Page 1 of 2 12 LastLast
Results 1 to 10 of 13

Thread: Dkim

  1. #1
    cartaysm is offline Active Member
    Join Date
    Mar 2011
    Posts
    44
    Rep Power
    4

    Default Dkim

    Zimbra Collaboration Suite 7.1
    Debian 6.0

    I have searched and tried to get this working for 2 days now and nothing I have attempted has worked. I have followed countless tutorials online (most written for centos and rpm packages) and tried both dkim-filter and opendkim. I have tried using setting the master.cf (which never saves, even in su - zimbra... Even tried sudo in su - zimbra which ask for a password then tells me its incorrect...), setting the milter setting in zimbra admin with no luck...

    Can someone please help me out with this, this simple thing which should have taken 3 minutes has turned into a 3 day project that doesnt seem to have an end.

  2. #2
    phoenix is offline Zimbra Consultant & Moderator
    Join Date
    Sep 2005
    Location
    Vannes, France
    Posts
    23,201
    Rep Power
    56

    Default

    [QUOTE=cartaysm;244918]Zimbra Collaboration Suite 7.1
    Debian 6.0

    I have searched and tried to get this working for 2 days now and nothing I have attempted has worked. I have followed countless tutorials online (most written for centos and rpm packages) and tried both dkim-filter and opendkim.

    Quote Originally Posted by cartaysm View Post
    I have tried using setting the master.cf (which never saves, even in su - zimbra... Even tried sudo in su - zimbra which ask for a password then tells me its incorrect...), setting the milter setting in zimbra admin with no luck...
    That is the wrong file as it gets overwritten by Zimbra, you should modify master.cf.in - there's details of that all over the forum.

    Quote Originally Posted by cartaysm View Post
    Can someone please help me out with this, this simple thing which should have taken 3 minutes has turned into a 3 day project that doesnt seem to have an end.
    I'm afraid that 'it doesn't work' isn't of much help for us to give you any advice, you need to describe exactly what you've done, which tutorial you've followed and what errors you're seeing.
    Regards


    Bill


    Acompli: A new adventure for Co-Founder KevinH.

  3. #3
    cartaysm is offline Active Member
    Join Date
    Mar 2011
    Posts
    44
    Rep Power
    4

    Default

    Yeah I was afraid you were going to say that, here goes...

    Zimbra Collaboration Suite 7.1
    Debian 6.0
    purged all files I had before with dkim-filter and opendkim (including /etc/mail folder) to start nice and clean...

    https://help.ubuntu.com/community/Postfix/DKIM

    I followed this all the way down to the postfix insertion;

    nano /opt/zimbra/postfix/conf/master.cf.in (based off your suggestion, I had tried master and main before with no luck)

    # DKIM
    -o milter_default_action = accept
    -o milter_protocol = 2
    -o smtpd_milters = inet:localhost:8891
    -o non_smtpd_milters = inet:localhost:8891

    Then picked back up at key gen on the wiki...

    sudo /etc/init.d/dkim-filter start
    sudo /etc/init.d/zimbra restart


    and now it doesnt receive emails... commented out the master.cf.in file (parts I added) and I can receive mail again

    So I ran;
    grep -i dkim /var/log/mail.log

    Jul 15 22:59:24 aeccmd dkim-filter[23197]: can't configure DKIM library; continuing
    Jul 15 22:59:24 aeccmd dkim-filter[23197]: Sendmail DKIM Filter v2.8.2 starting (args: -x /etc/dkim-filter.conf -u dkim-filter -P /var/run/dkim-filter/dkim-filter.pid -p inet:8891@localhost)

  4. #4
    phoenix is offline Zimbra Consultant & Moderator
    Join Date
    Sep 2005
    Location
    Vannes, France
    Posts
    23,201
    Rep Power
    56

    Default

    I believe that the openDKIM package is preferred these days. Follow these instructions: Guide to Install OpenDKIM for multiple domains with Postfix and Debian - use master.cf.in for the Milter (Postfix) settings as I mentioned earlier.

