DKIM amavis email not signed

Discussion in 'Installation/Configuration' started by MrWolf, Aug 8, 2013.

  1. florian030

    florian030 Well-Known Member HowtoForge Supporter

    It makes no difference where you add the entry. I prefer to add it in 50-user direct before $enable_dkim_verification = 1;
     
  2. stef157

    stef157 Member

    Hi,
    An idea how to change the selector ?
    Actually it's default, but I would like to change it.
    Cause I want to send a mailing with an other server and there is a conflict between all the "default" selector.

    Thanks.
     
  3. florian030

    florian030 Well-Known Member HowtoForge Supporter

    You must change the source-code. If I have some more time, i will make it selectable.

    As long as you don´t change the created keys in the interface, you can just change it in your amavis-config and the txt-record in you dns.
     
    Last edited: Feb 21, 2014
  4. stef157

    stef157 Member

    Thanks
    I've change default by my value in 50-users and that seem work ;-)
     
  5. florian030

    florian030 Well-Known Member HowtoForge Supporter

    Don´t forget your DNS
     
  6. frprim

    frprim New Member

    Greap module

    Thanks Florian for this great module. I didnt install it yet but it seems its quite easy to do so. I read all the posts and have a question or two if you dont mind asking:
    Does this module change core files of ISPConfig? Im asking this because I wonder what would happen if we upgrade ISPconfig to later versions. Are we obliged to reinstall your module again?

    Thanks again for this module. I hope ISPconfiig developers will find it worthy of including it to main branch soon.

    At this moment we are using ISPconfig 3.0.5.3. Will this module work? :)
     
    Last edited: Apr 11, 2014
  7. florian030

    florian030 Well-Known Member HowtoForge Supporter

    Sure, the plugin changes some files in ispconfig/interface. If you update your ispconfig-installation you must reinstall the dkim-part. But a update didn´t change your amvis-config so the mails will be signing even if you didn´t re-install the patch.

    You can use the patch with 3.0.5.3 and it MAY work with 3.0.5.4 RC. But when 3.0.5.4 is released i will also make a new version of the dkim-patch available to make sure it works without any problems with 3.0.5.4 (and also a few minor bug-fixes and new features).
     
  8. frprim

    frprim New Member

    Thanks

    Thanks for the fast response and detailed explanation. I will install this module and report how it went.
    Thanks again
     
  9. frprim

    frprim New Member

    Im using ubuntu 12.04 LTS and had to change master.cf to
    127.0.0.1:10025 inet n - n - - smtpd
    and
    127.0.0.1:10027

    So far everything works ok. Thanks again for this great plugin. Just works :)
     
  10. frprim

    frprim New Member

    Error

    I have a error with DKIM plugin, I think because server started to malfuction when I wanted to add mail for a client.
    This is output i receive:
    Replication failed. Error: (mail_domain) in MySQL server: (localhost) Unknown column 'dkim' in 'field list' # SQL: REPLACE INTO mail_domain (`domain_id`,`sys_userid`,`sys_groupid`,`sys_perm_user`,`sys_perm_group`,`sys_perm_other`,`server_id`,`domain`,`dkim`,`dkim_private`,`dkim_public`,`active`) VALUES ('8','8','8','riud','riud','','2','domainer.rs','n','','','y')

    Anyone knows how to deal with this?

    Thanks in advance
     
  11. florian030

    florian030 Well-Known Member HowtoForge Supporter

    As long as you use 3.05.3 you must change the database on EVERY server. If you use the current RC there is no need to adjust the database as the dkim-related sql-fields are already installed.
     
  12. frprim

    frprim New Member

    Thanks Florian. I ended up removing a server from the cluster. Will have your comment in mind when I set up dkim in another cluster setup.
    Thanks again
     
  13. florian030

    florian030 Well-Known Member HowtoForge Supporter

    You can get the latest version 0.3.0 (i recommend to use it with ISPConfig 3.0.5.4) from here.

    Changelog:
    RELEASED 0.3
    2014-04-24
    this release is for ISPConfig 3.0.5.4
    + add definable dkim-selector
    + use 60-dkim for the key-definitions on systems with seperated amavisd-configs like debian and ubuntu
    + avoid duplicate keys with different selectors.
    + prevent restarting amavis more then one time.
    + simplify the dkim-entry in a template
    + allow dkim-public-key in dns only for mail-domains with dkim enabed.
    + add "$signed_header_fields{'received'} = 0;" to amavis-config to avoid signing header field 'received' by amavis
    + add all lng-files but only de, en and fr are translated. In other lng-files the english content is used. feel free
    to send me your translation
    + removed check for existing dkim-path in the interface due to multi-server-setups
    + the key-directory is created by the server-plugin
    + changed some log-output to loglevel debug
    + add minimum ttl values in dns dkim sub records
     
  14. frprim

    frprim New Member

    some problems

    Some problems:
    1. Had to change resolv.conf and add
    nameserver 127.0.0.1
    to get amavisd-new testkeys to have PASS
    2. There is no Resync DKIM in Ispconfig interface Tools --> Resync
    3. My e-mails are not signed despite the fact I have DKIM in DNS record present

    Will have to find out whats wrong. Updated ISPconfig to latest 3.0.5.4 and using dkim patch 0.3 on Ubuntu 12.04
     
  15. florian030

    florian030 Well-Known Member HowtoForge Supporter

    1. you can add your own dns to the resolv.conf. Otherwise you have to wait until you dns-changes are available on the dns you use instead. No dns-changes are available just-in-time on other dns.

    2. Thanks. I will re-add it to the patch :)

    3. Signing has nothing to do with your dns-settings. Even if you have no dns-record with the dkim-information, amavis will sign the emails. Please review your setup or check the amavis-log (maybe use a higher log-level)
     
  16. florian030

    florian030 Well-Known Member HowtoForge Supporter

    The resync-tool i available in 0.3.1 - see here
     
  17. frprim

    frprim New Member

    Hi Florian,
    i just dowloaded your new dkim 0.3.1 and hmm, well I still cant see DKIM resync option :( . Anyhow, when I update dkim keys then my mails are signed. I will have to investigate this :D or perhaps u might know whats up :)
     
  18. florian030

    florian030 Well-Known Member HowtoForge Supporter

    Please try it again. My script was broken.

    Your mails will only be signed as long as the keys are stored in your amavisd-config.
     
  19. frprim

    frprim New Member

    Now it works

    Now it works as it should. Thnaks again man. When I resynced DKIM it reloaded previously added keys except one fail --> (bad RSA signature)
     
  20. florian030

    florian030 Well-Known Member HowtoForge Supporter

    Is there anything in your ispconfig-log? You can alos debug ispconfig to get some more output from the plugin.
     

Share This Page