Then tcpserver has a HUGE bug, since that is how it is supposed to work. Ip addresses which are bound to groups should follow directives. Ie,
127.:first .:second :first,QMAILQUEUE='/var/qmail/bin/simscan' :second,QMAILQUEUE='/go/to/hell/and/back' 127* should be the only ones able to send with this setup, since the rest should be trapped by "second" -----Original Message----- From: Erik Espinoza [mailto:[EMAIL PROTECTED] Sent: den 23 maj 2006 08:28 To: [email protected] Subject: Re: [qmailtoaster] Re: domainkeys signing failing? Do that and outgoing mail from webmail will not be signed. Trust me, I tested this feature thoroughly. ;) Erik On 5/22/06, Mattias Segerdahl <[EMAIL PROTECTED]> wrote: > Erik, > > You wrote: > > 127.:allow,RELAYCLIENT="",DKSIGN="/var/qmail/control/domainkeys/%/private" > :allow,BADMIMETYPE="",BADLOADERTYPE="M",CHKUSER_RCPTLIMIT="50",CHKUSER_WRONG > RCPTLIMIT="10",DKVERIFY="BDEGIJKfh",QMAILQUEUE="/var/qmail/bin/simscan",DKQU > EUE="/var/qmail/bin/qmail-queue.orig",DKSIGN="/var/qmail/control/domainkeys/ > %/private" > > Since 127. already is in the group allow, there is no real reason to add the > DKSIGN environment to the ip address alone, since it's already in the allow > group. A proper enviroemnt, without setting the environment again, should > look like > > 127.:allow,RELAYCLIENT="" > :allow,BADMIMETYPE="",BADLOADERTYPE="M",CHKUSER_RCPTLIMIT="50",CHKUSER_WRONG > RCPTLIMIT="10",DKVERIFY="BDEGIJKfh",QMAILQUEUE="/var/qmail/bin/simscan",DKQU > EUE="/var/qmail/bin/qmail-queue.orig",DKSIGN="/var/qmail/control/domainkeys/ > %/private" > > -----Original Message----- > From: Erik Espinoza [mailto:[EMAIL PROTECTED] > Sent: den 22 maj 2006 19:16 > To: [email protected] > Subject: Re: [qmailtoaster] Re: domainkeys signing failing? > > Not sure I understand what you're asking. > > On 5/22/06, Mattias Segerdahl <[EMAIL PROTECTED]> wrote: > > Erik, > > > > Why would you put up the domain key signing for both the ip address and > once > > again in the allow group? This should only be needed once. > > > > // Mattias > > > > -----Original Message----- > > From: John Q. Fernandez [mailto:[EMAIL PROTECTED] > > Sent: den 22 maj 2006 14:32 > > To: [email protected] > > Subject: Re: [qmailtoaster] Re: domainkeys signing failing? > > > > I had it setup like this: > > 127.:allow,RELAYCLIENT="" > > > :allow,BADMIMETYPE="",BADLOADERTYPE="M",CHKUSER_RCPTLIMIT="50",CHKUSER_WRONG > > > RCPTLIMIT="10",DKVERIFY="BDEGIJKfh",QMAILQUEUE="/var/qmail/bin/simscan",DKQU > > > EUE="/var/qmail/bin/qmail-queue.orig",DKSIGN="/var/qmail/control/domainkeys/ > > %/private" > > > > Then I tried the way you said it should look like > > 127.:allow,RELAYCLIENT="",DKSIGN="/var/qmail/control/domainkeys/%/private" > > > :allow,BADMIMETYPE="",BADLOADERTYPE="M",CHKUSER_RCPTLIMIT="50",CHKUSER_WRONG > > > RCPTLIMIT="10",DKVERIFY="BDEGIJKfh",QMAILQUEUE="/var/qmail/bin/simscan",DKQU > > > EUE="/var/qmail/bin/qmail-queue.orig",DKSIGN="/var/qmail/control/domainkeys/ > > %/private" > > > > I am still getting: > > DomainKey-Status: bad > > . > > . > > DomainKey-Signature: a=rsa-sha1; q=dns; c=nofws; s=private; d=domain.com; > > > > > b=KXnemYAno0ThL4LaL7sTRY+4U1dlzwTefvLyz0AFjklEY8yEfSO+Qp6zrUqtMPpWla2F76LNpp > > EW7+etv2E1FhnkOowygaN6YZosad9E+QQcp6dNLfQRQHkzLMFstsz8 > > ; > > > > Any help on resolution would be great. > > > > Thanks, > > John > > > > > Looks like your key is set up correctly in DNS. Perhaps your tcp.smtp > > > is misconfigured. Without these two lines, you will not be signing at > > > all. > > > > > > The default should look as follows (2 lines): > > > > 