    I use openDKIM without problems on my CentOS5 ZCS server. If you still have problems then look at the log files and post again.
    Regards


    Bill


    Acompli: A new adventure for Co-Founder KevinH.

  5. #5
    cartaysm is offline Active Member
    Join Date
    Mar 2011
    Posts
    44
    Rep Power
    4

    Default

    Thank you for the link! I followed it and got the following results;

    check-auth@verifier.port25.com
    ----------------------------------------------------------
    DomainKeys check details:
    ----------------------------------------------------------
    Result: neutral (message not signed)
    ID(s) verified: header.From=user@aeccmd.org
    DNS record(s):

    ----------------------------------------------------------
    DKIM check details:
    ----------------------------------------------------------
    Result: pass (matches From: user@aeccmd.org)
    ID(s) verified: header.d=aeccmd.org
    Canonicalized Headers:



    sa-test@sendmail.net

    Authentication System: DomainKeys Identified Mail (DKIM)
    Result: DKIM signature confirmed BAD
    Description: Signature verification failed, message may have been tampered with or corrupted
    Reporting host: services.sendmail.com


    autorespond+dkim@dk.elandsys.com

    DKIM Signature validation: pass
    DKIM Author Domain Signing Practices: no DNS record for _adsp._domainkey.aeccmd.org

    I am happy to post files from my logs but not sure which to post that will help, here a the last few lines of the following files;

    cat /var/log/mail.log
    Jul 16 09:42:39 aeccmd postfix/cleanup[13381]: 1A3D61F203D: message-id=<201207161342.q6GDgU9t023450@mx.elandsys.com>
    Jul 16 09:42:39 aeccmd opendkim[1091]: message has signatures from opendkim.org, qubic.net
    Jul 16 09:42:39 aeccmd postfix/qmgr[17774]: 1A3D61F203D: from=<daemon@dk.elandsys.com>, size=5628, nrcpt=1 (queue active)
    Jul 16 09:42:39 aeccmd postfix/smtpd[13385]: disconnect from localhost.localdomain[127.0.0.1]
    Jul 16 09:42:39 aeccmd postfix/smtp[13382]: 63B901F202C: to=<scott@aeccmd.org>, relay=127.0.0.1[127.0.0.1]:10024, delay=7.8, delays=0.57/0/0/7.2, dsn=2.0.0, status=sent (250 2.0.0 from MTA([127.0.0.1]:10025): 250 2.0.0 Ok: queued as 1A3D61F203D)
    Jul 16 09:42:39 aeccmd postfix/qmgr[17774]: 63B901F202C: removed
    Jul 16 09:42:39 aeccmd postfix/lmtp[13397]: 1A3D61F203D: to=<user@aeccmd.org>, relay=aeccmd.org[192.168.1.1]:7025, delay=0.78, delays=0.7/0.01/0/0.07, dsn=2.1.5, status=sent (250 2.1.5 Delivery OK)

    cat /var/log/mail.warn (nothing with new opendkim setup)
    cat /var/log/mail.err (nothing with new opendkim setup)



    EDIT:

    I did just find this in the mail.warn log (not sure what it is, its not my ip)
    Jul 16 09:15:05 aeccmd postfix/smtpd[31573]: warning: connect to Milter service inet:localhost:12345: Connection refused
    Jul 16 09:15:35 aeccmd postfix/smtpd[31573]: warning: connect to Milter service inet:localhost:12345: Connection refused
    Jul 16 09:57:54 aeccmd postfix/smtpd[19678]: warning: 187.75.173.119: hostname 187-75-173-119.dsl.telesp.net.br verification failed: No address associated with hostname
    Jul 16 10:12:36 aeccmd opendkim[1091]: AC7FA1F203D: no signature data
    Last edited by cartaysm; 07-16-2012 at 07:14 AM. Reason: err log

  6. #6
    phoenix is offline Zimbra Consultant & Moderator
    Join Date
    Sep 2005
    Location
    Vannes, France
    Posts
    23,201
    Rep Power
    56

