Iam running Cento 5.2 perfect server with ISPConfig, with Domainkeys In Postfix Using dk-milter. Everything is running well and perfect, the emails are being signed, thanks for the howto's. I'm just wondering though, can I also implement Postfix DKIM With dkim-milter? I want to know if it is possible to implement them both and what adjustments I would need to do. Thanks in advance.
I followed the how to and I got no errors until on the "Configure Postfix " section I got stucked, here are my concerns: 1. "Append to the existing milters if you have other milters already configured. " -how do I exactly do this? 2. Since I did not know what to do, I added the this code: Code: smtpd_milters = unix:/var/run/dkim-milter/dkim.sock non_smtpd_milters = unix:/var/run/dkim-milter/dkim.sock to the bottom of /etc/postfix/main.cf file. Is this the right way to do it? 3. When I did #2 and started dkim-milter I got this error: Code: Starting DKIM milter (dkim-filter #0): dkim-filter: smfi_opensocket() failed [FAILED] thanks in advance... sorry for the bugging, I'm just a linux newbie trying to learn how to setup good email delivery.
this is what I get: Code: [root@server1 /]# ls -la /var/run/dkim-milter/dkim.sock srwxrwx--- 1 dkim-milt mail 0 Jul 30 17:20 /var/run/dkim-milter/dkim.sock is it correct?
Try restarting the dkim-milter and see if u get the error again are you running with selinux enabled ?
the restart did the trick! No I did not have selinux enabled, it was disabled from the start. Here's the restart result: Code: [root@server1 /]# service dkim-milter restart Shutting down all DKIM milter (dkim-filter): [ OK ] Cleanup for DKIM milter (dkim-filter #0): Starting DKIM milter (dkim-filter #0): [ OK ] I tried sending email to my gmail account but I don't see "Signed by: ..." on the headers, here's how my headers look, it does not look the same with what's on the howto. plus when I send email to yahoo I get this errorr on my mail que Code: postqueue -p -Queue ID- --Size-- ----Arrival Time---- -Sender/Recipient------- E7DFB78C4BB 812 Wed Jul 30 18:34:42 [email protected] (host b.mx.mail.yahoo.com[66.196.97.250] refused to talk to me: 421 Message from (xxx.92.28.183) temporarily deferred - 4.16.50. Please refer to http://help.yahoo.com/help/us/mail/defer/defer-06.html) [email protected]
May be the signing is not taking place look at the original message in gmail and see the headers To do that click the arror on the reply button.
ok this is how it looks: Code: Delivered-To: [email protected] Received: by 10.151.9.19 with SMTP id m19cs339643ybi; Wed, 30 Jul 2008 03:32:15 -0700 (PDT) Received: by 10.114.133.1 with SMTP id g1mr8165581wad.123.1217413934294; Wed, 30 Jul 2008 03:32:14 -0700 (PDT) Return-Path: <[email protected]> Received: from server1.onexxxxxxs.us ([xxx.92.28.183]) by mx.google.com with ESMTP id m28si1759939poh.10.2008.07.30.03.32.11; Wed, 30 Jul 2008 03:32:14 -0700 (PDT) Received-SPF: pass (google.com: domain of [email protected] designates xxx.92.28.183 as permitted sender) client-ip=xxx.92.28.183; Authentication-Results: mx.google.com; spf=pass (google.com: domain of [email protected] designates xxx.92.28.183 as permitted sender) [email protected]; dkim=neutral [email protected] Received: from 192.168.1.100 (localhost.localdomain [127.0.0.1]) by server1.onexxxxxxs.us (Postfix) with ESMTP id 0085578C4BB for <[email protected]>; Wed, 30 Jul 2008 18:32:08 +0800 (PHT) X-DKIM: Sendmail DKIM Filter v2.2.1 server1.onexxxxxxs.us 0085578C4BB DKIM-Signature: v=1; a=rsa-sha1; c=simple/simple; d=onexxxxxs.us; s=default; t=1217413929; bh=Zpsxuy+yXsq4w+8ENBqBCjnNTiU=; h=Message-ID:Date:Subject:From:To:Reply-To:User-Agent:MIME-Version: Content-Type:Content-Transfer-Encoding; b=hdewiGxyUcF7RXF1ZY6PLx+r ubFf3uLYWrLr0QsrDVQztXpESFVOkTGb1mIeASSM/u0G7ejTyI79NaM8XxCI9Buv4Iv C7i6O2k3MlsxLLmEZw6W5wz7fLi/2eYi92o1dM6yvLnveo0Si+eMdl1b+4Zav5elKzR ij/YwY1CKIhuI= Received: from 192.168.1.110 (SquirrelMail authenticated user web1_user) by server1.onexxxxxxxxs.us with HTTP; Wed, 30 Jul 2008 18:32:09 +0800 (PHT) Message-ID: <[email protected]> Date: Wed, 30 Jul 2008 18:32:09 +0800 (PHT) Subject: Testing From: "XXulxxxxx" <[email protected]> To: [email protected] Reply-To: [email protected] User-Agent: SquirrelMail/1.5.1 MIME-Version: 1.0 Content-Type: text/plain;charset=iso-8859-1 Content-Transfer-Encoding: 8bit go!
