DKIM not working anymore on 3.1

Discussion in 'Installation/Configuration' started by SGr33n, Apr 10, 2016.

  1. SGr33n

    SGr33n New Member

    Hi people,
    A few months ago I configured DKIM with opendkim, and everything worked like a charm, also spf and dmarc. The DNS was on a different server, so when yesterday I decided to reconfigure the whole server, I just backup the DKIM private key.
    So yesterday I made a clean ISPConfig 3.1 install. I configured all the domains, enabled DKIM on the main domain inserting the old DKIM private key, but this doesn't look to work, DKIM doesn't appear in the original message, even if (of course) SPF and DMARC still work. Now I'd like to understand why this is not working, but I don't know where to look, since that /var/log/mail.log doesn't seem to have any indications about this.

    Can somebody help me? Am I missing something?
    Thanks!
    These are the headers of a test message:
    Code:
                                                                                                                                                                                                                                                                  
    Delivered-To: [email protected]
    Received: by 10.25.16.97 with SMTP id f94csp953802lfi;
            Sun, 10 Apr 2016 00:22:51 -0700 (PDT)
    X-Received: by 10.194.92.107 with SMTP id cl11mr19584706wjb.21.1460272971429;
            Sun, 10 Apr 2016 00:22:51 -0700 (PDT)
    Return-Path: <[email protected]>
    Received: from server1.mydomain.tld (server1.mydomain.tld. [46.xxx.xxx.xxx])
            by mx.google.com with ESMTPS id h84si11829115wme.92.2016.04.10.00.22.51
            for <[email protected]>
            (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128);
            Sun, 10 Apr 2016 00:22:51 -0700 (PDT)
    Received-SPF: pass (google.com: domain of [email protected] designates 46.xxx.xxx.xxx as permitted sender) client-ip=46.xxx.xxx.xxx;
    Authentication-Results: mx.google.com;
           spf=pass (google.com: domain of [email protected] designates 46.xxx.xxx.xxx as permitted sender) [email protected];
           dmarc=pass (p=QUARANTINE dis=NONE) header.from=mydomain.tld
    Received: from localhost (localhost.localdomain [127.0.0.1])
        by server1.mydomain.tld (Postfix) with ESMTP id D0F9C20DAC
        for <[email protected]>; Sun, 10 Apr 2016 03:22:50 -0400 (EDT)
    X-Virus-Scanned: Debian amavisd-new at server1.mydomain.tld
    Received: from server1.mydomain.tld ([127.0.0.1])
        by localhost (server1.mydomain.tld [127.0.0.1]) (amavisd-new, port 10024)
        with ESMTP id 4l8HznAn4LF4 for <[email protected]>;
        Sun, 10 Apr 2016 03:22:50 -0400 (EDT)
    Received: from mail-ig0-f177.google.com (mail-ig0-f177.google.com [209.85.213.177])
        (Authenticated sender: [email protected])
        by server1.mydomain.tld (Postfix) with ESMTPSA id C93542097F
        for <[email protected]>; Sun, 10 Apr 2016 03:22:49 -0400 (EDT)
    Received: by mail-ig0-f177.google.com with SMTP id ui10so48372907igc.1
            for <[email protected]>; Sun, 10 Apr 2016 00:22:49 -0700 (PDT)
    X-Gm-Message-State: AD7BkJJhDmFeTkzmEqjKw98ioK3zPih8CR9yZd6SjDgKNpR+Br7nbODU8MVjldUd2mREGo/UxG5Zc8vkj8f7+Q==
    MIME-Version: 1.0
    X-Received: by 10.50.66.210 with SMTP id h18mr11775091igt.68.1460272968650;
    Sun, 10 Apr 2016 00:22:48 -0700 (PDT)
    Received: by 10.64.64.42 with HTTP; Sun, 10 Apr 2016 00:22:48 -0700 (PDT)
    Date: Sun, 10 Apr 2016 09:22:48 +0200
    X-Gmail-Original-Message-ID: <CAKAN_hD9C4iPDCNV5C-9w+FxzXrRp+cXpuHwHASqL_ymbhXRvg@mail.gmail.com>
    Message-ID: <CAKAN_hD9C4iPDCNV5C-9w+FxzXrRp+cXpuHwHASqL_ymbhXRvg@mail.gmail.com>
    Subject: test
    From: "Me | mydomain.tld" <[email protected]>
    To: [email protected]
    Content-Type: multipart/alternative; boundary=047d7bdca468926f9f05301c4b37
    
    --047d7bdca468926f9f05301c4b37
    Content-Type: text/plain; charset=UTF-8
    Content-Transfer-Encoding: quoted-printable
     
  2. florian030

    florian030 Well-Known Member HowtoForge Supporter

    Do you have the same problems when you use new key-pair?
     
  3. florian030

    florian030 Well-Known Member HowtoForge Supporter

    I just checked this on my dev-server. I did not send-out any mails but the amavis-config was updated and the keys are written to the disk.
    Did you enable DKIM for the domains?
    Please check /etc/amavis/conf.d/60-dkim to see the stored keys
     
  4. SGr33n

    SGr33n New Member

    I wasn't enabled to reply, now I can reply, 60-dkim looks correct, it stores the correct private key path.
     
  5. SGr33n

    SGr33n New Member

    Solved via PM, thanks a lot :)
     
  6. florian030

    florian030 Well-Known Member HowtoForge Supporter

    changed smtpd_sender_restrictions to
    Code:
    check_sender_access regexp:/etc/postfix/tag_as_originating.re, permit_mynetworks, permit_sasl_authenticated, check_sender_access mysql:/etc/postfix/mysql-virtual_sender.cf, check_sender_access regexp:/etc/postfix/tag_as_foreign.re
     
  7. SGr33n

    SGr33n New Member

    Thanks again :)
     

Share This Page