Hi I am trying to install this with the instructions on your blog but am stuck on Code: perl -MCPAN -e 'install Mail::DKIM' This is the error I am getting Code: root@ns01:/tmp# perl -MCPAN -e 'install Mail::DKIM' Going to read '/root/.cpan/Metadata' Database was generated on Mon, 28 Oct 2013 03:29:02 GMT Running install for module 'Mail::DKIM' Running make for J/JA/JASLONG/Mail-DKIM-0.40.tar.gz Checksum for /root/.cpan/sources/authors/id/J/JA/JASLONG/Mail-DKIM-0.40.tar.gz ok CPAN.pm: Going to build J/JA/JASLONG/Mail-DKIM-0.40.tar.gz Checking if your kit is complete... Looks good Writing Makefile for Mail::DKIM Writing MYMETA.yml cp lib/Mail/DKIM/AuthorDomainPolicy.pm blib/lib/Mail/DKIM/AuthorDomainPolicy.pm cp lib/Mail/DKIM/KeyValueList.pm blib/lib/Mail/DKIM/KeyValueList.pm cp lib/Mail/DKIM/PrivateKey.pm blib/lib/Mail/DKIM/PrivateKey.pm cp lib/Mail/DKIM/Algorithm/rsa_sha256.pm blib/lib/Mail/DKIM/Algorithm/rsa_sha256.pm cp lib/Mail/DKIM/Algorithm/Base.pm blib/lib/Mail/DKIM/Algorithm/Base.pm cp lib/Mail/DKIM/Algorithm/rsa_sha1.pm blib/lib/Mail/DKIM/Algorithm/rsa_sha1.pm cp lib/Mail/DKIM/Canonicalization/DkimCommon.pm blib/lib/Mail/DKIM/Canonicalization/DkimCommon.pm cp lib/Mail/DKIM/MessageParser.pm blib/lib/Mail/DKIM/MessageParser.pm cp lib/Mail/DKIM/Policy.pm blib/lib/Mail/DKIM/Policy.pm cp lib/Mail/DKIM/DkSignature.pm blib/lib/Mail/DKIM/DkSignature.pm cp lib/Mail/DKIM/PublicKey.pm blib/lib/Mail/DKIM/PublicKey.pm cp lib/Mail/DKIM/Common.pm blib/lib/Mail/DKIM/Common.pm cp sample_mime_lite.pl blib/lib/Mail/sample_mime_lite.pl cp lib/Mail/DKIM/Signature.pm blib/lib/Mail/DKIM/Signature.pm cp lib/Mail/DKIM/SignerPolicy.pm blib/lib/Mail/DKIM/SignerPolicy.pm cp lib/Mail/DKIM/DkPolicy.pm blib/lib/Mail/DKIM/DkPolicy.pm cp lib/Mail/DKIM/Canonicalization/nowsp.pm blib/lib/Mail/DKIM/Canonicalization/nowsp.pm cp lib/Mail/DKIM/DNS.pm blib/lib/Mail/DKIM/DNS.pm cp lib/Mail/DKIM/Signer.pm blib/lib/Mail/DKIM/Signer.pm cp lib/Mail/DKIM/TextWrap.pm blib/lib/Mail/DKIM/TextWrap.pm cp lib/Mail/DKIM/Algorithm/dk_rsa_sha1.pm blib/lib/Mail/DKIM/Algorithm/dk_rsa_sha1.pm cp lib/Mail/DKIM/Verifier.pm blib/lib/Mail/DKIM/Verifier.pm cp lib/Mail/DKIM.pm blib/lib/Mail/DKIM.pm cp lib/Mail/DKIM/Canonicalization/simple.pm blib/lib/Mail/DKIM/Canonicalization/simple.pm cp lib/Mail/DKIM/Canonicalization/dk_simple.pm blib/lib/Mail/DKIM/Canonicalization/dk_simple.pm cp lib/Mail/DKIM/Canonicalization/Base.pm blib/lib/Mail/DKIM/Canonicalization/Base.pm cp lib/Mail/DKIM/DkimPolicy.pm blib/lib/Mail/DKIM/DkimPolicy.pm cp lib/Mail/DKIM/Key.pm blib/lib/Mail/DKIM/Key.pm cp lib/Mail/DKIM/Canonicalization/DkCommon.pm blib/lib/Mail/DKIM/Canonicalization/DkCommon.pm cp lib/Mail/DKIM/Canonicalization/dk_nofws.pm blib/lib/Mail/DKIM/Canonicalization/dk_nofws.pm cp lib/Mail/DKIM/Canonicalization/relaxed.pm blib/lib/Mail/DKIM/Canonicalization/relaxed.pm Manifying blib/man3/Mail::DKIM::AuthorDomainPolicy.3pm Manifying