Make you signconf.xml look like this :
<dkimsign> <!-- per default sign all mails using dkim --> <global algorithm="rsa-sha1" query="dns" keyfile="/var/qmail/control/dkim/global.key" method="simple" selector="dkim1"> <types id="dkim" /> </global> <vanza.com selector="dkim1"> <types id="dkim" /> <types id="domainkey" method="nofws" /> </vanza.com> </dkimsign> From: Amit Dalia [mailto:a...@ikf.co.in] Sent: Monday, April 05, 2010 6:09 PM To: qmailtoaster-list@qmailtoaster.com Subject: RE: [qmailtoaster] Re: Mails getting bounced Dear Anil, Please find my signconf.xml file contains is below: <dkimsign> <!-- per default sign all mails using dkim --> <global algorithm="rsa-sha1" domain="/var/qmail/control/me" keyfile="/var/qmail/control/dkim/global.key" method="simple" selector="dkim1"> <types id="dkim" /> </global> </dkimsign> But your file doesn't contain this. So do I modify my file as per you mentioned. Regards, Amit At Monday, 05-04-2010 on 17:39 Anil Aliyan wrote: Dear Amit, Please ignore my last mail about smarthost. Your mail signed by you main mail server should work actually. I have checked your test message and it is signed by DKIM but doesn’t singed for Domainkeys. You need to entry for both in your signconf.xml file: Your file should look like below mentioned example: <dkimsign> <!-- per default sign all mails using dkim --> <global algorithm="rsa-sha1" query="dns" keyfile="/var/qmail/control/dkim/global.key" method="simple" selector="dkim1"> <types id="dkim" /> </global> <vanza.com selector="dkim1"> <types id="dkim" /> <types id="domainkey" method="nofws" /> </vanza.com> </dkimsign> From: Amit Dalia [mailto:a...@ikf.co.in] Sent: Monday, April 05, 2010 5:30 PM To: qmailtoaster-list@qmailtoaster.com Subject: Re: [qmailtoaster] Re: Mails getting bounced Dear Anil, Please check I had send test mail on your email id. Regards, Amit At Monday, 05-04-2010 on 17:26 Postmaster wrote: It may take a while for the DNS entries to propagate. Send an e-mail with test in the subject line to sa-t...@sendmail.net and you should have a reply with output like this shortly: sendmail.net Sender Authentication Auto-Responder $Revision: 1.19 $ This service runs at <mailto:sa-t...@sendmail.net> <sa-t...@sendmail.net> and allows remote users to perform a simple, automated test to see if different Sender Authentication schemes are working. Mail sent to this service is checked by our Sender Authentication filters for any valid credentials or signatures. A script receives the message, checks for a special header with the results of the tests, and composes this response message based on what it finds. This response is also signed with DomainKeys and DomainKeys Identified Mail (DKIM). Please note that the DKIM filter signing this reply message conforms to the latest IETF draft version, and thus may not be successfully verified by older implementations. If you are using dkim-filter from Sendmail, Inc., upgrade to at least version 1.0.0 to be compatible with the most recent version of DKIM. We hope this service has been helpful to you. Authentication System: DomainKeys Identified Mail Result: DKIM signature confirmed GOOD Description: Signature verified, message arrived intact Reporting host: sendmail.net More information: http://mipassoc.org/dkim/ Sendmail milter: https://sourceforge.net/projects/dkim-milter/ Authentication System: Domain Keys Result: DK signature confirmed GOOD Description: Signature verified, message arrived intact Reporting host: sendmail.net More information: http://antispam.yahoo.com/domainkeys Sendmail milter: https://sourceforge.net/projects/domainkeys-milter/ Authentication System: Sender ID Result: SID data confirmed GOOD Description: Sending host is authorized for sending domain Reporting host: sendmail.net More information: http://www.microsoft.com/senderid Sendmail milter: https://sourceforge.net/projects/sid-milter/ Authentication System: Sender Permitted From (SPF) Result: SPF data confirmed GOOD Description: Sending host is authorized for sending domain Reporting host: sendmail.net More information: http://spf.pobox.com/ Regards Alex On 05/04/2010 12:46, Amit Dalia wrote: Dear Anil, Yes I saw that and modified it on my DNS server. Also I had setup DKIM for my server as per Jake Video on settuping up DKIM. I think, I have to check it know whether its working or not, so how can I check it? Regards, Amit At Monday, 05-04-2010 on 17:04 Anil Aliyan wrote: Dear Amit, Your DNS entry has one problem. You have k=rsa; twice in you DNS entry please remove one k=rsa; from the DNS entry. private._domainkey.vanaz.com New test <http://domainkeys.sourceforge.net/selectorcheck.html> TXT Record length = 120 k=rsa; k=rsa; p=MEwwDQYJKoZIhvcNAQEBBQADOwAwOAIxAMOyyYU7C8EPAq5QMKFXWuaEbtS/uCSB ...aKlCU8bNlpTcIyVZxDvoQJra6um3v9mc5QIDAQAB This selector is in error: TagValue# 2, Tag 'k': Duplicate token at position 1 Regards, Anil Aliyan From: Amit Dalia [mailto:a...