    Default

    Quote Originally Posted by cartaysm View Post
    Thank you for the link! I followed it and got the following results;

    check-auth@verifier.port25.com
    ----------------------------------------------------------
    DomainKeys check details:
    ----------------------------------------------------------
    Result: neutral (message not signed)
    ID(s) verified: header.From=user@aeccmd.org
    DNS record(s):

    ----------------------------------------------------------
    DKIM check details:
    ----------------------------------------------------------
    Result: pass (matches From: user@aeccmd.org)
    ID(s) verified: header.d=aeccmd.org
    Canonicalized Headers:



    sa-test@sendmail.net

    Authentication System: DomainKeys Identified Mail (DKIM)
    Result: DKIM signature confirmed BAD
    Description: Signature verification failed, message may have been tampered with or corrupted
    Reporting host: services.sendmail.com


    autorespond+dkim@dk.elandsys.com

    DKIM Signature validation: pass
    DKIM Author Domain Signing Practices: no DNS record for _adsp._domainkey.aeccmd.org
    Do you actually have the correct DNS TXT records required by openDKIM?

    Quote Originally Posted by cartaysm View Post
    I am happy to post files from my logs but not sure which to post that will help, here a the last few lines of the following files;

    cat /var/log/mail.log
    Jul 16 09:42:39 aeccmd postfix/cleanup[13381]: 1A3D61F203D: message-id=<201207161342.q6GDgU9t023450@mx.elandsys.com>
    Jul 16 09:42:39 aeccmd opendkim[1091]: message has signatures from opendkim.org, qubic.net
    Jul 16 09:42:39 aeccmd postfix/qmgr[17774]: 1A3D61F203D: from=<daemon@dk.elandsys.com>, size=5628, nrcpt=1 (queue active)
    Jul 16 09:42:39 aeccmd postfix/smtpd[13385]: disconnect from localhost.localdomain[127.0.0.1]
    Jul 16 09:42:39 aeccmd postfix/smtp[13382]: 63B901F202C: to=<scott@aeccmd.org>, relay=127.0.0.1[127.0.0.1]:10024, delay=7.8, delays=0.57/0/0/7.2, dsn=2.0.0, status=sent (250 2.0.0 from MTA([127.0.0.1]:10025): 250 2.0.0 Ok: queued as 1A3D61F203D)
    Jul 16 09:42:39 aeccmd postfix/qmgr[17774]: 63B901F202C: removed
    Jul 16 09:42:39 aeccmd postfix/lmtp[13397]: 1A3D61F203D: to=<user@aeccmd.org>, relay=aeccmd.org[192.168.1.1]:7025, delay=0.78, delays=0.7/0.01/0/0.07, dsn=2.1.5, status=sent (250 2.1.5 Delivery OK)

    cat /var/log/mail.warn (nothing with new opendkim setup)
    cat /var/log/mail.err (nothing with new opendkim setup)



    EDIT:

    I did just find this in the mail.warn log (not sure what it is, its not my ip)
    Jul 16 09:15:05 aeccmd postfix/smtpd[31573]: warning: connect to Milter service inet:localhost:12345: Connection refused
    Jul 16 09:15:35 aeccmd postfix/smtpd[31573]: warning: connect to Milter service inet:localhost:12345: Connection refused
    Jul 16 09:57:54 aeccmd postfix/smtpd[19678]: warning: 187.75.173.119: hostname 187-75-173-119.dsl.telesp.net.br verification failed: No address associated with hostname
    Jul 16 10:12:36 aeccmd opendkim[1091]: AC7FA1F203D: no signature data
    Is the milter up and running and listening on the port mentioned above?

    I think you're going to have to start with posting your configuration files for openDKIM (also include the milter settings in master.cf.in) and the DNS TXT records you've configured.
    Regards


    Bill


    Acompli: A new adventure for Co-Founder KevinH.

