I have generated the private key. edited the DNS suitably. amavisd-new testkeys passed. I have also restarted amavisd. But mail sent to yahoo address - Code: domainkeys=neutral (no sig); from=example.com; dkim=neutral (no sig) Please help me check that the domain keys are signed or how to troubleshoot the same.
If you sign through amavisd, you might be able to use this.. I've added this to my /etc/amavis/conf.d/50-user: Code: # DKiM check $enable_dkim_verification = 1; $enable_dkim_signing = 1; dkim_key('domain.tld', 'default', '/etc/amavis/dkimpriv.key'); @dkim_signature_options_bysender_maps = ( { '.' => { ttl => 21*24*3600, c => 'relaxed/simple' } } ); @mynetworks = qw(0.0.0.0/8 127.0.0.0/8 192.168.0.0/16);
Dear Mark_NL Thanks so much for your reply. Please take a look and tell me what I am doing wrong. My code in /etc/amavis/conf.d/50-user file look like this. Code: #$enable_dkim_verification = 1; $enable_dkim_signing = 1; @dkim_signature_options_bysender_maps = ( { '.' => { ttl => 21*24*3600, c => 'relaxed/simple' } } ); #@mynetworks = qw(0.0.0.0/8 127.0.0.0/8 192.168.0.1/24 59.90.144.48/32); $interface_policy{'10024'} = 'DKIM_ALWAYS'; $policy_bank{'DKIM_ALWAYS'} = { originating => 1, }; dkim_key('mail.mywebhostings.biz', 'mail', '/var/db/dkim/mywebhostings.biz.key.pem'); dkim_key('mail.mywebsolutions.co.in', 'mail', '/var/db/dkim/mywebsolutions.co.in.key.pem'); is it ok. or do I need to change the code. as the command Code: pawan@server1:~$ sudo amavisd-new testkeys TESTING#1: mail._domainkey.mail.mywebhostings.biz => pass TESTING#2: mail._domainkey.mail.mywebsolutions.co.in => invalid (public key: not available) pawan@server1:~$ sudo amavisd-new testkeys TESTING#1: mail._domainkey.mail.mywebhostings.biz => pass TESTING#2: mail._domainkey.mail.mywebsolutions.co.in => pass pawan@server1:~$ So what I am doing wrong. One time the command amavisd-new testkeys fails and immediately on the same command repeat it passes the test.
sounds to me like a lazy/slow nameserver .. TESTING#2: mail._domainkey.mail.mywebsolutions.co.in => invalid (public key: not available) means it can't find the TXT record "mail._domainkey" .. the 2nd time you tried, you got a response from the nameserver, that happens sometimes when a NS is slow/busy or whatever it's doing. besides that, looking at your config, are you sending out [email protected] as "from" address, or [email protected] ? if it's the second one, you need to change your TXT record as well .. Code: dkim_key('mywebhostings.biz', 'mail', '/var/db/dkim/mywebhostings.biz.key.pem'); dkim_key('mywebsolutions.co.in', 'mail', '/var/db/dkim/mywebsolutions.co.in.key.pem'); in combination with a TXT for domain "mywebhostings.biz": Code: mail._domainkey TXT <your public key> would be better. you should go for this output: Code: pawan@server1:~$ sudo amavisd-new testkeys TESTING#1: mail._domainkey.mywebhostings.biz => pass TESTING#2: mail._domainkey.mywebsolutions.co.in => pass
Dear Mark_NL Thank you so much. Your guidance are really very valuable. Now I am getting dkim= pass (ok) but domainkeys=neutral (no sig), is it OK. besides the mail is still going to SPAM Box. So what other steps should I take to deliver the mail to INBOX. Code: X-Originating-IP: [59.90.144.48] Authentication-Results: mta168.mail.in.yahoo.com from=mywebhostings.biz; domainkeys=neutral (no sig); from=mywebhostings.biz; dkim=pass (ok) Received: from 59.90.144.48 (EHLO server1.mywebsolutions.co.in) (59.90.144.48) by mta168.mail.in.yahoo.com with SMTP; Tue, 17 Aug 2010 18:41:57 +0530 Received: from localhost (localhost.localdomain [127.0.0.1])
mostly all mail goes into the spambox by default, unless you're paying for a program like senderscore. supply the complete headers of the mail you received in your spambox.
