Anyone had any success with DKIM or domainkeys?

[underdog]

Hi All,
Can anyone help me make sense of this:
I have a clients domain which has a newsletter system on another server their mx and spf records list both the zimbra server I am in charge of and their newsletter server which they bulk mail to their mailing list with. They were having some issues with gmail and their newsletters getting through so they were advised to setup DomainKeys on their newsletter server. As far as I understand it they need to add the public key to their DNS and they have asked me if I need to setup the key on the zimbra server???

Is this necessary? If so how would I impliment this. I have read a few posts here but I haven't seen a definitive guide and to be hnest I really don't understand all this DKIM/DomainKeys thing? Do I really need to do this just because their newsletter server uses it?

Please can someone bring me into the light.

Thanks very much!

[raj]

Mail-DKIM and DKIMproxy
this is all you need to do dkim/domainkeys..follow all steps and do postfix setup steps..and it should work.

* your changes may need to be re-applied across zimbra upgrades

Raj

[dfriestedt]

iredmail

iredmail - Project Hosting on Google Code

I relay through iredmail and DKIM sign everything. works great!

[Maja]

Quote:

Originally Posted by raj

Mail-DKIM and DKIMproxy
this is all you need to do dkim/domainkeys..follow all steps and do postfix setup steps..and it should work.

* your changes may need to be re-applied across zimbra upgrades

Raj

As Raj stated, if you follow the steps for DKIM Proxy, its pretty straightforward. We have all emails being signed before sending. One thing to keep in mind, when making changes to Postfix, change the master.cf.in file, not the master.cf (which gets overwritten on restart). Course I know this because I found out the hard way.

[jeross]

Hey,

I followed the instructions on the DKIM web page. If I connect to my mail server on the submission port (587) using an external client (e.g. my iPhone) then dkim proxy kicks in and the message is signed. However, when I send emails from the web client they do not seem to be signed.

Can someone describe how to make dkim proxy kick in for the web client?

thanks
Joe

[raj]

Globl settings --> MTA
Relay MTA for external delivery: 127.0.0.1 : 587

technically instead of handing over email to external sever you could use your 127.0.0.1:587
logically should work..

make sure you test all in and out and AV/AS email functions before putting this to production

please post here if this works

Raj

[jeross]

Unfortunately, it didn't work - the email was bounced with:

host 127.0.0.1[127.0.0.1] said: 554 5.4.0 Error:
too many hops (in reply to end of DATA command)

Looking at the mail logs it looks like the following is happening (excuse my dumbness with postfix/smtp):

- web client sends email to the local smtp
- local smtp relays to localhost:587
- email gets forwarded to dkim process on 10027
- dkim signs the process and forwards to port 10028
- postfix picks up the email from port 10028 and forwards it onto the local smtp, which goes back to the beginning of this sequence

this appears to continue until the max number of hops is reached and the email is then bounced.

Any clues from the more knowledgeable zimbra/postfix gurus as to how to get past this?

[gnoul]

Quote:

Originally Posted by raj

Globl settings --> MTA
Relay MTA for external delivery: 127.0.0.1 : 587

technically instead of handing over email to external sever you could use your 127.0.0.1:587
logically should work..

Raj

If I set that, I got the error: host 127.0.0.1[127.0.0.1] said: 554 5.4.0 Error:
too many hops (in reply to end of DATA command)

If I change port to 587 (submission), It seems very well. The header is signed. Does anybody know to change the port of webmail to 587?

[Blinkiz]

If you want DKIM (DomainKeys Identified Mail) signing and verification built into Zimbra, please vote for it!

Bug 11524 – DKIM/DK signing support in Amavisd

As of writing, I can see that already 98 people have voted for this feature. Vote for it you too!