We setup both postfix and dkim-milter successfully according to the HowtoForge and everything is running it seems. Some settings were updated for our domain. But now when we try to mail nothing is being sent. There is no logging what so ever so we can't figure out what the email is doing. It does not leave the server. /var/log/maillog (no logging there of any error or message) /var/log/message (no logging here at all either) If we disable dkim-milter and just have postfix running the mail does send. But our goal is to have the DKIM stam on emails. Our dns record is correctly upated as well but if email doesn't even leave the server what gives? Thanks for help, Shootz
DKMI is the bottleneck When both DKMI and Postfix is running, mail stays in queue and stays... we shut off dkmi-milter then restart postfix (after commenting out the couple lines in /etc/postfix/main.cf) the emails gets sent right away. What could be the problem with DKMI holding the emails on the server?
Our DKim-milter conf file # Default values # USER="dkim-milt" PORT="local:/var/run/dkim-milter/dkim.sock" SIGNING_DOMAIN="<our domain here>.com" SELECTOR_NAME="default" KEYFILE="/etc/dkim-milter/${SIGNING_DOMAIN}_${SELECTOR_NAME}.key.pem" SIGNER=yes VERIFIER=yes CANON=simple SIGALG=rsa-sha1 REJECTION="bad=r,dns=t,int=t,no=a,miss=r" EXTRA_ARGS="-h -l -D" MILTER_GROUP="mail" Also, there is another documenation on the web we found: https://help.ubuntu.com/community/Postfix/dkim-milter These guys says to put two config files: /etc/dkim-filter.conf /etc/default/dkim-filter Is this right? Your documents on this website says nothing about those files: http://www.howtoforge.com/postfix-dkim-with-dkim-milter-centos5.1
As you can see from that howto, it is outdated. Please use http://www.topdog.za.net/postfix_dkim_milter
import read failed(0). # wget http://www.topdog-software.com/oss/roundcube/andrew_topdog-software.com_key.txt # rpm --import andrew_topdog-software.com_key.txt # http://www.topdog-software.com/oss/dkim-milter/dkim-milter-2.8.2-2.$(uname -i).rpm Followed first step in the new updated HowTo and get this error: import read failed(0).
ok we downloaded the rpm directly from your site and did rpm -Uvh and it installed. there is a question about DNS and what exactly needs to be put there. on your example: default._domainkey IN TXT "v=DKIM1; g=*; k=rsa; p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDG81CNNVOlWwfhENOZEnJKNlikTB3Dnb5kUC8/zvht/S8SQnx+YgZ/KG7KOus0By8cIDDvwn3ElVRVQ6Jhz/HcvPU5DXCAC5owLBf/gX5tvAnjF1vSL8ZBetxquVHyJQpMFH3VW37m/mxPTGmDL+zJVW+CKpUcI8BJD03iW2l1CwIDAQAB" ; ----- DKIM default for topdog-software.com the TXT Name is: default._domainkey the TXT value we put is: v=DKIM1; g=*; k=rsa; p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDG81CNNVOlWwfhENOZEnJKNlikTB3Dnb5kUC8/zvht/S8SQnx+YgZ/KG7KOus0By8cIDDvwn3ElVRVQ6Jhz/HcvPU5DXCAC5owLBf/gX5tvAnjF1vSL8ZBetxquVHyJQpMFH3VW37m/mxPTGmDL+zJVW+CKpUcI8BJD03iW2l1CwIDAQAB of course the values will be reflected to our own key, but the format and the items put into the input boxes using GoDaddy's Total DNS this is what we do correct? We don't actually put the entire content into the TXT Value: default._domainkey IN TXT "v=DKIM1; g=*; k=rsa; p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDG81CNNVOlWwfhENOZEnJKNlikTB3Dnb5kUC8/zvht/S8SQnx+YgZ/KG7KOus0By8cIDDvwn3ElVRVQ6Jhz/HcvPU5DXCAC5owLBf/gX5tvAnjF1vSL8ZBetxquVHyJQpMFH3VW37m/mxPTGmDL+zJVW+CKpUcI8BJD03iW2l1CwIDAQAB" ; ----- DKIM default for topdog-software.com Thank you,
I do not know about the godaddy interface but the key is basically a TXT record. your understanding below is correct.
Ok we did a test mail to our google account and read the full header. We see: X-DKIM: Sendmail DKIM Filter v2.8.2 <our domain>.com B698A1B0038 Is that correct? Should there be an actual key file there, the long pem or something?
You should have a DKIM-Signature header as well, and if your setup is correct then gmail will indicate that the check passed.
Only thing DKIM related is what we posted above: X-DKIM: Sendmail DKIM Filter v2.8.2 <our domain>.com B698A1B0038 There is no sig or no confirmation. Perhaps DNS has not updated yet? For GoDaddy, they have two input fields, TXT Name and TXT Value. We have the follow below: TXT Name: default._domainkey TXT Value: v=DKIM1; g=*; k=rsa; p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQC1Kzf7W3l1OwG2eGPTNm c9EMo2s+0V0iw1e+IyS6XNcP5c2wkmogT+sTZ5zlwQgpQDNtSbYlI3A4yk+b TovieJl+1c1+cfti+hVzr4UqD504sxRBwwwRuOeKx7VqLW9JRvLhVjo2p3ot kKmAnjqrLK7tWfsnd9hArCO5zLJCIzPwIDAQAB And also: TXT Name: _adsp._domainkey TXT Value: dkim=unknown Any way to check to see if these DNS setting are live?
Let's say our domain is "domain.com", on that test page, we put domain.com and it says "input valid domain". Then we put www.domain.com and it says No problems to report. So even so, the sig and verification is not showing up on the header of google emails. Should we rename our pem and all the other settings to www.domain.com instead of domain.com? -- edit -- We did further testing on that sendmail test site. We even put www.domain.com and selector as "defoot" and it says No problems to report... humm So our domain name in particular, without www. it produces error input valid domain name. This might be an issue.
you need to fix your DNS records it seems you have added the TXT records to your www not to domain.com and of course u will not be sending mail from @www ?
It seems it's a DNS issue and our domain name has not propogated everywhere yet. We will try the test again each day. Your updated Dkim-milter documentation was very helpful and got our system up and running. The signatures and such we can work it out at this end once our DNS is fully registered globally. thumbs up!
Just want to update on the progress for those that may run into similar thing. 1. We installed postfix using yum rpm install 2. We then found this documentation by topdog: http://www.topdog.za.net/postfix_dkim_milter 3. We had import problems on the first step of the documentation 4. We downloaded the rpm directy from the topdog site knowing our "uname -a" 5. Installed the RPM, followed all the steps of the documentation 6. We sent test emails and the DKIM didn't sign 7. Had to edit /etc/mail/dkim/trusted-hosts and add 127.0.0.1 and also our domain name 8. EVERYTHING WORKS NOW Thank you topdog! Shootz