Need Help: DKIM issue with my ISPconfig server

Discussion in 'Installation/Configuration' started by Alfonso IV Villanueva, Mar 20, 2017.


Does this Post thread help or fix your problem?

  1. Yes

    0 vote(s)
  2. No

    0 vote(s)
  3. I have another suggestion

    0 vote(s)
  1. ISPConfig Version: 3.1.2
    Linux Version: CentOS 7.3

    Hi Everyone,

    I'm just a newbie here in I hope someone can help us, there's just one thing I just need to figure out with our
    fresh installed ISPconfig 3.1.2 in our Server, I have setup as well all the configurations needed in our ISPconfig,
    I can create clients, I can create domains for them, I can create emails, I can send emails, I can receive emails, and yes the monitoring is absolutely fine with no errors, however I want to ask If there is a possibilities to disable the DKIM signing in every each client side who want's to create there domain and email addresses on their client side interface with our server, First thing why we want to disable the DKIM,
    The issue is: when one of our test clients signed or enable and generate their DKIM during creation of their own domain name for their email addresses, all of our clients who registered in our ISPconfig server/control panel affected by the same issue,
    Issue 1: All emails from different clients can't received incoming emails, but can send an outgoing emails,
    Issue 2: Maybe our ISPconfig is vulnerable over the internet, however all of our incoming emails are being 'deferred' by amavis
    Issue 3: I don't know what to do ^_^
    Answer: Its all up to you guys, I hope you can help us

    Thank you and best regards,
    Alfonso IV Villanueva
    S&N Administrator | IT Department
    Private Company | Philippines, Manila
  2. ISPConfig Version: 3.1.2
    Linux Version: CentOS 7.3

    I'm replying to my own thread with my Postfix attached

    # readme_directory: The location of the Postfix README files.
    readme_directory = /usr/share/doc/postfix-2.10.1/README_FILES
    virtual_alias_domains =
    virtual_alias_maps = hash:/etc/mailman/virtual-mailman, proxy:mysql:/etc/postfix/, proxy:mysql:/etc/postfix/
    virtual_mailbox_domains = proxy:mysql:/etc/postfix/
    virtual_mailbox_maps = proxy:mysql:/etc/postfix/
    virtual_mailbox_base = /var/vmail
    virtual_uid_maps = mysql:/etc/postfix/
    virtual_gid_maps = mysql:/etc/postfix/
    sender_bcc_maps = proxy:mysql:/etc/postfix/
    smtpd_sasl_auth_enable = yes
    broken_sasl_auth_clients = yes
    smtpd_sasl_authenticated_header = yes
    smtpd_restriction_classes = greylisting
    greylisting = check_policy_service inet:
    smtpd_recipient_restrictions = permit_mynetworks, permit_sasl_authenticated, reject_unauth_destination, check_recipient_access mysql:/etc/postfix/, reject_unknown_recipient_domain
    smtpd_use_tls = yes
    smtpd_tls_security_level = may
    smtpd_tls_cert_file = /etc/postfix/smtpd.cert
    smtpd_tls_key_file = /etc/postfix/smtpd.key
    transport_maps = hash:/var/lib/mailman/data/transport-mailman, proxy:mysql:/etc/postfix/
    relay_domains = mysql:/etc/postfix/
    relay_recipient_maps = mysql:/etc/postfix/
    smtpd_sender_login_maps = proxy:mysql:/etc/postfix/
    proxy_read_maps = $local_recipient_maps $mydestination $virtual_alias_maps $virtual_alias_domains $sender_bcc_maps $virtual_mailbox_maps $virtual_mailbox_domains $relay_recipient_maps $relay_domains $canonical_maps $sender_canonical_maps $recipient_canonical_maps $relocated_maps $transport_maps $mynetworks $smtpd_sender_login_maps
    smtpd_helo_required = yes
    smtpd_helo_restrictions = permit_mynetworks, permit_sasl_authenticated, reject_non_fqdn_helo_hostname, reject_invalid_helo_hostname
    smtpd_sender_restrictions = check_sender_access regexp:/etc/postfix/ , permit_mynetworks, permit_sasl_authenticated, check_sender_access mysql:/etc/postfix/, check_sender_access regexp:/etc/postfix/
    smtpd_client_restrictions = permit_mynetworks, permit_sasl_authenticated, reject_unknown_client_hostname, check_client_access mysql:/etc/postfix/
    smtpd_client_message_rate_limit = 100
    maildrop_destination_concurrency_limit = 0
    maildrop_destination_recipient_limit = 0
    virtual_transport = dovecot
    header_checks = regexp:/etc/postfix/header_checks
    mime_header_checks = regexp:/etc/postfix/mime_header_checks
    nested_header_checks = regexp:/etc/postfix/nested_header_checks
    body_checks = regexp:/etc/postfix/body_checks
    smtp_tls_security_level = may
    smtpd_tls_mandatory_protocols = !SSLv2, !SSLv3
    smtpd_tls_protocols = !SSLv2,!SSLv3
    smtp_tls_protocols = !SSLv2,!SSLv3
    smtpd_tls_exclude_ciphers = RC4, aNULL
    smtp_tls_exclude_ciphers = RC4, aNULL
    myhostname =
    mynetworks = [::1]/128
    dovecot_destination_recipient_limit = 1
    smtpd_sasl_type = dovecot
    smtpd_sasl_path = private/auth
    content_filter = amavis:[]:10024
    receive_override_options = no_address_mappings
    mailbox_size_limit = 0
    message_size_limit = 0
  3. I've got an older ISPConfig CP so I have to create the DKIM myself for every client. So I can't really help you. But did you set the DNS correctly for the domains that use DKIM?
    Try testing your DKIM. Maybe you'll find the problem.
  4. Jesse Norell

    Jesse Norell Well-Known Member Staff Member Howtoforge Staff

    In 3.1.2 there's a checkbox to enable/disable DKIM per domain, just uncheck that for all your domains. The checkbox is under Email > Domains >, click the Domain Keys Identified Mail (DKIM) button and uncheck 'enable DKIM', then save.
  5. Hello there,
    I'm replying again to my thread, This issue is already resolved by myself, I figured out that I'm having a client name conflicts,
    As of server testing, I see that I have 2 test clients named Identically,
    Like for example: Alfonso IV Villanueva Client 1 and Alfonso IV Villanueva Client 2
    When I generate those clients a DKIM I cannot receive emails because maybe because of the Name and Contact Conflicts,

    Also one more suggestion when you are going to create an Email Domain you should carefully check if you already have created a DNS Records for the Domain you wish to create Email Domain before hitting the Generate DKIM, or else you'll need to Deactivate and Activate the account of the client in order to fix the problem with ISPConfig 3.1.2,

    This Issue is already Resolved, Thank you for taking your time replying on my post thread.
  6. florian030

    florian030 Well-Known Member HowtoForge Supporter

    If you create a new dkim-key-pair, the new key replaces the exitsing key in amavis and the DNS-Zone will be updated (new key, new delimeter) but the old key is not removed to ensure a server can validate mails signed with the old key. There is no need to do anything with the client.

Share This Page