  7. #7
    cartaysm is offline Active Member
    Join Date
    Mar 2011
    Posts
    44
    Rep Power
    4

    Default

    The milter not running on the port was I think before I updated to opendkim;

    netstat -antup | grep 12345
    tcp 0 0 127.0.0.1:12345 0.0.0.0:* LISTEN 1091/opendkim
    cat /etc/opendkim/keys/aeccmd.org/default.txt
    default._domainkey IN TXT "v=DKIM1; g=*; k=rsa; p=MIGfMA0G...
    I use GoDaddy DNS;
    Hosts="default._domainkey" TXT Value= "v=DKIM1; g=*; k=rsa; p=MIGfMA0G..."
    Sent an email to gmail account;
    Authentication-Results: mx.google.com; spf=pass (google.com: domain of user@aeccmd.org designates xxxx as permitted sender) smtp.mail=user@aeccmd.org; dkim=pass header.i=@aeccmd.org
    Received: from localhost (localhost.localdomain [127.0.0.1])
    by aeccmd.org (Postfix) with ESMTP id 2C2BE1F203D
    for <cartaysm@gmail.com>; Mon, 16 Jul 2012 09:49:15 -0400 (EDT)
    DKIM-Signature: v=1; a=rsa-sha256; c=simple/simple; d=aeccmd.org; s=default;
    t=1342446555; bh=BGUebycbdmCy50Xn3ezwF+MYxetzMK1Fddb7NqHgJas=;
    h=Date:From:To:Subject:Message-ID:Content-Type:MIME-Version;
    b=ttNDaK1d9bM3h5a...
    X-Virus-Scanned: amavisd-new at aeccmd.org
    Here is the bottom of /opt/zimbra/postfix/conf/master.cf.in
    #
    # AMAVISD-NEW
    #
    smtp-amavis unix - - n - 10 smtp
    -o smtp_data_done_timeout=1200
    -o smtp_send_xforward_command=yes
    -o disable_dns_lookups=yes
    -o max_use=20
    127.0.0.1:10025 inet n - n - - smtpd
    -o content_filter=
    -o local_recipient_maps=
    -o virtual_mailbox_maps=
    -o virtual_alias_maps=
    -o relay_recipient_maps=
    -o smtpd_restriction_classes=
    -o smtpd_delay_reject=no
    -o smtpd_client_restrictions=permit_mynetworks,reject
    -o smtpd_helo_restrictions=
    -o smtpd_milters=inet:localhost:12345
    -o milter_default_action=accept
    -o non_smtpd_milters=inet:localhost:12345
    -o disable_mime_output_conversion=yes
    -o smtpd_sender_restrictions=
    -o smtpd_recipient_restrictions=permit_mynetworks,rej ect
    -o mynetworks_style=host
    -o mynetworks=127.0.0.0/8,[::1]/128
    -o strict_rfc821_envelopes=yes
    -o smtpd_error_sleep_time=0
    -o smtpd_soft_error_limit=1001
    -o smtpd_hard_error_limit=1000
    -o smtpd_client_connection_count_limit=0
    -o smtpd_client_connection_rate_limit=0
    -o receive_override_options=no_header_body_checks,no_ unknown_recipient_$
    -o milter_protocol=6
    nano /etc/opendkim.conf
    # This is a basic configuration that can easily be adapted to suit a standard
    # installation. For more advanced options, see opendkim.conf(5) and/or
    # /usr/share/doc/opendkim/examples/opendkim.conf.sample.

    # Log to syslog
    Syslog yes
    # Required to use local socket with MTAs that access the socket as a non-
    # privileged user (e.g. Postfix)
    UMask 002

    # Sign for example.com with key in /etc/mail/dkim.key using
    # selector '2007' (e.g. 2007._domainkey.example.com)
    #Domain example.com
    #KeyFile /etc/mail/dkim.key
    #Selector 2007

    # Commonly-used options; the commented-out versions show the defaults.
    #Canonicalization simple
    #Mode sv
    #SubDomains no
    #ADSPDiscard no
    KeyTable /etc/opendkim/KeyTable
    SigningTable /etc/opendkim/SigningTable
    ExternalIgnoreList /etc/opendkim/TrustedHosts
    InternalHosts /etc/opendkim/TrustedHosts
    http://dkimcore.org/c/keycheck
    This is a valid DKIM key record

    Version
    v=DKIM1

    Granularity
    g=*

    Key type
    k=rsa

    Public key
    p=MIGfMA0G
    Last edited by cartaysm; 07-16-2012 at 02:40 PM.

