Hi, please advise, tip, directions, whatever. In addition to port 25, I enabled port 587 on the server using this manual: https://www.sbarjatiya.com/notes_wiki/index.php/CentOS_7.x_Enable_submission_587_port_for_postfix When I send a message via port 25, the header contains the DKIM signature. When I send a message over port 587, the header does NOT contain a DKIM signature. How do I please make sure that DKIM is also in messages that I send via port 587? Thank you for the advice.
How did you set up dkim signing for port 25? Presumably you would do something very similar for port 587.
Post #1 is about DKIM signing. Is post #3 about a completely different matter since it is about Let's Encrypt? Be that as it may, my signature has link to e-mail setup on ISPConfig. It has info on DKIM.
I'm sorry, I wrote complete nonsense. I got two things wrong. :-D I implemented DKIM just by installing yum install amavisd-new, according to the instructions: https://www.howtoforge.com/perfect-...config-3#-install-amavisdnew-spamassassin-and -clamav Then I just did a bypass virus check, but no further configuration took place. It works kind of by itself. I enclose the configuration of the postfix and the screenshot from the administration of ispconfig. cat /etc/postfix/master.cf # Postfix master process configuration file. For details on the format # of the file, see the master(5) manual page (command: "man 5 master"). # # Do not forget to execute "postfix reload" after editing this file. # # ========================================================================== # service type private unpriv chroot wakeup maxproc command + args # (yes) (yes) (yes) (never) (100) # ========================================================================== smtp inet n - n - - smtpd #smtp inet n - n - 1 postscreen #smtpd pass - - n - - smtpd #dnsblog unix - - n - 0 dnsblog #tlsproxy unix - - n - 0 tlsproxy submission inet n - n - - smtpd -o syslog_name=postfix/submission -o smtpd_tls_security_level=encrypt -o smtpd_sasl_auth_enable=yes -o smtpd_reject_unlisted_recipient=no -o smtpd_client_restrictions=$mua_client_restrictions -o smtpd_helo_restrictions=$mua_helo_restrictions -o smtpd_sender_restrictions=$mua_sender_restrictions -o smtpd_recipient_restrictions=permit_sasl_authenticated,reject -o milter_macro_daemon_name=ORIGINATING #smtps inet n - n - - smtpd # -o syslog_name=postfix/smtps # -o smtpd_tls_wrappermode=yes # -o smtpd_sasl_auth_enable=yes # -o smtpd_reject_unlisted_recipient=no # -o smtpd_client_restrictions=$mua_client_restrictions # -o smtpd_helo_restrictions=$mua_helo_restrictions # -o smtpd_sender_restrictions=$mua_sender_restrictions # -o smtpd_recipient_restrictions=permit_sasl_authenticated,reject # -o milter_macro_daemon_name=ORIGINATING #628 inet n - n - - qmqpd pickup unix n - n 60 1 pickup cleanup unix n - n - 0 cleanup qmgr unix n - n 300 1 qmgr #qmgr unix n - n 300 1 oqmgr tlsmgr unix - - n 1000? 1 tlsmgr rewrite unix - - n - - trivial-rewrite bounce unix - - n - 0 bounce defer unix - - n - 0 bounce trace unix - - n - 0 bounce verify unix - - n - 1 verify flush unix n - n 1000? 0 flush proxymap unix - - n - - proxymap proxywrite unix - - n - 1 proxymap smtp unix - - n - - smtp relay unix - - n - - smtp # -o smtp_helo_timeout=5 -o smtp_connect_timeout=5 showq unix n - n - - showq error unix - - n - - error retry unix - - n - - error discard unix - - n - - discard local unix - n n - - local virtual unix - n n - - virtual lmtp unix - - n - - lmtp anvil unix - - n - 1 anvil scache unix - - n - 1 scache # # ==================================================================== # Interfaces to non-Postfix software. Be sure to examine the manual # pages of the non-Postfix software to find out what options it wants. # # Many of the