Re: [qmailtoaster] DKIM records reported as neutral/bad format by GMAIL
Thank you Gilbert. I had already tried that but I still get the same result. I believe it's in the structure of my dns record, like I'm missing quotes or something but I'm unsure. Also, power admin won't let me add quotes to records on either end of the total string. So I'm unsure Fabian s. Sent from my Verizon Wireless 4G LTE Smartphone Original message From: Gilbert T. Gutierrez, Jr. mailing-li...@phoenixinternet.net Date: 07/18/2013 1:55 PM (GMT-05:00) To: qmailtoaster-list@qmailtoaster.com Subject: Re: [qmailtoaster] DKIM records reported as neutral/bad format by GMAIL I just saw your message and I do not know if you solved it or not. I recently had an issue with my keys and Gmail. They increased the key length requirement and mine were being rejected because of that. Below is an article of this. http://blog.returnpath.com/blog/ken-takahashi/google-doubles-down-on-weak-dkim-keys-what-you-need-to-do-now-to-be-compliant After updating my keys to a longer length, I had to wait for google to update their cache servers so that they saw the new key. I always make sure the key can be seen by google's servers by querying 8.8.8.8 and 8.8.4.4 for the text record. Also, I had to verify that I was using the correct selector in my signconf.xml (I created a new selector with the new key so that I could use the shorter key until I saw that the new key had propagated). Gilbert On 7/15/2013 7:49 AM, fsanti...@garden-life.org wrote: Hello, I have setup DKIM signing on my qmail system using these instructions: http://wiki.qmailtoaster.com/index.php/How_to_Setup_DKIM_with_Qmail_Toaster It seems to be working fine (all msgs are signed in the header). Yet, every time I send email to a gmail address, Google reports: dkim=neutral (bad format) I run my own DNS using powerdns, so i have total control over my dns records. What should I be looking at? My DNS records look like this for DKIM: dkim1._domainkey.my domain.com k=rsa; p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDG0GQHEGbLG0yEQvPamMxaC4uIBCC3LvMkI7JNXn7u6G4AnP2/8oCpCh1BP8JL0x4E1PGo0+3uVMahAAr1YYqVPFZSyAlS5cvfJBJv0NiZbAceLFF16Em3qP1T+Rfx/u5huqwLNMT1FEeA5w10A2K7Tl0A8zOnihH7Zx8ooWI0ewIDAQAB Thanks everyone on the list for your continued support. Fabian S. - To unsubscribe, e-mail: qmailtoaster-list-unsubscr...@qmailtoaster.com For additional commands, e-mail: qmailtoaster-list-h...@qmailtoaster.com - To unsubscribe, e-mail: qmailtoaster-list-unsubscr...@qmailtoaster.com For additional commands, e-mail: qmailtoaster-list-h...@qmailtoaster.com
Re: [qmailtoaster] DKIM records reported as neutral/bad format by GMAIL
Here is an example of how I do DKIM using the qmailtoaster and Bind (signconf.xml snip, key file - 1024 length, bind record). All my keys pass. --- signconf.xml (I have many domains plus a wildcard) dkimsign xyz.com domain=xyz.com keyfile=/var/qmail/control/dkim/key.xyz.com selector=dkim2 types id=dkim / /xyz.com /dkimsign --- key.xyz.com... -BEGIN RSA PRIVATE KEY- MIICXQIBAAKBgQDGSsMhdEd1OQ5X3HNS4DIox7NmKhNsexYdIcHa8qiV8+sAYVs0 LOl55hCbPz3QH/C0Rfn9+CeuxfUgz0xd0bBPVmHztMxgBIlMoNI9BCaQRO3Fg+1P NurMdLoVnafoFtHZQLVN87srfsgU+wZfKLbjBlnY9aTPklp6EKvRFKi2UQIDAQAB