127.:allow,RELAYCLIENT="",DKSIGN="/var/qmail/control/domainkeys/%/private" > > > > > > :allow,BADMIMETYPE="",BADLOADERTYPE="M",CHKUSER_RCPTLIMIT="50",CHKUSER_WRONG > > > RCPTLIMIT="10",DKVERIFY="BDEGIJKfh",QMAILQUEUE="/var/qmail/bin/simscan",DKQU > > > EUE="/var/qmail/bin/qmail-queue.orig",DKSIGN="/var/qmail/control/domainkeys/ > > %/private" > > > > > > Thanks, > > > Erik > > > > > > On 5/21/06, John Fernandez <[EMAIL PROTECTED]> wrote: > > >> $ host -t txt private._domainkey.domain.com > > >> private._domainkey.domain.com text "k=rsa\; > > >> > > > p=MEwwDQYJKoZIhvcNxdrvfeAIxAPL//Tp0mGa06ZYwnJWEfds4tgEFvvdV5/f2zEyrb5ohF#5fs > > dfsdfdh53fzGHXV+/087gKKwIDAQAB" > > >> > > >> > > >> Erik Espinoza wrote: > > >> > Oops. I pulled the wrong record. Type 'host -t txt > > >> > private._domainkey.domain.com' > > >> > > > >> > Thanks, > > >> > Erik > > >> > > > >> > On 5/21/06, John Fernandez <[EMAIL PROTECTED]> wrote: > > >> >> Maybe I didn't add it right but here is what I added. > > >> >> > > >> >> I added a TXT record using godaddy wizard > > >> >> > > >> >> TXT name is: private._domainkey.domain.com > > >> >> TXT value is: k=rsa; > > >> >> p=XXXxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx......... > > >> >> > > >> >> I wasn't really sure what to put on the name. In my SPF I only had @ > > >> in > > >> >> the TXT name. Should I be putting @ also for domainkeys? > > >> >> > > >> >> Here is the output you are asking for. > > >> >> $ host -t txt domain.com > > >> >> domain.com text "v=spf1 a mx:domain.com ip4:xxx.xxx.xxx.xxx/24 -all" > > >> >> > > >> >> Thanks, > > >> >> > > >> >> John. > > >> >> > > >> >> > > >> >> Erik Espinoza wrote: > > >> >> > What type of record did you add in GoDaddy? Did you make sure it > > >> was a > > >> >> > txt record? What shows up when you type host -t txt domain.com at > > >> the > > >> >> > command line? > > >> >> > > > >> >> > On 5/20/06, John Fernandez <[EMAIL PROTECTED]> wrote: > > >> >> >> I am getting the below results when sending to both yahoo > > >> and > > >> >> >> gmail. > > >> >> >> > > >> >> >> yahoo > > >> >> >> Authentication-Results: mta183.mail.re4.yahoo.com > > >> >> from=domain.com; > > >> >> >> domainkeys=fail (bad sig) > > >> >> >> . > > >> >> >> . > > >> >> >> DomainKey-Signature: a=rsa-sha1; q=dns; c=nofws; s=private; > > >> >> >> d=domain.com; > > >> >> >> b=Dxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx > ; > > >> >> >> > > >> >> >> gmail > > >> >> >> DomainKey-Status: bad > > >> >> >> . > > >> >> >> . > > >> >> >> DomainKey-Signature: a=rsa-sha1; q=dns; c=nofws; s=private; > > >> >> >> d=domain.com; > > >> >> >> b=Zxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx ; > > >> >> >> > > >> >> >> here is my tcp.smtp > > >> >> >> 127.:allow,RELAYCLIENT="" > > >> >> >> > > >> >> > > > :allow,BADMIMETYPE="",BADLOADERTYPE="M",CHKUSER_RCPTLIMIT="50",CHKUSER_WRONG > > > RCPTLIMIT="10",DKVERIFY="DEGIJKfh",QMAILQUEUE="/var/qmail/bin/simscan",DKQUE > > > UE="/var/qmail/bin/qmail-queue.orig",DKSIGN="/var/qmail/control/domainkeys/d > > omain.com/private" > > >> >> > > >> >> >> > > >> >> >> > > >> >> >> Here is what I have in my dns. (i have godaddy and im guessing > > >> >> they are > > >> >> >> using bind). > > >> >> >> > > >> >> >> > > >> >> >> > > >> >> >> private._domainkey.domain.com > > >> >> >> k=rsa; > > >> >> >> > > >> >> > > > p=Mxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx > > xx > > >> >> > > >> >> >> > > >> >> >> 3600 > > >> >> >> > > >> >> >> > > >> >> > --------------------------------------------------------------------- > > >> >> >> QmailToaster hosted by: VR Hosted > > >> >> >> > > >> >> > --------------------------------------------------------------------- > > >> To > > >> >> >> unsubscribe, e-mail: > > >> >> [EMAIL PROTECTED] For > > >> >> >> additional commands, e-mail: > > >> [EMAIL PROTECTED] > > >> >> > > > >> >> > > > --------------------------------------------------------------------- > > >> >> > QmailToaster hosted by: VR Hosted <http://www.vr.org> > > >> >> > > > --------------------------------------------------------------------- > > >> >> > To unsubscribe, e-mail: > > >> [EMAIL PROTECTED] > > >> >> > For additional commands, e-mail: > > >> >> [EMAIL PROTECTED] > > >> >> > > > >> >> > > >> >> > > >> >> > --------------------------------------------------------------------- > > >> >> QmailToaster hosted by: VR Hosted <http://www.vr.org> > > >> >> > --------------------------------------------------------------------- > > >> >> To unsubscribe, e-mail: > > >> [EMAIL PROTECTED] > > >> >> For additional commands, e-mail: > > >> [EMAIL PROTECTED] > > >> >> > > >> >> > > >> > > > >> > --------------------------------------------------------------------- > > >> > QmailToaster hosted by: VR Hosted <http://www.vr.org> > > >> > --------------------------------------------------------------------- > > >> > To unsubscribe, e-mail: > [EMAIL PROTECTED] > > >> > For additional commands, e-mail: > > >> [EMAIL PROTECTED] > > >> > > > >> > > >> > > >> --------------------------------------------------------------------- > > >> QmailToaster hosted by: VR Hosted <http://www.vr.org> > > >> --------------------------------------------------------------------- > > >> To unsubscribe, e-mail: [EMAIL PROTECTED] > > >> For additional commands, e-mail: > [EMAIL PROTECTED] > > >> > > >> > > > > > > --------------------------------------------------------------------- > > > QmailToaster hosted by: VR Hosted <http://www.vr.org> > > > --------------------------------------------------------------------- > > > To unsubscribe, e-mail: [EMAIL PROTECTED] > > > For additional commands, e-mail: [EMAIL PROTECTED] > > > > > > > > > > > > > > --------------------------------------------- > > .how soon not now becomes never. _martin luther > > > > > > --------------------------------------------------------------------- > > QmailToaster hosted by: VR Hosted <http://www.vr.org> > > --------------------------------------------------------------------- > > To unsubscribe, e-mail: [EMAIL PROTECTED] > > For additional commands, e-mail: [EMAIL PROTECTED] > > > > > > > > > > --------------------------------------------------------------------- > > QmailToaster hosted by: VR Hosted <http://www.vr.org> > > --------------------------------------------------------------------- > > To unsubscribe, e-mail: [EMAIL PROTECTED] > > For additional commands, e-mail: [EMAIL PROTECTED] > > > > > > --------------------------------------------------------------------- > QmailToaster hosted by: VR Hosted <http://www.vr.org> > --------------------------------------------------------------------- > To unsubscribe, e-mail: [EMAIL PROTECTED] > For additional commands, e-mail: [EMAIL PROTECTED] > > > > > --------------------------------------------------------------------- > QmailToaster hosted by: VR Hosted <http://www.vr.org> > --------------------------------------------------------------------- > To unsubscribe, e-mail: [EMAIL PROTECTED] > For additional commands, e-mail: [EMAIL PROTECTED] > > --------------------------------------------------------------------- QmailToaster hosted by: VR Hosted <http://www.vr.org> --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] --------------------------------------------------------------------- QmailToaster hosted by: VR Hosted <http://www.vr.org> --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
