[qmailtoaster] DKIM Error

[Anil Aliyan]

Dear Jakes,

Please find some time to help resolve my problem also, will very greatful to 
you.

Thanks & Regards,

Anil Aliyan


----- Original Message ----- 
From: Anil Aliyan 
To: qmailtoaster-list@qmailtoaster.com 
Sent: Saturday, October 31, 2009 2:28 AM
Subject: [qmailtoaster] DKIM Error


Jakes,

Please find the config file attached with this mail.

I have not changed anything in the conf file and i copied it as it is in the 
/var/qmail/control/dkim folder persmission are:

-rw-r--r-- 1 qmailr qmail  891 Oct 29 17:06 global.key
-rw-r--r-- 1 qmailr qmail  241 Oct 29 17:07 public.txt
-rw-r--r-- 1 qmailr qmail  250 Oct 29 17:10 signconf.xml

I performed following steps to install the DKIM:

----install required perl packages----

perl-XML-Simple perl-Mail-DKIM perl-XML-Parser

---------------------------------------

mkdir /var/qmail/control/dkim

dknewkey /var/qmail/control/dkim/global.key > /var/qmail/control/dkim/public.txt

perl -pi -e 's/global.key._domainkey/dkim1/' /var/qmail/control/dkim/public.txt

---Download DKIM Package ---

wget http://qmailtoaster.org/dkim.tgz

tar zxvf dkim.tgz

cd dkim

qmailctl stop

mv signconf.xml /var/qmail/control/dkim/

chown -R qmailr:qmail /var/qmail/control/dkim

mv /var/qmail/bin/qmail-remote /var/qmail/bin/qmail-remote.orig

mv qmail-remote /var/qmail/bin/

chmod 777 /var/qmail/bin/qmail-remote

chown root:qmail /var/qmail/bin/qmail-remote

qmailctl start

Copy Contents of public.key and paste into dns zone as it is without any 
modifications.

---------------------------------------------
  ----- Original Message ----- 
  From: Jake Vickers 
  To: qmailtoaster-list@qmailtoaster.com 
  Sent: Friday, October 30, 2009 10:16 PM
  Subject: Re: [qmailtoaster] DKIM Error


  Anil Aliyan wrote: 
      
    Dear All,

    I have setup DKIM as per instution in the DKIM video. Everything is setup 
correctly but still when i see mail hearders on yahoo or gmail i see

    Authentication-Results:   mta164.mail.in.yahoo.com from=gnvfc.net; 
domainkeys=pass (ok); from=mail.gnvfc.net; dkim=permerror (no key) 

    Secondly, for domain keys it says from=gnvfc.net; domainkeys=pass (ok);
    and for DKIM is says from=mail.gnvfc.net; dkim=permerror (no key)

    why is says from=? different in both the cases in domainkeys its gnvfc.net 
and in DKIM its mail.gnvfc.net.

    When recipient mail server verifies the key it might be looking for the 
domain name instead of hostname+domain name.

    DKIM reads the domain name from the me file in control dir, if i am not 
wrong.
    while Domain keys only selects the actual domain name from the email 
address or sending mailserver.

          DKIM-Signature:  
         v=1; a=rsa-sha1; c=simple; d=mail.gnvfc.net; h= 
message-id:reply-to:from:to:subject:date:mime-version :content-type; s=dkim1; 

          DomainKey-Signature:  
         a=rsa-sha1; q=dns; c=nofws; s=private; d=gnvfc.net; 

    I have 5 virtual domains and if i use globalkey for the severs all 
maildomains will have samekey and every mail deliverd on yahoo will look for 
d=gnvfc.net for public key.

    How can i setup dkim for individual domain. and how can i get d=gnvfc.net 
as shown in  RED above in both Signature headers.

    And is my DKIM entry in DNS is in the format given below, is it correct. I 
have simply copied it from the public.txt file and pasted into my dns, you can 
check the same from  http://domainkeys.sourceforge.net/selectorcheck.html with 
dkim.gnvfc.net:

    dkim1   IN      TXT     "k=rsa; 
p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQD0KkrMRWFDOYr41TzzIDAzXVumAXtAXw4XthJPLZ22YwZhh2jtu1V7jnvrywT2aMhh03UdxrGlipI2waX2m1JyTxp5sy07Bgm4AvYZXtm90Jq74b6V7jZqF04ur9IoaN9HEUdaFeY5HeYgab53phMOvwX5UH8Z6qgj3rC7hWtQPwIDAQAB"


    Regards,

    Anil Aliyan

  Show us your DKIM config file. I suspect you have something configured 
incorrectly there.
  The DKIM patch for Qmail will allow you to sign multiple domains individually 
(when configured correctly, Yahoo will look at each domain for the DKIM key). 
The patch will force you to use ONE key to sign the domains however. So you use 
the same hash to sign, but each domain will get a DNS entry and each domain 
will sign for itself by configuring the DKIM config file correctly.




--------------------------------------------------------------------------------


---------------------------------------------------------------------------------
Qmailtoaster is sponsored by Vickers Consulting Group 
(www.vickersconsulting.com)
    Vickers Consulting Group offers Qmailtoaster support and installations.
      If you need professional help with your setup, contact them today!
---------------------------------------------------------------------------------
     Please visit qmailtoaster.com for the latest news, updates, and packages.
     
      To unsubscribe, e-mail: qmailtoaster-list-unsubscr...@qmailtoaster.com
     For additional commands, e-mail: qmailtoaster-list-h...@qmailtoaster.com

<dkimsign>
  <!-- per default sign all mails using dkim -->
  <global algorithm="rsa-sha1" domain="/var/qmail/control/me" keyfile="/var/qmail/control/dkim/global.key" method="simple" selector="dkim1">
    <types id="dkim" />
  </global>

</dkimsign>



---------------------------------------------------------------------------------
Qmailtoaster is sponsored by Vickers Consulting Group 
(www.vickersconsulting.com)
    Vickers Consulting Group offers Qmailtoaster support and installations.
      If you need professional help with your setup, contact them today!
---------------------------------------------------------------------------------
     Please visit qmailtoaster.com for the latest news, updates, and packages.
     
      To unsubscribe, e-mail: qmailtoaster-list-unsubscr...@qmailtoaster.com
     For additional commands, e-mail: qmailtoaster-list-h...@qmailtoaster.com