Dear Mark_NL Below is the full header received in yahoo mail. One more strange thing I have noticed is that mails sent from mywebhostings.biz sometimes pass SPF & sometimes the header goes like this Code: Received-SPF: none (mta187.mail.in.yahoo.com: domain of [email protected] does not designate permitted sender hosts) Below is the full header received in yahoo mail. Code: From Pawan Joshi Tue Aug 17 13:11:47 2010 X-Apparently-To: [email protected] via 121.101.151.3; Tue, 17 Aug 2010 18:41:58 +0530 Return-Path: <[email protected]> X-YahooFilteredBulk: 59.90.144.48 Received-SPF: pass (mta168.mail.in.yahoo.com: domain of [email protected] designates 59.90.144.48 as permitted sender) X-YMailISG: 82lik90cZAq3uBla4oBWOJbJmiOcWjGnx.l6DdQpzR8Oy9lu b8FIVK1uGilG_lOGYSrN_gTBBUYyt5flfxVuM8Z0qFu.ROmhh2qYbJk9jvVM wP3onf7ozvGxNKxyNEPmxghdVbtH7ZlpB3SXxnrg3iD2EdTBKq4vnrEdtiBY vkMuXV65P7s.jM7EDr7vEXclKBONv8KZ7xW0Py6BDRCeTgXg6obAT8BdEj5I XaeQZynZO2EdO9jb1Y.WCSWism7sJq4jT8aEUJkyV942YrMve_up5nnlxEqn rPntML29BjKeW5CsnuXTMAI_S3R.RG2MuFxpNkrFgPFb2GKR_F62lpgrIeaj 9l75hRG84olnPzWYoGFL6L.RFW0DqZK42vivV6n3A.2FxhyUSybX.scdZxb7 BG4MUQx16tEzOJbtdGfN2neInINE97SfE5RZ4959OnZURrFCy5MpgRdDDCgp _iJw6fQEt.H8rLDDSeKem68zmn_6YrKGg3n90vVQ74ied1sLWlCqm4gBhBE- X-Originating-IP: [59.90.144.48] Authentication-Results: mta168.mail.in.yahoo.com from=mywebhostings.biz; domainkeys=neutral (no sig); from=mywebhostings.biz; dkim=pass (ok) Received: from 59.90.144.48 (EHLO server1.mywebsolutions.co.in) (59.90.144.48) by mta168.mail.in.yahoo.com with SMTP; Tue, 17 Aug 2010 18:41:57 +0530 Received: from localhost (localhost.localdomain [127.0.0.1]) by server1.mywebsolutions.co.in (Postfix) with ESMTP id B0CF38407B5 for <[email protected]>; Tue, 17 Aug 2010 18:41:56 +0530 (IST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d= mywebhostings.biz; h=content-transfer-encoding:x-mailer :mime-version:message-id:date:date:organization:content-type :content-type:reply-to:from:from:subject:subject:received :received; s=mail; t=1282050708; x=1283865108; bh=mKB0wziAdfhmwB N/UF9EWoHBhwYlHYMkcMyS1fKev4Y=; b=PGpupV4kcgydATPJ3RqsARaSKOPTtA oDoWW5LAGUJADShPK3olr+2HgmOKFQxsQCVSkQU3bD7LLurYs2TqSmy+BcZWYcNP ggmhlY8Seykd0vQD98YFCK6rBy2IEgO8/Bq+fIGTvuz4W+cpXzictdzH7JO/cXC3 njYFtal7WpUHs= X-Virus-Scanned: Debian amavisd-new at server1.mywebsolutions.co.in Received: from server1.mywebsolutions.co.in ([127.0.0.1]) by localhost (server1.mywebsolutions.co.in [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Xb4uFqSnKt4O for <[email protected]>; Tue, 17 Aug 2010 18:41:48 +0530 (IST) Received: from [192.168.0.10] (unknown [192.168.0.1]) (Authenticated sender: [email protected]) by server1.mywebsolutions.co.in (Postfix) with ESMTPA id 46D438406E4 for <[email protected]>; Tue, 17 Aug 2010 18:41:48 +0530 (IST) Subject: after changes now getting DKIM PASS From: Pawan Joshi <[email protected]> Reply-To: [email protected] To: [email protected] Content-Type: text/plain Organization: mywebhostings Date: Tue, 17 Aug 2010 18:41:47 +0530 Message-ID: <[email protected]> Mime-Version: 1.0 X-Mailer: Evolution 2.28.3 Content-Transfer-Encoding: 7bit Content-Length: 62
hmm it all looks fine to me .. i did notice mark@vuurmuur:~$ host 59.90.144.48 Name: mywebsolutions.co.in Address: 59.90.144.48 reversed all fine? and i still think your NS servers are lazy .. set a higher TTL for the TXT record, and it's all cached in no time on the net.