@ikf.co.in] Sent: Monday, April 05, 2010 4:20 PM To: qmailtoaster-list@qmailtoaster.com Subject: Re: [qmailtoaster] Re: Mails getting bounced Dear Anil/Alex, Please check the link below: http://domainkeys.sourceforge.net/cgi-bin/check_policy?domain=vanaz.com <http://domainkeys.sourceforge.net/cgi-bin/check_policy?domain=vanaz.com&Submit=Submit> &Submit=Submit http://domainkeys.sourceforge.net/cgi-bin/check_selector?selector=private._domainkey.vanaz.com <http://domainkeys.sourceforge.net/cgi-bin/check_selector?selector=private._domainkey.vanaz.com&Submit=Submit> &Submit=Submit Anyway I will proceed for DKIM installation now. Thanks and regards, Amit At Monday, 05-04-2010 on 15:34 Postmaster wrote: Issue the following command: ln -sf qmail-dk qmail-queue Restart qmail and do not forget to insert two TXT records into your DNS and make sure you have done it in a right way. This would help you to test it: http://domainkeys.sourceforge.net/policycheck.html http://domainkeys.sourceforge.net <http://domainkeys.sourceforge.net/policycheck.html> Also refer to qmailtoaster wiki. Regards Alex On 05/04/2010 10:57, Amit Dalia wrote: I had removed qmail-dk from my server using ln -sf qmail-queue.orig qmail-queue Now how do re-enable qmail-dk for my server. Regards, Amit At Monday, 05-04-2010 on 15:08 Postmaster wrote: This may not help. You do not have control over the other server and your domain may be rejected if the other server has a strict Domainkey policy. I would recommend to keep qmail-dk and DNS entries unless you have serious problems (qmail-dk is completely broken). Personally, I have not had any issues with Domainkey. Regards Alex On 05/04/2010 10:21, Amit Dalia wrote: It is my domain which got rejected. And I had now removed domain key for signing my out going emails. Also I had deleted domain key entries from my DNS Server. Amit At Monday, 05-04-2010 on 14:48 Postmaster wrote: Is it your server rejecting mail or is it your domain got rejected? Let's check - http://domainkeys.sourceforge.net/policycheck.html Testing private._domainkey.vanaz.com New test <http://domainkeys.sourceforge.net/policycheck.html> No _domainkey TXT record found for private._domainkey.vanaz.com and Testing _domainkey.vanaz.com New test <http://domainkeys.sourceforge.net/policycheck.html> No _domainkey TXT record found for _domainkey.vanaz.com So there is no policy for vanaz.com, hence this domain would fail domainkey policy on other servers. You need to insert 2 TXT records in vanaz.com DNS. Regards Alex On 05/04/2010 07:21, Amit Dalia wrote: Hi Eric/Jake, I had removed Domain Key from my server but I'm still getting below error: <pnq.fitd...@orbit-star.com>: 202.46.201.27 failed after I sent the message. Remote host said: 550 Message does not pass DomainKeys requirements for domain vanaz.com <http://vanaz.com/> Any help since this is creating problem to me know. Regards, Amit At Monday, 29-03-2010 on 21:53 Eric Shubert wrote: Not at all. Amit Dalia wrote: > Eric/Jake, > > Will re-installing qmail toaster package can solve the problem? > > Amit > > At Monday, 29-03-2010 on 21:18 Eric Shubert wrote: > > Amit, > > No way to repair qmail-dk, until someone steps up and fixes the code. > > Check out Jake's videos for a way to use DKIM. > > In order to disable DK entirely, do: > # cd /var/qmail/bin > # ln -sf qmail-queue.orig qmail-queue > > -- > -Eric 'shubes' > > Amit Dalia wrote: > > > > Dear Eric, > > > > This was outgoing mail from server and occurred first time only. If > > qmail-dk is broken then is there any way to repair this? Is there > any > > other way to use Domain Key or DKIM with my server? Else how to > remove > > Domain Key from my server. > > > > Thanks and regards, > > > > Amit > > > > At Monday, 29-03-2010 on 20:50 Eric Shubert wrote: > > > > Amit Dalia wrote: > > > Dear Team, > > > > > > I have been using Domain Key for one of my domain without any > > problem > > > from long time. But today 1 server bounced it back mentioning the > > below > > > error: > > > > > > [<02>] The reason of the delivery failure was: > > > > > > > > 550 Message does not pass DomainKeys requirements for domain > > vanaz.com > > > > > > Is my domain key break? > > > > > > Thanks and regards, > > > > > > Amit > > > > Perhaps. The qmail-dk program included with QMT is broken in some > > areas, > > particularly inbound. While we've been under the impression that > > signing > > was working ok, it's entirely possible that there's a bug in > there. The > > safest bet is to simply not use it at all. > > > > -- > > -Eric 'shubes' > > > > > --------------------------------------------------------------------------------- > Qmailtoaster is sponsored by Vickers Consulting Group > (www.vickersconsulting.com) > Vickers Consulting Group offers Qmailtoaster support and installations. > If you need professional help with your setup, contact them today! > --------------------------------------------------------------------------------- > Please visit qmailtoaster.com for the latest news, updates, and > packages. > > To unsubscribe, e-mail: qmailtoaster-list-unsubscr...@qmailtoaster.com > For additional commands, e-mail: qmailtoaster-list-h...@qmailtoaster.com > -- -Eric 'shubes' --------------------------------------------------------------------------------- Qmailtoaster is sponsored by Vickers Consulting Group (www.vickersconsulting.com) Vickers Consulting Group offers Qmailtoaster support and installations. If you need professional help with your setup, contact them today! --------------------------------------------------------------------------------- Please visit qmailtoaster.com for the latest news, updates, and packages. To unsubscribe, e-mail: qmailtoaster-list-unsubscr...@qmailtoaster.com For additional commands, e-mail: qmailtoaster-list-h...@qmailtoaster.com