and they all seem to thing its all working fine, BUT when I use a tool that actually has me send an email (or test on google) DKIM just isnt being signed on the emails. I've clicked the boxes, made the keys, put them in dns, it all looks good, but There is no DKIM signing happening. amavis seems to be listening netstat -tanp|grep 1002 tcp 0 0 127.0.0.1:10024 0.0.0.0:* LISTEN 23857/amavisd (mast tcp 0 0 127.0.0.1:10025 0.0.0.0:* LISTEN 12763/master tcp 0 0 127.0.0.1:10026 0.0.0.0:* LISTEN 23857/amavisd (mast tcp 0 0 127.0.0.1:10027 0.0.0.0:* LISTEN 12763/master tcp 0 0 127.0.0.1:36310 127.0.0.1:10025 ESTABLISHED 23864/amavisd (ch3- tcp 0 0 127.0.0.1:10025 127.0.0.1:36310 ESTABLISHED 26445/smtpd I'm really and totally lost, I don't see any errors anywhere that would point at something. I feel like my amavis just isn't configured to work correctly. the 60-dkim file was blank, though the /var/lib/amavis/dkim folder is full of sets of public/private keys. Also, my 60-dkim was not in /etc/amavis/conf.d/60-dkim, it was in /etc/amavis/60-dkim (my /etc/amavis folder is just files) Should some process populate the 60-dkim file? In my hours of reading, it looked like a possible workaround would be to convert to rspamd, and while I did found a guide, it was not for Centos, and while the current server does have some problems, I didnt want to risk making it worse. Could there be a rspamd guide for centos? Looks like its a better product than amavisd.
You know, sometimes when you have to sit down and type out what you did, that didnt work, you get an idea. Well, this is one of those cases. I guess the 60-dkim was where it needed to be, so I manually populated that file with the correct info. restarted amavis d sent some test emails. Its sending DKIM now! Problem now is that the dkim is failing, even though I've confirmed the keys were correct. To fix this, (3 sites so far) go into ispconfig and turn off dkim for the domain manually delete the private key save go into /var/lib/amavisd/dkim rm the key pair go back into ispconfig and create new keys. copy the new public key to dns save the keys restart amavis. wait a few mins tests and working. So I guess the only manual part is that for some reason, I have to manually add the lines in the 60-dkim file, which I feel like should auto do that ??!?!!
Yes, a server plugin should do that. Try enabling server debugging, then set a domain to use dkim and run server.sh manually and post the output.