Dear Mark_NL I really feel so obliged for your help. The TTL value at present is 86400 for TXT record, will 14400 will be ideal. besides I am also giving below a header detail from gmail. Please have a look. I have marked the line in bold, which i feel is not OK, which says SPF neither permitted nor denied, beside dkim=neutral (bad format) But I need your comment and suggestion. Code: Delivered-To: [email protected] Received: by 10.229.86.134 with SMTP id s6cs114425qcl; Tue, 17 Aug 2010 10:04:27 -0700 (PDT) Received: by 10.90.115.9 with SMTP id n9mr4593968agc.137.1282064666488; Tue, 17 Aug 2010 10:04:26 -0700 (PDT) Return-Path: <[email protected]> Received: from server1.mywebsolutions.co.in (mywebsolutions.co.in [59.90.144.48]) by mx.google.com with ESMTP id a10si12724927ibd.83.2010.08.17.10.04.18; Tue, 17 Aug 2010 10:04:25 -0700 (PDT) Received-SPF: neutral (google.com: 59.90.144.48 is neither permitted nor denied by best guess record for domain of [email protected]) client-ip=59.90.144.48; [B]Authentication-Results: mx.google.com; spf=neutral (google.com: 59.90.144.48 is neither permitted nor denied by best guess record for domain of [email protected]) [email protected]; dkim=neutral (bad format) [email protected] Received: from localhost (localhost.localdomain [127.0.0.1])[/B] by server1.mywebsolutions.co.in (Postfix) with ESMTP id 02E398404B5; Tue, 17 Aug 2010 22:34:16 +0530 (IST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d= mywebhostings.biz; h=content-transfer-encoding:x-mailer :mime-version:message-id:date:date:organization:content-type :content-type:reply-to:from:from:subject:subject:received :received; s=mail; t=1282064645; x=1283879045; bh=mKB0wziAdfhmwB N/UF9EWoHBhwYlHYMkcMyS1fKev4Y=; b=c9PjGztqHOyq5LKPn86CYxsbzvZMNk E4BiQvZ45ebg4lDp+4mFEr4PXDxBLI6iDIUqrM297XWkAqXVJORPjkQsDbRq6GI2 lhhwVR/4S3BVi6Bm/5Ontxux76l620BCTDsmof2zjeQl/jNfR7mfWM9L6UYHN2QC Wmpqezstu5VkI= X-Virus-Scanned: Debian amavisd-new at server1.mywebsolutions.co.in Received: from server1.mywebsolutions.co.in ([127.0.0.1]) by localhost (server1.mywebsolutions.co.in [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id ZREt62mXxBux; Tue, 17 Aug 2010 22:34:05 +0530 (IST) Received: from [192.168.0.10] (unknown [192.168.0.1]) (Authenticated sender: [email protected]) by server1.mywebsolutions.co.in (Postfix) with ESMTPA id 012A284006E; Tue, 17 Aug 2010 22:34:04 +0530 (IST) Subject: after changes now getting DKIM PASS -2 From: Pawan Joshi <[email protected]> Reply-To: [email protected] To: [email protected] Cc: [email protected] Content-Type: text/plain Organization: mywebhostings Date: Tue, 17 Aug 2010 22:34:04 +0530 Message-ID: <[email protected]> Mime-Version: 1.0 X-Mailer: Evolution 2.28.3 Content-Transfer-Encoding: 7bit after changes now getting DKIM PASS for mywebsolutions.co.in
no that's not necessary .. @pawan: remove the dots behind your entries your A records (mail, ns1, server1, etc) are incorrect, need to be CNAME if you define them like that. Code: A mywebsolutions.co.in 59.90.144.48 A mail.mywebsolutions.co.in 59.90.144.48 A ns1.mywebsolutions.co.in 59.90.144.48 CNAME www mywebsolutions.co.in CNAME server1 mywebsolutions.co.in MX mywebsolutions.co.in mail.mywebsolutions.co.in 100 NS mywebsolutions.co.in ns1.mywebsolutions.co.in NS mywebsolutions.co.in ns2.rediffmailpro.com TXT mywebsolutions.co.in v=spf1 mx ~all TXT mail._domainkey.mywebsolutions.co.in v=DKIM1; g=*; k=rsa; p=<key> don't put "-s around the text in TXT values.. MX records should not point to a CNAME, etc etc .. try the above setup..
I have followed and made corrections exactly as per your direction, but I would like to remove my doubt that when you create DNS in ISPCONFIG using the DNS Wizard the result is like this which means, should I conclude that DNS Wizard is doing it wrong. As DNS wizard is putting the dots in the end besides mail & WWW is also going in A records & not CNAME. I am sure you can explain that.
ow, hmm .. oke, it puts autom. dots behind it, annoying! well, i don't use the dns admin in ispconfig, i run poweradmin/powerdns but ehm .. where are the TXT fields?