but it has been signed right? here's how my pri.mydomain.us looks like: Code: $TTL 86400 @ IN SOA ns1.xxxxxxxxxx.us. paul.xxxxxxxxxx.us. ( 2008072812 ; serial, todays date + todays serial # 28800 ; refresh, seconds 7200 ; retry, seconds 604800 ; expire, seconds 86400 ) ; minimum, seconds ; NS ns1.xxxxxxxxxx.us. ; Inet Address of name server 1 NS ns9.zoneedit.com. ; Inet Address of name server 2 ; MX 10 mail.xxxxxxxxxx.us. xxxxxxxxxx.us. A 119.92.28.183 www A 119.92.28.183 ns1 A 119.92.28.183 mail A 119.92.28.183 ftp CNAME [url]www.xxxxxxxxxx.us[/url]. webmail CNAME [url]www.xxxxxxxxxx.us[/url]. smtp CNAME mail.xxxxxxxxxx.us. pop3 CNAME mail.xxxxxxxxxx.us. xxxxxxxxxx.us. TXT "v=spf1 a mx ptr ~all" ;;;; MAKE MANUAL ENTRIES BELOW THIS LINE! ;;;; default._domainkey IN TXT "g=; k=rsa; t=y; p=MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBALJP4zvQAvfVTR8R4o9Y8jqaDalFOUYvBfAzRkawEtv4TA1ij8Ku0EfAyoBMQAqW6UgtxTvWQVwWOP7an2QIaCECAwEAAQ==" ; ----- DomainKey default for xxxxxxxxxx.us _domainkey IN TXT "t=y; o=~" default2._domainkey IN TXT "v=DKIM1; g=*; k=rsa; p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDekPn/K81GiNXz7ncHNl5Xdl8IDdqJFoeG4ZJg4iKYxyHbb5tUN++jYdftTTC+mAZg/3Wf5DkKaIzb7l1Ug2e2qNppv9kDib088y1flLj9ItnT+wvs6EZG2A3EXao2LFK4iv896fSoXYewzxjYQRstytS8ebLWFUpuWnmKqp2acwIDAQAB" ; ----- DKIM default for xxxxxxxxxx.us
Okay i think you are signing using default which is a domainkey key instead of signing using default2.
I did change that already, here's my /etc/sysconfig/dkim-milter Code: # Default values # USER="dkim-milt" PORT=local:/var/run/dkim-milter/dkim.sock SIGNING_DOMAIN="XXXXXXX.us" SELECTOR_NAME="default2" KEYFILE="/etc/dkim-milter/${SIGNING_DOMAIN}_${SELECTOR_NAME}.key.pem" SIGNER=yes VERIFIER=yes CANON=simple SIGALG=rsa-sha1 REJECTION="bad=r,dns=t,int=t,no=a,miss=r" EXTRA_ARGS="-h -l -D" I also did a restart for named, dkim, and postfix already. here's the gmail full headers (wow we finally did IT!!!): Code: Delivered-To: [email protected] Received: by 10.141.142.4 with SMTP id u4cs139139rvn; Wed, 30 Jul 2008 05:09:56 -0700 (PDT) Received: by 10.114.182.1 with SMTP id e1mr8323931waf.143.1217419796347; Wed, 30 Jul 2008 05:09:56 -0700 (PDT) Return-Path: <[email protected]> Received: from server1.xxxxxxxxxx.us ([xxx.92.28.183]) by mx.google.com with ESMTP id m29si1953233poh.4.2008.07.30.05.09.53; Wed, 30 Jul 2008 05:09:56 -0700 (PDT) Received-SPF: pass (google.com: domain of [email protected] designates xxx.92.28.183 as permitted sender) client-ip=xxx.92.28.183; Authentication-Results: mx.google.com; spf=pass (google.com: domain of [email protected] designates xxx.92.28.183 as permitted sender) [email protected]; [B]dkim=pass[/B] [email protected] Received: from 192.168.1.100 (localhost.localdomain [127.0.0.1]) by server1.xxxxxxxxxx.us (Postfix) with ESMTP id 410E978C4BB for <[email protected]>; Wed, 30 Jul 2008 20:09:51 +0800 (PHT) X-DKIM: Sendmail DKIM Filter v2.2.1 server1.xxxxxxxxxx.us 410E978C4BB