AoGAdSKQ5mBEHhEYUfqd/WUG/GQLq9xLIRgM1iSs2WPjBsHSHqVkNQwa17F6Ods/ 7oQPss5rgQVom6vAxCLw37MQzKLutDgxpunjDSquyrachrbqkzkYncJ1M6vxDzRo TvwXyaTo0L1vf38Bj7kLJPRAYNvu5OrCVeVPjP+23abCyAECQQDi0WVPGuCyqJ8T /Zwdsyr5XFs0QeH5ChMBFd2coAFWk1DYYbQ+UdTlOjGhKY5/G5KPg0mBSVD2kiDt pBhHk9sRAkEA383SKDybFSJz+41ZRsm/VgHlBEYduYpMBNlnJGKQZqo6MGuvkXa+ EgP4ks3zMo7V6uQLYHi+jf4Nu05PFNanQQJAEEe3XdYwCqLPyD+L1RXnH77hTP7t mVJ/yrQnE/boIa6xPtbEeTSmc02aAldZQwZXnrVtsTnx9cDHXEdK9thGAQJBAJl0 3loanFfUhOSCWinQofKOYAMbNLyJGHDmxPNM5iiPJlEXNY4vdkqSEHpQ3yXWjNV/ wlFG2ZoxDidVnaHzQUECQQDOUWkGlJyf9MtWbcOJfptkD6PJAyurRwoR+yx47pOf /D54/kdu560427whMoscGoRudG3jY4idOOy5eh5kViTv -END RSA PRIVATE KEY- --- bind record... $ttl 38400 @ IN SOA ns2.xyz.com. postmaster.xyz.com. ( 1086384033 10800 3600 604800 38400 ) @ NS ns2.xyz.com. @ NS ns1.xyz.com. @ A 10.10.10.10 @ MX 10 mailsvr.xyz.com. mailsvr A 10.10.10.11 ns1 A 10.10.10.1 ns2 A10.10.10.2 www CNAME xyz.com. @ TXT v=spf1 mx mx:mailsvr.abc.net ~all @ SPF v=spf1 mx mx:mailsvr.abc.net ~all dkim2 TXT ( v=DKIM1;t=s;p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDGSsMhdEd1OQ5X3HNS4DIox7Nm KhNsexYdIcHa8qiV8+sAYVs0LOl55hCbPz3QH/C0Rfn9+CeuxfUgz0xd0bBPVmHz tMxgBIlMoNI9BCaQRO3Fg+1PNurMdLoVnafoFtHZQLVN87srfsgU+wZfKLbjBlnY 9aTPklp6EKvRFKi2UQIDAQAB) dkim2._domainkeyTXT ( v=DKIM1;t=s;p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDGSsMhdEd1OQ5X3HNS4DIox7Nm KhNsexYdIcHa8qiV8+sAYVs0LOl55hCbPz3QH/C0Rfn9+CeuxfUgz0xd0bBPVmHz tMxgBIlMoNI9BCaQRO3Fg+1PNurMdLoVnafoFtHZQLVN87srfsgU+wZfKLbjBlnY 9aTPklp6EKvRFKi2UQIDAQAB) --- On 7/19/2013 10:41 AM, Fabian Santiago wrote: Thank you Gilbert. I had already tried that but I still get the same result. I believe it's in the structure of my dns record, like I'm missing quotes or something but I'm unsure. Also, power admin won't let me add quotes to records on either end of the total string. So I'm unsure Fabian s. Sent from my Verizon Wireless 4G LTE Smartphone Original message From: Gilbert T. Gutierrez, Jr. mailing-li...@phoenixinternet.net Date: 07/18/2013 1:55 PM (GMT-05:00) To: qmailtoaster-list@qmailtoaster.com Subject: Re: [qmailtoaster] DKIM records reported as neutral/bad format by GMAIL I just saw your message and I do not know if you solved it or not. I recently had an issue with my keys and Gmail. They increased the key length requirement and mine were being rejected because of that. Below is an article of this. http://blog.returnpath.com/blog/ken-takahashi/google-doubles-down-on-weak-dkim-keys-what-you-need-to-do-now-to-be-compliant After updating my keys to a longer length, I had to wait for google to update their cache servers so that they saw the new key. I always make sure the key can be seen by google's servers by querying 8.8.8.8 and 8.8.4.4 for the text record. Also, I had to verify that I was using the correct selector in my signconf.xml (I created a new selector with the new key so that I could use the shorter key until I saw that the new key had propagated). Gilbert On 7/15/2013 7:49 AM, fsanti...@garden-life.org wrote: Hello, I have setup DKIM signing on my qmail system using these instructions: http://wiki.qmailtoaster.com/index.php/How_to_Setup_DKIM_with_Qmail_Toaster It seems to be working fine (all msgs are signed in the header). Yet, every time I send email to a gmail address, Google reports: dkim=neutral (bad format) I run my own DNS using powerdns, so i have total control over my dns records. What should I be looking at? My DNS records look like this for DKIM: dkim1._domainkey.my