blib/man3/Mail::DKIM::Algorithm::Base.3pm Manifying blib/man3/Mail::DKIM::PrivateKey.3pm Manifying blib/man3/Mail::DKIM::Canonicalization::DkimCommon.3pm Manifying blib/man3/Mail::DKIM::Policy.3pm Manifying blib/man3/Mail::DKIM::DkSignature.3pm Manifying blib/man3/Mail::DKIM::PublicKey.3pm Manifying blib/man3/Mail::DKIM::Signature.3pm Manifying blib/man3/Mail::DKIM::DkPolicy.3pm Manifying blib/man3/Mail::DKIM::SignerPolicy.3pm Manifying blib/man3/Mail::DKIM::DNS.3pm Manifying blib/man3/Mail::DKIM::Signer.3pm Manifying blib/man3/Mail::DKIM::TextWrap.3pm Manifying blib/man3/Mail::DKIM::Verifier.3pm Manifying blib/man3/Mail::DKIM.3pm Manifying blib/man3/Mail::DKIM::Canonicalization::Base.3pm Manifying blib/man3/Mail::DKIM::DkimPolicy.3pm JASLONG/Mail-DKIM-0.40.tar.gz /usr/bin/make -- OK 'YAML' not installed, will not store persistent state Running make test PERL_DL_NONLAZY=1 /usr/bin/perl "-MExtUtils::Command::MM" "-e" "test_harness(0, 'blib/lib', 'blib/arch')" t/*.t t/adsp.t ..................... ok t/external_signer.t .......... ok t/Mail-DKIM.t ................ ok t/policy.t ................... 1/19 DNS query timeout for _domainkey.messiah.edu at /root/.cpan/build/Mail-DKIM-0.40-pfvBmm/blib/lib/Mail/DKIM/DNS.pm line 156. # Looks like you planned 19 tests but ran 2. # Looks like your test exited with 4 just after 2. t/policy.t ................... Dubious, test returned 4 (wstat 1024, 0x400) Failed 17/19 subtests t/public_key.t ............... DNS query timeout for test1._domainkey.messiah.edu at /root/.cpan/build/Mail-DKIM-0.40-pfvBmm/blib/lib/Mail/DKIM/DNS.pm line 156. # Looks like your test exited with 4 before it could output anything. t/public_key.t ............... Dubious, test returned 4 (wstat 1024, 0x400) Failed 5/5 subtests t/signature.t ................ ok t/signer.t ................... ok t/signer_dk.t ................ ok t/signer_policy.t ............ ok t/simple_canonicalization.t .. ok t/textwrap.t ................. ok t/verifier.t ................. ok Test Summary Report ------------------- t/policy.t (Wstat: 1024 Tests: 2 Failed: 0) Non-zero exit status: 4 Parse errors: Bad plan. You planned 19 tests but ran 2. t/public_key.t (Wstat: 1024 Tests: 0 Failed: 0) Non-zero exit status: 4 Parse errors: Bad plan. You planned 5 tests but ran 0. Files=12, Tests=200, 14 wallclock secs ( 0.08 usr 0.01 sys + 0.74 cusr 0.07 csys = 0.90 CPU) Result: FAIL Failed 2/12 test programs. 0/200 subtests failed. make: *** [test_dynamic] Error 255 JASLONG/Mail-DKIM-0.40.tar.gz /usr/bin/make test -- NOT OK //hint// to see the cpan-testers results for installing this module, try: reports JASLONG/Mail-DKIM-0.40.tar.gz Running make install make test had returned bad status, won't install without force Is there something I have to do to make it right? I am installing this on ubuntu 12.04 x64 P.s: I tried posting to your blog but the captcha question is stuck at "Total of 59+9" and not accepting the comment.