following services use the Postfix pipe(8) delivery # agent. See the pipe(8) man page for information about ${recipient} # and other message envelope options. # ==================================================================== # # maildrop. See the Postfix MAILDROP_README file for details. # Also specify in main.cf: maildrop_destination_recipient_limit=1 # maildrop unix - n n - - pipe flags=DRhu user=vmail argv=/usr/bin/maildrop -d ${recipient} ${extension} ${recipient} ${user} ${nexthop} ${sender} # # ==================================================================== # # Recent Cyrus versions can use the existing "lmtp" master.cf entry. # # Specify in cyrus.conf: # lmtp cmd="lmtpd -a" listen="localhost:lmtp" proto=tcp4 # # Specify in main.cf one or more of the following: # mailbox_transport = lmtp:inet:localhost # virtual_transport = lmtp:inet:localhost # # ==================================================================== # # Cyrus 2.1.5 (Amos Gouaux) # Also specify in main.cf: cyrus_destination_recipient_limit=1 # #cyrus unix - n n - - pipe # user=cyrus argv=/usr/lib/cyrus-imapd/deliver -e -r ${sender} -m ${extension} ${user} # # ==================================================================== # # Old example of delivery via Cyrus. # #old-cyrus unix - n n - - pipe # flags=R user=cyrus argv=/usr/lib/cyrus-imapd/deliver -e -m ${extension} ${user} # # ==================================================================== # # See the Postfix UUCP_README file for configuration details. # #uucp unix - n n - - pipe # flags=Fqhu user=uucp argv=uux -r -n -z -a$sender - $nexthop!rmail ($recipient) # # ==================================================================== # # Other external delivery methods. # #ifmail unix - n n - - pipe # flags=F user=ftn argv=/usr/lib/ifmail/ifmail -r $nexthop ($recipient) # #bsmtp unix - n n - - pipe # flags=Fq. user=bsmtp argv=/usr/local/sbin/bsmtp -f $sender $nexthop $recipient # #scalemail-backend unix - n n - 2 pipe # flags=R user=scalemail argv=/usr/lib/scalemail/bin/scalemail-store # ${nexthop} ${user} ${extension} # #mailman unix - n n - - pipe # flags=FR user=list argv=/usr/lib/mailman/bin/postfix-to-mailman.py # ${nexthop} ${user} dovecot unix - n n - - pipe flags=DRhu user=vmail:vmail argv=/usr/libexec/dovecot/deliver -f ${sender} -d ${user}@${nexthop} amavis unix - - - - 2 smtp -o smtp_data_done_timeout=1200 -o smtp_send_xforward_command=yes -o smtp_bind_address= 127.0.0.1:10025 inet n - n - - smtpd -o content_filter= -o local_recipient_maps= -o relay_recipient_maps= -o smtpd_restriction_classes= -o smtpd_client_restrictions= -o smtpd_helo_restrictions= -o smtpd_sender_restrictions= -o smtpd_recipient_restrictions=permit_mynetworks,reject -o mynetworks=127.0.0.0/8 -o strict_rfc821_envelopes=yes -o receive_override_options=no_unknown_recipient_checks,no_header_body_checks -o smtp_send_xforward_command=yes -o disable_dns_lookups=yes 127.0.0.1:10027 inet n - n - - smtpd -o content_filter= -o local_recipient_maps= -o relay_recipient_maps= -o smtpd_restriction_classes= -o smtpd_client_restrictions= -o smtpd_helo_restrictions= -o smtpd_sender_restrictions= -o smtpd_recipient_restrictions=permit_mynetworks,reject -o mynetworks=127.0.0.0/8 -o strict_rfc821_envelopes=yes -o receive_override_options=no_unknown_recipient_checks,no_header_body_checks -o smtp_send_xforward_command=yes -o milter_default_action=accept -o milter_macro_daemon_name=ORIGINATING -o disable_dns_lookups=yes
Follow these instructions: https://www.howtoforge.com/community/threads/please-read-before-posting.58408/ I installed on Debian, and DKIM just works. DKIM signing is done by amavis, I believe, so bypassing virus check may confuse matters? I have no idea why DKIM signing would work for port 25 but not 587.
