DKIM amavis email not signed

hmm

strange thing:
I have two ISPconfig instances and on both I have installed your DKIM patch but one is the older one and the one with the old patch has in /etc/amavis/conf.d/50-user
listed all domains with dkim_key like :
dkim_key('domainone.com', 'default', '/etc/postfix/dkim/domainone.private');
dkim_key('domaintwo.com', 'default', '/etc/postfix/dkim/domaintwo.com.private');
etc etc etc

Ispconfig with new patch has no such lines at the end, it chast has this at the end

no keys or something

PS. Didint manage to set Debug on server

 

not sure

put nameserver 127.0.0.1 in resolv.conf and it seems that its working

 

With 0.3.x the dkim-keys are stored in 60-dkim and no more in 50-user.

See the changelog:
+ use 60-dkim for the key-definitions on systems with seperated amavisd-configs like debian and ubuntu

When you resync your keys, only the dkim-settings are synced (i.e. settings in your amavis-config). You may also need to sync your DNS-settings to make the public-keys available. Currently i´m working on a solution to change the dns-record when changing a dkim-key, too.

You should never run different version in the same server-setup.

 

Thanks man. Sorry for annoyance I have two seperate servers not clustered

Thanks again

 

To use this patch with ISPConfig 3.0.5.4p2 get 0.3.2.1 from here

DO NOT USE ANY VERSION < 0.3.2.1 with the latest ISPConfig.

 

I just updated the patch to work withhttp://blog.schaal-24.de/dkim/?lang=en ISPConfig 3.0.5.4p3.
This affects only the install-script.
You can get if from here

 

The final version of the DKIM patch for ISPConfig is available now.

I deliberately raised the version to 1.0 because the patch contains now all functions to effectively and automatically use DKIM with ISPConfig.

The main change is that the DNS record is created automatically by ISPConfig when for a domain DKIM values ​​are changed. (initial set up, new key, etc.). If a new key is created, the existing DNS entry is not deleted, but another created. The Selector is automatically modified if necessary.

The current description is available here.

 

The latest version from here works also with ISPConfig 3.0.5.4p4.

Please do not use an older version with ISPConfig 3.0.5.4p4. Otherwise a openvz container may not boot after new mounts added to fstab (FS#3705)

 

Hi florian030

First of all, I really appreciate sharing this great module.

Can you please advise how to use remote function to create DKIM Privacy-key and DNS record automatically when email domain is created by mail_domain_add remote function?

I use code like below.

Thank you.


try {

$params = array( 'server_id' => 1,
'domain' => $domain,
'active' => 'y');

$domain_id = $client->mail_domain_add($session_id, $client_id, $params);
}
catch (SoapFault $e) {
die('SOAP Error: '.$e->getMessage());
}

 

There is currently no function in the remote-api to create dkim-keys. You can create a key-pair using openssl and add the keys and the selector to the array for the mail-domain and insert a dns-record with the api using the public-key and the selector.

Or add domain with the api, add a key-pair to amavis, get the results with

Code:

amavisd-new showkeys example.com

and push the results to ispconfig using the api.

script/import_dkim.php is used to import existing keys to ispconfig. It´s much work to adjust this file to your needs (changing the exec-call should be enough). And don´t forget to add a function to import the dns-record, too (i have this on my todo-list).

 

I just updated the DKIM-Patch. With the latest version you get

- full DKIM support
- different strengths DKIM keys up to 4096 bits
- automatic update of domain-key records in the DNS
- Updating the DKIM keys at any time (automatic update of the selectors and the DNS zone)
- full DMARC support
- Wizard for creating DMARC Records with verification of the values
- Wizard for creating SPF-Records

More informations are available here.

 

Hi Florian
Can i ask a question
On a multiserver setup, 1 with web dns and mysql and second with mail server. Do i install your patch on both?

 

This depends on your setup. If you use your web-server to send mail, install the patch on both servers. If you web-server relays the mail to the mail-server, it´s eneough when you install it on the mail-server. But there are some changes to the database (according to dkim-keys > 1024 bit) so be sure to update the database on each server.
You can apply the patch on every server but the plugin for dkim will be enabled on mail-servers only. I would run the installer on every server.

 

hi flo, thanks for the great patch. I've just installed it an now i get every mal signed with dkim, very nice. But I'm knew to all this dkim and dmark. As i understand dkim work even without dmarc. But i would like even install dmarc on debian. Do you have any install instruction/hints to install dmarc beside your patch on ispconfig?

 

You can use DKIM without DMARC and DMARC with DKIM.
I´m currently writing a tutorial for dmarc on wheezy (check and send reports) and it should be available within the next week.

 

That sounds great. Where will you post it?

 

You can find a short post on DMARC check on Debian Wheezy

 

Hi Florian,

Thanks for the great patch.

I followed the post http://blog.schaal-24.de/ispconfig/dkim-patch-1-0/?lang=en and I’ve installed it on my two ISPC 3.0.5.4p5 servers x.x.x.131 and x.x.x.134. I have DNS role installed only on 131. Whereas I intend to used your patch to add DKIM and SPF on 134 also. But it gives me error “DKIM disabled for this mail-domaindata_error_empty” when I try to add DKIM for an email domain which is serving from 134.

Could you please help me ?

Regards,
Vikram

 

Hi Vikram,

i send you a mail regarding to this problem on 01/16....


I´m a little bit confused about your problem.

Could you please explain how you try to setup the Record?

For DKIM: create a dkim-key for the mail-domain and activate DKIM. Afterwards you should find the corresponding Record in your DNS. You can also use the DKIM-Button in the DNS for this zone.

For SPF: Just use the SPF-Button when editing Records for the Zone. SPF does not requiere DKIM.

For DMARC: Setup DKIM (mail-domain and dns-zone) and create a SPF-Record.