Thank you for replying. libmail-dkim-perl was already installed so I continued with the installation. Now after completing the setting up as per the instructions on your blog, this is what I get in ISP Config Unlike a screenshot from your tutorial, I am not getting this section for Code: DKIM Public-key What could have gone wrong?
Nothing. The public-key will not be displayed in the interface because the dns-record will be created within the dns-module so there is no need to display the public-key anymore. Bit the public-key is stored in DOMAIN.public in the key-directory
Okay, here it is amavisd-new showkeys Code: root@emone:/var/log# amavisd-new showkeys ; key#1, domain xxxxxx.com, /etc/postfix/dkim/xxxxxx.com.private default._domainkey.xxxxxx.com. 3600 TXT ( "v=DKIM1; p=" "MIGfMA0xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx/Q43MNOGxxxxxxxxxxxx+O8yX" "agxxxxxxxxxxxxxxxxFXKOEd8/HjtPxxxxxxxxxxxxxxxxxxxxxxxxxxxxxXbM9q" "J96ZDyczEZct4MqCuuscP1GdA9xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxgqkVy" "z1xxxxxxxxxxxxxxxxxxxAB") Mail to [email protected] shows Code: DKIM check: pass Mail to [email protected] shows Code: DKIM Check Signature Found: Yes SM Sig Verification: Passed LL Sig Verification: Passed From Signed: Yes Restricted Headers Signed: Yes - Return-Path, Received, Comments, Keywords, Bcc, Resent-Bcc, DKIM-Signature should not be signed. But, BUT amavisd-new testkeys shows Code: root@emone:/var/log# amavisd-new testkeys TESTING#1: default._domainkey.xxxxxx.com => invalid (public key: DNS query timeout for default._domainkey.xxxxxx.com) Any idea what is wrong here? Also, even though amavis log is enabled, I don't see any log file in /var/log
Did you add the public-key to the DNS? If you´re using ISPConfig to manage your DNS, you can use the DKIM-Button. You can check the DNS with dig default._domainkey.example.com TXT
Yep, I already did that before asking, and Code: dig default._domainkey.xxxx.com TXT shows the key in answer section with TTL of 86400 followed by "v=DKIM1\; t=s\; p=MIGfM.... The mail log shows Code: Oct 30 19:41:48 emone amavis[1129]: Module Mail::DKIM::Signer 0.39 Oct 30 19:41:48 emone amavis[1129]: Module Mail::DKIM::Verifier 0.39 Oct 30 19:41:48 emone amavis[1129]: DKIM code loaded Can it be file/folder permissions at /etc/postfix/dkim? Code: root@emone:/etc/postfix/dkim# ls -al total 16 drwxr-xr-x 2 root root 4096 Oct 30 19:09 . drwxr-xr-x 4 root root 4096 Oct 30 18:51 .. -rw-r--r-- 1 root root 902 Oct 30 19:09 xxxx.com.private -rw-r--r-- 1 root root 272 Oct 30 19:09 xxxx.com.public
if amavisd-new testkey fails, then there might be something wrong with your dns. if you´re running your own dns, make sure that amavisd use the local dns and check your /etc/resolv.conf
That was awesome, thanks a ton.. My /etc/resolv.conf contained Code: nameserver 127.0.0.1 nameserver 213.186.33.99 search ovh.net I deleted the first line and now the file looks like this: Code: nameserver 213.186.33.99 search ovh.net Doing amavisd-new testkeys shows TESTING#1: default._domainkey.xxxx.com => pass But does that mean my local dns is disabled?
