Anil Aliyan wrote:
Dear All,
I have setup DKIM as per instution in the DKIM video. Everything is
setup correctly but still when i see mail hearders on yahoo or gmail i see
Authentication-Results: mta164.mail.in.yahoo.com from=gnvfc.net;
domainkeys=pass (ok); from=mail.gnvfc.net; *dkim=permerror (no key)*
**
*Secondly, for domain keys it says *from=*gnvfc.net*; domainkeys=pass
(ok);
*and for DKIM is says* from=*mail.gnvfc.net*; *dkim=permerror (no key)*
why is says from=? different in both the cases in domainkeys its
gnvfc.net and in DKIM its mail.gnvfc.net.
When recipient mail server verifies the key it might be looking for
the domain name instead of hostname+domain name.
DKIM reads the domain name from the me file in control dir, if i am
not wrong.
while Domain keys only selects the actual domain name from the email
address or sending mailserver.
DKIM-Signature:
v=1; a=rsa-sha1; c=simple; d=mail.gnvfc.net; h=
message-id:reply-to:from:to:subject:date:mime-version :content-type;
s=dkim1;
DomainKey-Signature:
a=rsa-sha1; q=dns; c=nofws; s=private; d=gnvfc.net;
I have 5 virtual domains and if i use globalkey for the severs all
maildomains will have samekey and every mail deliverd on yahoo will
look for d=gnvfc.net for public key.
How can i setup dkim for individual domain. and how can i get
d=gnvfc.net as shown in RED above in both Signature headers.
And is my DKIM entry in DNS is in the format given below, is it
correct. I have simply copied it from the public.txt file and pasted
into my dns, you can check the same from
http://domainkeys.sourceforge.net/selectorcheck.html with dkim.gnvfc.net:
dkim1 IN TXT "k=rsa;
p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQD0KkrMRWFDOYr41TzzIDAzXVumAXtAXw4XthJPLZ22YwZhh2jtu1V7jnvrywT2aMhh03UdxrGlipI2waX2m1JyTxp5sy07Bgm4AvYZXtm90Jq74b6V7jZqF04ur9IoaN9HEUdaFeY5HeYgab53phMOvwX5UH8Z6qgj3rC7hWtQPwIDAQAB"
Regards,
Anil Aliyan
Show us your DKIM config file. I suspect you have something configured
incorrectly there.
The DKIM patch for Qmail will allow you to sign multiple domains
individually (when configured correctly, Yahoo will look at each domain
for the DKIM key). The patch will force you to use ONE key to sign the
domains however. So you use the same hash to sign, but each domain will
get a DNS entry and each domain will sign for itself by configuring the
DKIM config file correctly.
