Hello, I am using postfix davecot combination. Sending and receiving emails is perfect (external dns, debian wheezy). ------------------------------------ Then I enabled DKIM according to this ... blog schaal-24 de patch-1-0 Result: pop3 or smtp does not work. mail.error Jul 22 20:47:43 vmi44129 postfix/qmgr[6161]: 0EF261F0150A: from=..........., size=1268, nrcpt=1 (queue active) Jul 22 20:47:43 vmi44129 postfix/smtp[6171]: connect to 127.0.0.1[127.0.0.1]:10024: Connection refused Jul 22 20:47:43 vmi44129 postfix/smtp[6171]: 0EF261F0150A: to=external email, relay=none, delay=0.18, delays=0.18/0/0/0, dsn=4.4.1, status=deferred (connect to 127.0.0.1[127.0.0.1]:10024: Connection refused) Jul 22 20:47:43 vmi44129 postfix/smtpd[6191]: disconnect from ip xx.xx.xx.xx-114 etc ... [xx.xx.xx.xx] Would be grateful for advice .. PS: In future I want to set DKIM on ISPconfig3 DNS: but in my dns template I have only this: [DNS_RECORDS] A|{DOMAIN}.|{IP}|0|3600 A|www|{IP}|0|3600 A|mail|{IP}|0|3600 NS|{DOMAIN}.|{NS1}.|0|3600 NS|{DOMAIN}.|{NS2}.|0|3600 MX|{DOMAIN}.|mail.{DOMAIN}.|10|3600 Should I add TXT ...? And if yes then how?
I think, you missed sometihng in the amavis-config (connect to 127.0.0.1[127.0.0.1]:10024: Connection refused). You can find the recomended settings here. But the install.php works on debian wheezy without any problems. Did you download the latest version?
I followed only the instructions here: blog schaal-24 de ispconfig dkim-patch-1-0 ?lang=en but I did not do what is inside INSTALL.TXT in /tmp/dkim-patch therefore the only location where I have amavis.conf.dkim is in /tmp/dkim-patch directory. Should I continue on what is in INSTALL.TXT file? Or where else should be amavis.conf.dkim located ?
If you are on debian wheezy, the install.php works on the most setups (espescially if you follow the install-guids from howtoforge). If something went wrong, you have the backup of postfix and amavis-configs. Just make sure, that the changes in the install.txt are aplied to your configs (main.cf, master.cf and 50-user).
I have amavis.conf.dkim configuration exactly as you are refering to. How do I recognize tat DKIM is working? On ISPconfig3 (email and dns sections) everything is ok: the path, creation of keys. How else do I know that DKIM is working?
You must add the settings from amavis.conf.dkim to your amavis-config (/etc/amavisd.conf, /etc/amavisd.conf/50-user, /etc/amavis/conf.d/50-user or /etc/amavisd/amavisd.conf). You can check dkim as described here: http://blog.schaal-24.de/dkim/debug-2/?lang=en
I finelly got patch 1.8 from git placed what was in amavis.conf.dkim to /etc/amavis/50-user RESULTS ARE HERE: 1) amavisd-new testkeys TESTING#1: default1437666131._domainkey.jabmaster.cz => pass TESTING#2: default1437666647._domainkey.oplatka.com => pass TESTING#3: default1437688938._domainkey.jbmd.com => pass =============================== 2) I am using external DNS servers .. =============================== However: 3) when sending emails to [email protected]25.com: :::: jabmaster.cz Summary of Results ======================================================= SPF check: pass DomainKeys check: neutral DKIM check: neutral Sender-ID check: pass SpamAssassin check: ham :::: oplatka.com Summary of Results ======================================================= SPF check: pass DomainKeys check: neutral DKIM check: neutral Sender-ID check: pass SpamAssassin check: ham :::: jbmd.com Summary of Results ======================================================= SPF check: neutral... I did not set it yet on this domain .. DomainKeys check: neutral DKIM check: neutral Sender-ID check: neutral SpamAssassin check: ham Should I pay attention to this??? > NOTE: DKIM checking has been performed based on the latest DKIM specs > (RFC 4871 or draft-ietf-dkim-base-10) and verification may fail for > older versions. If you are using Port25's PowerMTA, you need to use > version 3.2r11 or later to get a compatible version of DKIM. =================== > "neutral DKIM" > The message was signed but the signature or signatures > contained syntax errors or were not otherwise able to be > processed. This result SHOULD also be used for other > failures not covered elsewhere in this list. >
Maybe the DKIM-Key was not available at the dns-servers during the tests. You can check your dkim-records at dkim.org