DKIM-Signature: v=1; a=rsa-sha1; c=simple/simple; d=xxxxxxxxxx.us; s=default2; t=1217419791; bh=+eogg8h8qzD7CUn3p8Fe6Rvj7p4=; h=Message-ID:Date:Subject:From:To:Reply-To:User-Agent:MIME-Version: Content-Type:Content-Transfer-Encoding; b=YK5GpXoxqhtIjOvpV+d6k95D PMbwGNUbCI3GU2SjycHYeXwdj6UHVfKeg9NbM94t32OXX4bBC3+0nkWbgy5zbhWz08l HSvN86xLsV1PVSe8Z9Nzdeo/bBr+QeOJLMCl2jIxZiZRZUxEVEX+fk2e72sAfDJixU9 SQQcRiX20tyzQ= Received: from 192.168.1.110 (SquirrelMail authenticated user web1_user) by server1.xxxxxxxxxx.us with HTTP; Wed, 30 Jul 2008 20:09:51 +0800 (PHT) Message-ID: <[email protected]> Date: Wed, 30 Jul 2008 20:09:51 +0800 (PHT) Subject: Testing DKIM From: "Paul Gabuya" <[email protected]> To: [email protected] Reply-To: [email protected] User-Agent: SquirrelMail/1.5.1 MIME-Version: 1.0 Content-Type: text/plain;charset=iso-8859-1 Content-Transfer-Encoding: 8bit Thanks for assisting me TOPDOG kudo's to you topdog you're the man!!!! Thank you very much. I hope this thread could also help other newbies like me.
after dkim-milter worked, dk-milter failed again, I don't know what went wrong: when I start or restart domainkeys I get this error: Code: [root@server1 /]# service dk-milter start Starting DomainKeys milter (dk-filter #0): dk-filter: smfi_opensocket() failed [FAILED] Code: [root@server1 /]# service dk-milter restart Shutting down all DomainKeys milter (dk-filter): [FAILED] Cleanup for DomainKeys milter (dk-filter #0): Starting DomainKeys milter (dk-filter #0): dk-filter: smfi_opensocket() failed [FAILED] looking at the dk socket permissions I get this: Code: [root@server1 /]# ls -la /var/run/dk-milter/dk.sock srwxrwx--- 1 dk-milt mail 0 Jul 30 07:08 /var/run/dk-milter/dk.sock here's my /etc/sysconfig/dk-milter: Code: # Default values # USER="dk-milt" PORT="local:/var/run/dk-milter/dk.sock" #PORT="inet:10034@localhost" SIGNING_DOMAIN="xxxxxxxxxx.us" SELECTOR_NAME="default" KEYFILE="/etc/mail/domainkeys/dk_new.pem" SIGNER=yes VERIFIER=yes CANON=simple REJECTION="bad=r,dns=t,int=t,no=a,miss=r" EXTRA_ARGS="-h -l -D" MILTER_GROUP="mail" bottom of my /etc/postfix/main.cf looks like this: on my maillog I get this error: Code: Jul 31 12:53:28 server1 dk-filter[16309]: Sendmail DomainKeys Filter: Unable to bind to port local:/var/run/dk-milter/dk.sock : Address already in use Jul 31 12:53:28 server1 dk-filter[16309]: Sendmail DomainKeys Filter: Unable to create listening socket on conn local:/var/ru n/dk-milter/dk.sock Jul 31 12:53:28 server1 dk-filter[16309]: smfi_opensocket() failed
Your postfix should look like this Code: smtpd_milters = unix:/var/run/dk-milter/dk.sock unix:/var/run/dkim-milter/dkim.sock non_smtpd_milters = unix:/var/run/dk-milter/dk.sock unix:/var/run/dkim-milter/dkim.sock Stop dk-milter, remove the socket file and then start it and see if that helps.
that worked but my dkim for gmail is showing up neutral again EDIT it's both working now after I restarted postfix, dkim-milter, and dk-milter. thanks again....