[qmailtoaster] COS5 kernel updates
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Does anyone see any potential issues arising from updating to the newest available kernel ver 2.6.18-348.12.1.el5 on a 64-bit COS5.9 box running latest QMT? I'm always hesitant to apply latest rev of any OS related packages until I'm sure there's no issue. How does everyone else handle package updates? Fabian S. -BEGIN PGP SIGNATURE- Version: OpenPGP.js v.1.20130420 Comment: http://openpgpjs.org wsBcBAEBCAAQBQJR6gPpCRAphWqB7T5XkQAAIh0H/0MkdFQqLzJgFf3kAOGp /ZXVdAoqknk+6AIdV81SbjKB1DpEt/YqzEFRWZZu1VUU1pTILtkhnYQO6Tfs zMJLTBRcBbSndMe+sUOVzkhbvlupO0Ydumtm2Vb1FmAlBpvRjMSbpBX8crmT dv58FW8BiY/Mxywp3q6pvCINBoyEhuFOkJQF91TfLxo6V21r0BSjgQZzeGLk sbSWppyA+DTVqRNTmHijo1SEHNmrw0sGNlj9EAob9bmvX6BkoMhXMpjP714Y TwNw5avRe3MT/gmlCsVuzCGIJ8cgGgxKjYMcMtYfbnhej2OdqznKmHDhCa08 jWH6TwGPlt6STDOsFRAy744= =GyKp -END PGP SIGNATURE- - To unsubscribe, e-mail: qmailtoaster-list-unsubscr...@qmailtoaster.com For additional commands, e-mail: qmailtoaster-list-h...@qmailtoaster.com
Re: [qmailtoaster] COS5 kernel updates
Fabian, I usually feel the same way and tend to cringe as I watch yum install the latest kernel and other key components, but I haven't had any problems yet. I'm running a similar build and things seem to be working fine with the latest packages for COS5.9 x64 On another note...what can you tell me about your OpenPGP.js signature...do you have OpenPGP integrated with QMT? If so, how? Our company is VERY interested in offering email encryption to our customers, and have been looking through what's out there and the best way to implement it. Would love to hear your configuration info. (Sorry guys, wasn't trying to hi-jack the thread). --Casey James Price Operations/Technical Support Smile Global 800-541-9794 www.smileglobal.com Sent with Sparrow (http://www.sparrowmailapp.com/?sig) On Friday, July 19, 2013 at 8:29 PM, fsanti...@garden-life.org wrote: -BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Does anyone see any potential issues arising from updating to the newest available kernel ver 2.6.18-348.12.1.el5 on a 64-bit COS5.9 box running latest QMT? I'm always hesitant to apply latest rev of any OS related packages until I'm sure there's no issue. How does everyone else handle package updates? Fabian S. -BEGIN PGP SIGNATURE- Version: OpenPGP.js v.1.20130420 Comment: http://openpgpjs.org wsBcBAEBCAAQBQJR6gPpCRAphWqB7T5XkQAAIh0H/0MkdFQqLzJgFf3kAOGp /ZXVdAoqknk+6AIdV81SbjKB1DpEt/YqzEFRWZZu1VUU1pTILtkhnYQO6Tfs zMJLTBRcBbSndMe+sUOVzkhbvlupO0Ydumtm2Vb1FmAlBpvRjMSbpBX8crmT dv58FW8BiY/Mxywp3q6pvCINBoyEhuFOkJQF91TfLxo6V21r0BSjgQZzeGLk sbSWppyA+DTVqRNTmHijo1SEHNmrw0sGNlj9EAob9bmvX6BkoMhXMpjP714Y TwNw5avRe3MT/gmlCsVuzCGIJ8cgGgxKjYMcMtYfbnhej2OdqznKmHDhCa08 jWH6TwGPlt6STDOsFRAy744= =GyKp -END PGP SIGNATURE- - To unsubscribe, e-mail: qmailtoaster-list-unsubscr...@qmailtoaster.com For additional commands, e-mail: qmailtoaster-list-h...@qmailtoaster.com
