Hi, For the past couple of days I've been trying in vain to setup domainkey filtering with postfix. I've followed the tutorial at http://www.howtoforge.com/postfix_dkfilter_domain_keys_implementation and have been through john longs (http://jason.long.name/dkfilter/) example numerous times but my mails simply aren't being signed. In my postfix log I get the following Code: Apr 25 17:34:53 stgsrv postfix/smtpd[7392]: connect from localhost.localdomain[127.0.0.1] Apr 25 17:34:53 stgsrv postfix/smtpd[7389]: NOQUEUE: client=localhost.localdomain[127.0.0.1] Apr 25 17:34:53 stgsrv postfix/smtpd[7392]: 3843F9C451: client=localhost.localdomain[127.0.0.1] Apr 25 17:34:53 stgsrv dkfilter.in[29557]: DomainKeys verification - neutral (no signature; no policy for MYDOMAIN.com); The mails get sent t but without being signed. I've followed both examples closely and read around fairly extensively, This is driving me nuts. my master.cf looks like this Code: smtp inet n - n - - smtpd -o smtpd_proxy_filter=127.0.0.1:10025 -o smtpd_client_connection_count_limit=10 127.0.0.1:10026 inet n - n - - smtpd -o smtpd_authorized_xforward_hosts=127.0.0.0/8 -o smtpd_client_restrictions= -o smtpd_helo_restrictions= -o smtpd_sender_restrictions= -o smtpd_recipient_restrictions=permit_mynetworks,reject -o smtpd_data_restrictions= -o mynetworks=127.0.0.0/8 -o receive_override_options=no_unknown_recipient_checks pickup fifo n - n 60 1 pickup -o content_filter=dksign:127.0.0.1:10027 for inbound filter and like this Code: submission inet n - n - - smtpd -o smtpd_etrn_restrictions=reject -o smtpd_sasl_auth_enable=yes -o content_filter=dksign:[127.0.0.1]:10027 -o receive_override_options=no_address_mappings -o smtpd_recipient_restrictions=permit_mynetworks,permit_sasl_authenticated,reject # # specify the location of the DomainKeys signing filter # dksign unix - - n - 10 smtp -o smtp_send_xforward_command=yes -o smtp_discard_ehlo_keywords=8bitmime # # service for accepting messages FROM the DomainKeys signing filter # 127.0.0.1:10028 inet n - n - 10 smtpd -o smtpd_use_tls=no -o content_filter= -o receive_override_options=no_unknown_recipient_checks,no_header_body_checks -o smtpd_helo_restrictions= -o smtpd_client_restrictions= -o smtpd_sender_restrictions= -o smtpd_recipient_restrictions=permit_mynetworks,reject -o mynetworks=127.0.0.0/8 -o smtpd_authorized_xforward_hosts=127.0.0.0/8 For the outbound filter All the mails are generated by a Rails app on the localhost. Fedora Core 6 Postfix 2.4 dkfilter 0.11 If there's another surefire way to sign with domainkeys let me know
same issue I too am having the same problem, but I did get the policy to verify. for the policy make sure you have a TXT entry in your dns for the policy with your TXT entry for the key. e.g. _domainkey.yourdomain.com IN TXT "t=y; o=~; n=http://www.mydomain.com/contact.html" restart dns then wait for dns to update. you can check it locally # dig _domain.yourdomain.com TXT Remote CMD check nslookup > set type=txt > _domain.yourdomain.com but I still get a "no signature" even though my key is verified and pass, but yahoo " DomainKeys verification - neutral (no signature; domain testing);"
Solved my issue. I missed the part about port 587. In order to have email signed you need to change the outbound port from 25(default) to 587. In Outlook I went to my account properties Advanced Tab. (for each account). I now that it can be a hassel to have all you clients change this in outlook, but domainkeys cannot sign and verify on the same port. In Webmail I changed the smtp.class.php and phpmailer.class.php to use port 587 instead of 25. This important if your users will be using your server side email programs such as talaen or squirrelmail. My classes for talaen were in /webmail/inc/. Although I recently changed from dkfilter to DKIM and still holds true for DKIM.