  8. #8
    phoenix is offline Zimbra Consultant & Moderator
    Join Date
    Sep 2005
    Location
    Vannes, France
    Posts
    23,201
    Rep Power
    56

    Default

    Quote Originally Posted by cartaysm View Post
    The milter not running on the port was I think before I updated to opendkim;
    As you've shown a message with DKIM headers I'm not quite sure what you're saying now, is it working or not? Is mail being sent and received?
    Regards


    Bill


    Acompli: A new adventure for Co-Founder KevinH.

  9. #9
    cartaysm is offline Active Member
    Join Date
    Mar 2011
    Posts
    44
    Rep Power
    4

    Default

    I think it working, here are the results

    check-auth@verifier.port25.com
    ================================================== ========
    Summary of Results
    ================================================== ========
    SPF check: pass
    DomainKeys check: neutral
    DKIM check: pass
    Sender-ID check: pass
    SpamAssassin check: ham

    ================================================== ========
    Details:
    ================================================== ========

    HELO hostname: aeccmd.org
    Source IP: xxxx
    mail-from: user@aeccmd.org

    ----------------------------------------------------------
    SPF check details:
    ----------------------------------------------------------
    Result: pass
    ID(s) verified: smtp.mailfrom=user@aeccmd.org
    DNS record(s):
    aeccmd.org. SPF (no records)
    aeccmd.org. 3600 IN TXT "v=spf1 ip4:xxx ~all"

    ----------------------------------------------------------
    DomainKeys check details:
    ----------------------------------------------------------
    Result: neutral (message not signed)
    ID(s) verified: header.From=user@aeccmd.org
    DNS record(s):

    ----------------------------------------------------------
    DKIM check details:
    ----------------------------------------------------------
    Result: pass (matches From: user@aeccmd.org)
    ID(s) verified: header.d=aeccmd.org
    Canonicalized Headers:
    Date:'20'Tue,'20'17'20'Jul'20'2012'20'12:10:20'20'-0400'20'(EDT)'0D''0A'
    From:'20'cartaya'20'<user@aeccmd.org>'0D''0A'
    To:'20'check-auth@verifier.port25.com'0D''0A'
    Subject:'20'tt'0D''0A'
    sa-test@sendmail.net
    Authentication System: DomainKeys Identified Mail (DKIM)
    Result: DKIM signature confirmed GOOD
    Description: Signature verified, message arrived intact
    Reporting host: services.sendmail.com
    More information: DomainKeys Identified Mail (DKIM)
    Sendmail milter: OpenDKIM

    Authentication System: Sender ID
    Result: SID data confirmed GOOD
    Description: Sending host is authorized for sending domain
    Reporting host: services.sendmail.com
    autorespond+dkim@dk.elandsys.com
    DKIM Signature validation: pass
    DKIM Author Domain Signing Practices: no DNS record for _adsp._domainkey.aeccmd.org

  10. #10
    phoenix is offline Zimbra Consultant & Moderator
    Join Date
    Sep 2005
    Location
    Vannes, France
    Posts
    23,201
    Rep Power
    56

    Default

    That would appear to be OK, you might want to consider implementing Author Domain Signing Practices mentioned at the end of your post.
    Last edited by phoenix; 07-17-2012 at 10:57 AM.
    Regards


    Bill


    Acompli: A new adventure for Co-Founder KevinH.

Page 1 of 2 12 LastLast

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Similar Threads

  1. DKIM and DK in Zimbra 7.0
    By randall in forum Installation
    Replies: 3
    Last Post: 04-12-2011, 07:51 AM
  2. DKIM Signature
    By ashrocks in forum Administrators
    Replies: 3
    Last Post: 12-03-2010, 02:03 PM
  3. DKIM Signature
    By ashrocks in forum Users
    Replies: 0
    Last Post: 12-03-2010, 11:51 AM
  4. DKIM Coming?
    By LMStone in forum Developers
    Replies: 8
    Last Post: 08-21-2009, 04:50 AM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •