ISPConfig Version: 3.1.2 Linux Version: CentOS 7.3 Hi Everyone, I'm just a newbie here in howtoforge.com I hope someone can help us, there's just one thing I just need to figure out with our fresh installed ISPconfig 3.1.2 in our Server, I have setup as well all the configurations needed in our ISPconfig, I can create clients, I can create domains for them, I can create emails, I can send emails, I can receive emails, and yes the monitoring is absolutely fine with no errors, however I want to ask If there is a possibilities to disable the DKIM signing in every each client side who want's to create there domain and email addresses on their client side interface with our server, First thing why we want to disable the DKIM, The issue is: when one of our test clients signed or enable and generate their DKIM during creation of their own domain name for their email addresses, all of our clients who registered in our ISPconfig server/control panel affected by the same issue, Issue 1: All emails from different clients can't received incoming emails, but can send an outgoing emails, Issue 2: Maybe our ISPconfig is vulnerable over the internet, however all of our incoming emails are being 'deferred' by amavis Issue 3: I don't know what to do ^_^ Answer: Its all up to you guys, I hope you can help us Thank you and best regards, Alfonso IV Villanueva S&N Administrator | IT Department Private Company | Philippines, Manila
ISPConfig Version: 3.1.2 Linux Version: CentOS 7.3 I'm replying to my own thread with my Postfix main.cf attached Postfix main.cf Code: # readme_directory: The location of the Postfix README files. # readme_directory = /usr/share/doc/postfix-2.10.1/README_FILES virtual_alias_domains = virtual_alias_maps = hash:/etc/mailman/virtual-mailman, proxy:mysql:/etc/postfix/mysql-virtual_forwardings.cf, proxy:mysql:/etc/postfix/mysql-virtual_email2email.cf virtual_mailbox_domains = proxy:mysql:/etc/postfix/mysql-virtual_domains.cf virtual_mailbox_maps = proxy:mysql:/etc/postfix/mysql-virtual_mailboxes.cf virtual_mailbox_base = /var/vmail virtual_uid_maps = mysql:/etc/postfix/mysql-virtual_uids.cf virtual_gid_maps = mysql:/etc/postfix/mysql-virtual_gids.cf sender_bcc_maps = proxy:mysql:/etc/postfix/mysql-virtual_outgoing_bcc.cf smtpd_sasl_auth_enable = yes broken_sasl_auth_clients = yes smtpd_sasl_authenticated_header = yes smtpd_restriction_classes = greylisting greylisting = check_policy_service inet:127.0.0.1:10023 smtpd_recipient_restrictions = permit_mynetworks, permit_sasl_authenticated, reject_unauth_destination, check_recipient_access mysql:/etc/postfix/mysql-virtual_recipient.cf, reject_unknown_recipient_domain smtpd_use_tls = yes smtpd_tls_security_level = may smtpd_tls_cert_file = /etc/postfix/smtpd.cert smtpd_tls_key_file = /etc/postfix/smtpd.key transport_maps = hash:/var/lib/mailman/data/transport-mailman, proxy:mysql:/etc/postfix/mysql-virtual_transports.cf relay_domains = mysql:/etc/postfix/mysql-virtual_relaydomains.cf relay_recipient_maps = mysql:/etc/postfix/mysql-virtual_relayrecipientmaps.cf smtpd_sender_login_maps = proxy:mysql:/etc/postfix/mysql-virtual_sender_login_maps.cf proxy_read_maps = $local_recipient_maps $mydestination $virtual_alias_maps $virtual_alias_domains $sender_bcc_maps $virtual_mailbox_maps $virtual_mailbox_domains $relay_recipient_maps $relay_domains $canonical_maps $sender_canonical_maps $recipient_canonical_maps $relocated_maps $transport_maps $mynetworks $smtpd_sender_login_maps smtpd_helo_required = yes smtpd_helo_restrictions = permit_mynetworks, permit_sasl_authenticated, reject_non_fqdn_helo_hostname, reject_invalid_helo_hostname smtpd_sender_restrictions = check_sender_access regexp:/etc/postfix/tag_as_originating.re , permit_mynetworks, permit_sasl_authenticated, check_sender_access mysql:/etc/postfix/mysql-virtual_sender.cf, check_sender_access regexp:/etc/postfix/tag_as_foreign.re smtpd_client_restrictions = permit_mynetworks, permit_sasl_authenticated, reject_unknown_client_hostname, check_client_access mysql:/etc/postfix/mysql-virtual_client.cf smtpd_client_message_rate_limit = 100 maildrop_destination_concurrency_limit = 0 maildrop_destination_recipient_limit = 0 virtual_transport = dovecot header_checks = regexp:/etc/postfix/header_checks mime_header_checks = regexp:/etc/postfix/mime_header_checks nested_header_checks = regexp:/etc/postfix/nested_header_checks body_checks = regexp:/etc/postfix/body_checks smtp_tls_security_level = may smtpd_tls_mandatory_protocols = !SSLv2, !SSLv3 smtpd_tls_protocols = !SSLv2,!SSLv3 smtp_tls_protocols = !SSLv2,!SSLv3 smtpd_tls_exclude_ciphers = RC4, aNULL smtp_tls_exclude_ciphers = RC4, aNULL myhostname = srv1.xteraoutsourcing.com mynetworks = 127.0.0.0/8 [::1]/128 dovecot_destination_recipient_limit = 1 smtpd_sasl_type = dovecot smtpd_sasl_path = private/auth content_filter = amavis:[127.0.0.1]:10024 receive_override_options = no_address_mappings mailbox_size_limit = 0 message_size_limit = 0
I've got an older ISPConfig CP so I have to create the DKIM myself for every client. So I can't really help you. But did you set the DNS correctly for the domains that use DKIM? Try testing your DKIM. Maybe you'll find the problem. http://dkimcore.org/tools/ http://dkimvalidator.com/
In 3.1.2 there's a checkbox to enable/disable DKIM per domain, just uncheck that for all your domains. The checkbox is under Email > Domains > yourdomain.com, click the Domain Keys Identified Mail (DKIM) button and uncheck 'enable DKIM', then save.
Hello there, I'm replying again to my thread, This issue is already resolved by myself, I figured out that I'm having a client name conflicts, As of server testing, I see that I have 2 test clients named Identically, Like for example: Alfonso IV Villanueva Client 1 and Alfonso IV Villanueva Client 2 When I generate those clients a DKIM I cannot receive emails because maybe because of the Name and Contact Conflicts, Also one more suggestion when you are going to create an Email Domain you should carefully check if you already have created a DNS Records for the Domain you wish to create Email Domain before hitting the Generate DKIM, or else you'll need to Deactivate and Activate the account of the client in order to fix the problem with ISPConfig 3.1.2, This Issue is already Resolved, Thank you for taking your time replying on my post thread.
If you create a new dkim-key-pair, the new key replaces the exitsing key in amavis and the DNS-Zone will be updated (new key, new delimeter) but the old key is not removed to ensure a server can validate mails signed with the old key. There is no need to do anything with the client.