If you remove 127.0.0.1 your local-dns may not be used. Depends on the IP your dns is listen to. You can check your own dns with dig @127.0.0.1 default._domainkey.example.com TXT or dig @ns.example.com default._domainkey.example.com TXT
Frankly, this whole DNS system / DNS setup is very confusing to me, but yes, I want to use my local DNS server. Doing dig @emone.xxxx.com default._domainkey.xxxx.com TXT gives Code: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 60169 ;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 2, ADDITIONAL: 2 ;; QUESTION SECTION: ;default._domainkey.xxxx.com. IN TXT ;; ANSWER SECTION: default._domainkey.xxxx.com. 86400 IN TXT "v=DKIM1\; t=s\; p=MIGfMxxx... ;; AUTHORITY SECTION: xxxx.com. 86400 IN NS emone.xxxx.com. xxxx.com. 86400 IN NS emtwo.xxxx.com. ;; ADDITIONAL SECTION: emone.xxxx.com. 3600 IN A 198.xxx.xxx.xx emtwo.xxxx.com. 3600 IN A 8.33.137.137 ;; Query time: 1 msec ;; SERVER: 198.xxx.xxx.xx#53(198.xxx.xxx.xx) ;; WHEN: Thu Oct 31 20:33:18 2013 ;; MSG SIZE rcvd: 370 And doing dig @127.0.0.1 default._domainkey.xxxx.com TXT gives Code: ; <<>> DiG 9.8.1-P1 <<>> @127.0.0.1 default._domainkey.xxxx.com TXT ; (1 server found) ;; global options: +cmd ;; connection timed out; no servers could be reached Is it posssible to set amavis in a way that it interact with the second line of /etc/resolv.conf (nameserver of hosting provider) Code: nameserver 127.0.0.1 nameserver 213.186.33.99 search ovh.net
It seems, that your dns isn´t listening to localhost. You can check it with Code: netstat -nap | grep :53 You can bind configure to listen on all ip (default) or to only defined ip. If bind is listen to a server-ip, you can add this ip to the resolv-conf. You can´t modifie amavis to ignore your basic-network-setup.
Done Reverted the change in /etc/resolv.conf to Code: nameserver 127.0.0.1 nameserver 213.186.33.99 search ovh.net Edited /etc/bind/named.conf.options Code: [I][COLOR="Red"]from[/COLOR][/I] listen-on { 198.xxx.xxx.xxx; }; [COLOR="Red"][I]to[/I][/COLOR] listen-on { 198.xxx.xxx.xxx; 127.0.0.1; }; Now all following tests pass dig @127.0.0.1 default._domainkey.xxxx.com TXT dig @emone.xxxx.com default._domainkey.xxxx.com TXT amavisd-new testkeys amavisd-new showkeys Email to [email protected] and [email protected] I think you should write a blog post for configuring ubuntu also. All the best.. Regards
If you want bind listen to all IPv4, you can comment out Code: listen-on { 198.xxx.xxx.xxx; 127.0.0.1; };
Hi all, For my part when I send an email to : [email protected] I get these error : Restricted Headers Signed: Yes - Return-Path, Received, Comments, Keywords, Bcc, Resent-Bcc, DKIM-Signature should not be signed. And idea how to fix it ? Thanks
I made some tests with three other verifiers. I think you can just ignore the lines from unlocktheinbox.com.
To fix this issue, add Code: $signed_header_fields{'received'} = 0; # turn off signing of Received to your amavis-config and reload amavis