I cannot, but this test script id broken, is not working for me: [root@server~]# scl enable rh-php73 bash [root@server~]# php -v PHP 7.3.29 (cli) (built: Aug 3 2021 12:26:40) ( NTS ) Copyright (c) 1997-2018 The PHP Group Zend Engine v3.3.29, Copyright (c) 1998-2018 Zend Technologies with Zend OPcache v7.3.29, Copyright (c) 1999-2018, by Zend Technologies with Xdebug v2.7.2, Copyright (c) 2002-2019, by Derick Rethans [root@server~]# [root@server~]# cd /root/ [root@server~]# pwd /root [root@server~]# wget -q -O htf-common-issues.php "http://gitplace.net/pixcept/ispconfig-tools/raw/stable/htf-common-issues.php" && php -q htf-common-issues.php [root@server~]# cat htf_report.txt | more cat: htf_report.txt: No such file or directory
If the common issues script fails, there is very fatal error in you system. Is that PHP version the correct original PHP on your system? Strange there is no error message. Try Code: cd /tmp wget -q -O htf-common-issues.php "http://gitplace.net/pixcept/ispconfig-tools/raw/stable/htf-common-issues.php" and then run the script: Code: cd /tmp php -q htf-common-issues.php Any error messages now?
In ISPConfig, dkim in your setup is handled by amavis as you mentioned, and the amavis content filter is set via smtpd_sender_restrictions in main.cf, but you overwrote that setting for the submission, so now amavis isn't used for submission (port 587): Refer back to the perfect server guide for enabling submission (and smtps), you simply uncommented too many lines.
[root@new ~]# cat /etc/postfix/main.cf| grep smtpd_sender_restrictions smtpd_sender_restrictions = check_sender_access regexp:/etc/postfix/tag_as_origi_sasl_authenticated, check_sender_access mysql:/etc/postfix/mysql-virtual_senderpostfix/tag_as_foreign.re [root@new ~]# [root@production ~]# cat /etc/postfix/main.cf| grep smtpd_sender_restrictions smtpd_sender_restrictions = check_sender_access mysql:/etc/postfix/mysql-virtual_sender.cf regexp:/etc/postfix/tag_as_originating.re, permit_mynetworks, permit_sasl_authenticated, check_sender_access regexp:/etc/postfix/tag_as_foreign.re [root@production ~]# You write main.cf, but you probably mean master.cf. Solution for me: submission inet n - n - - smtpd -o syslog_name=postfix/submission -o smtpd_tls_security_level=encrypt -o smtpd_sasl_auth_enable=yes -o smtpd_reject_unlisted_recipient=no # -o smtpd_client_restrictions=$mua_client_restrictions # -o smtpd_helo_restrictions=$mua_helo_restrictions # -o smtpd_sender_restrictions=$mua_sender_restrictions -o smtpd_recipient_restrictions=permit_sasl_authenticated,reject # -o milter_macro_daemon_name=ORIGINATING DKIM now working also on 587. Thanks you.
No, it's set in main.cf as your output shows. The error you have now corrected is in master.cf. Note you appear to still have smtpd_recipient_restrictions uncommented, which changes the policy/behavior on that port; that's not necessarily wrong, just make sure that's what you intend/want.
Hi, how do you recommend setting this up? I can't understand it. I left these commented, otherwise postconf writes that the variable values are undefined. # -o smtpd_client_restrictions=$mua_client_restrictions # -o smtpd_helo_restrictions=$mua_helo_restrictions # -o smtpd_sender_restrictions=$mua_sender_restrictions # -o milter_macro_daemon_name=ORIGINATING If i uncomment this lines, server say: [root@server ~]# postconf -n | grep warning postconf: warning: /etc/postfix/master.cf: undefined parameter: mua_sender_restrictions postconf: warning: /etc/postfix/master.cf: undefined parameter: mua_client_restrictions postconf: warning: /etc/postfix/master.cf: undefined parameter: mua_helo_restrictions [root@server ~]# Thanks.
On my Postrix all of the lines with $mua_<something> are commented out. If you do uncomment them, you have to define the variables $mua_sender_restrictions et al with some value. You seem to be doing a lot of configuration on your Postfix. Maybe go back to plain configuration, check it works, and if really needed add things one at a time.
