RE: [qmailtoaster] Re: Mails getting bounced

Anil Aliyan Mon, 05 Apr 2010 05:46:56 -0700

Make you signconf.xml look like this :


<dkimsign>

  <!-- per default sign all mails using dkim -->

  <global algorithm="rsa-sha1" query="dns" 
keyfile="/var/qmail/control/dkim/global.key" method="simple" selector="dkim1">

    <types id="dkim" />

  </global>

 

  <vanza.com selector="dkim1">

    <types id="dkim" />

    <types id="domainkey" method="nofws" />

  </vanza.com>

 

</dkimsign>

 

 

From: Amit Dalia [mailto:a...@ikf.co.in] 
Sent: Monday, April 05, 2010 6:09 PM
To: qmailtoaster-list@qmailtoaster.com
Subject: RE: [qmailtoaster] Re: Mails getting bounced

 

Dear Anil,

Please find my signconf.xml file contains is below:

<dkimsign>
  <!-- per default sign all mails using dkim -->
  <global algorithm="rsa-sha1" domain="/var/qmail/control/me" 
keyfile="/var/qmail/control/dkim/global.key" method="simple" selector="dkim1">
    <types id="dkim" />
  </global>

</dkimsign>

But your file doesn't contain this. So do I modify my file as per you mentioned.

Regards,

Amit

At Monday, 05-04-2010 on 17:39 Anil Aliyan wrote:



Dear Amit,

 

Please ignore my last mail about smarthost. Your mail signed by you main mail 
server should work actually.

 

I have checked your test message and it is signed by DKIM but doesn’t singed 
for Domainkeys. You need to entry for both in your signconf.xml file:  Your 
file should look like below mentioned example:

 

<dkimsign>

  <!-- per default sign all mails using dkim -->

  <global algorithm="rsa-sha1" query="dns" 
keyfile="/var/qmail/control/dkim/global.key" method="simple" selector="dkim1">

    <types id="dkim" />

  </global>

 

  <vanza.com selector="dkim1">

    <types id="dkim" />

    <types id="domainkey" method="nofws" />

  </vanza.com>

 

</dkimsign>

 

From: Amit Dalia [mailto:a...@ikf.co.in] 
Sent: Monday, April 05, 2010 5:30 PM
To: qmailtoaster-list@qmailtoaster.com
Subject: Re: [qmailtoaster] Re: Mails getting bounced

 

Dear Anil,

Please check I had send test mail on your email id.

Regards,

Amit

At Monday, 05-04-2010 on 17:26 Postmaster wrote:

It may take a while for the DNS entries to propagate.
Send an e-mail with test in the subject line to sa-t...@sendmail.net

and you should have a reply with output like this shortly:



sendmail.net Sender Authentication Auto-Responder $Revision: 1.19 $











This service runs at  <mailto:sa-t...@sendmail.net> <sa-t...@sendmail.net> and 
allows remote users





to perform a simple, automated test to see if different Sender





Authentication schemes are working.  Mail sent to this service





is checked by our Sender Authentication filters for any valid





credentials or signatures.  A script receives the message, checks





for a special header with the results of the tests, and composes





this response message based on what it finds.  This response is also





signed with DomainKeys and DomainKeys Identified Mail (DKIM).











Please note that the DKIM filter signing this reply message conforms





to the latest IETF draft version, and thus may not be successfully





verified by older implementations.  If you are using dkim-filter from





Sendmail, Inc., upgrade to at least version 1.0.0 to be compatible





with the most recent version of DKIM.











We hope this service has been helpful to you.











Authentication System:       DomainKeys Identified Mail





   Result:                   DKIM signature confirmed GOOD





   Description:              Signature verified, message arrived intact





   Reporting host:           sendmail.net        





   More information:         http://mipassoc.org/dkim/





   Sendmail milter:          https://sourceforge.net/projects/dkim-milter/











Authentication System:       Domain Keys         





   Result:                   DK signature confirmed GOOD





   Description:              Signature verified, message arrived intact





   Reporting host:           sendmail.net        





   More information:         http://antispam.yahoo.com/domainkeys





   Sendmail milter:          https://sourceforge.net/projects/domainkeys-milter/











Authentication System:       Sender ID           





   Result:                   SID data confirmed GOOD





   Description:              Sending host is authorized for sending domain





   Reporting host:           sendmail.net        





   More information:         http://www.microsoft.com/senderid





   Sendmail milter:          https://sourceforge.net/projects/sid-milter/











Authentication System:       Sender Permitted From (SPF)





   Result:                   SPF data confirmed GOOD





   Description:              Sending host is authorized for sending domain





   Reporting host:           sendmail.net        





   More information:         http://spf.pobox.com/

Regards
Alex


On 05/04/2010 12:46, Amit Dalia wrote: 

Dear Anil,

Yes I saw that and modified it on my DNS server. Also I had setup DKIM for my 
server as per Jake Video on settuping up DKIM.

I think, I have to check it know whether its working or not, so how can I check 
it?

Regards,

Amit

At Monday, 05-04-2010 on 17:04 Anil Aliyan wrote:

Dear Amit,

 

Your DNS entry has one problem. You have k=rsa;   twice in you DNS entry please 
remove one k=rsa; from the DNS entry.

 



private._domainkey.vanaz.com

New test <http://domainkeys.sourceforge.net/selectorcheck.html> 

TXT Record length = 120 

k=rsa; k=rsa; 
p=MEwwDQYJKoZIhvcNAQEBBQADOwAwOAIxAMOyyYU7C8EPAq5QMKFXWuaEbtS/uCSB 

...aKlCU8bNlpTcIyVZxDvoQJra6um3v9mc5QIDAQAB 

This selector is in error: TagValue# 2, Tag 'k': Duplicate token at position 1

 

Regards,

 

Anil Aliyan

 

From: Amit Dalia [mailto:a...@ikf.co.in] 
Sent: Monday, April 05, 2010 4:20 PM
To: qmailtoaster-list@qmailtoaster.com
Subject: Re: [qmailtoaster] Re: Mails getting bounced

 

Dear Anil/Alex,

Please check the link below:
http://domainkeys.sourceforge.net/cgi-bin/check_policy?domain=vanaz.com 
<http://domainkeys.sourceforge.net/cgi-bin/check_policy?domain=vanaz.com&Submit=Submit>
 &Submit=Submit
http://domainkeys.sourceforge.net/cgi-bin/check_selector?selector=private._domainkey.vanaz.com
 
<http://domainkeys.sourceforge.net/cgi-bin/check_selector?selector=private._domainkey.vanaz.com&Submit=Submit>
 &Submit=Submit

Anyway I will proceed for DKIM installation now.

Thanks and regards,

Amit

At Monday, 05-04-2010 on 15:34 Postmaster wrote:

Issue the following command:

ln -sf qmail-dk qmail-queue

Restart qmail 

and do not forget to insert two TXT records into your DNS and make sure you 
have done it in a right way.
This would help you to test it:


http://domainkeys.sourceforge.net/policycheck.html
http://domainkeys.sourceforge.net 
<http://domainkeys.sourceforge.net/policycheck.html> 
  

Also refer to qmailtoaster wiki.

Regards
Alex




On 05/04/2010 10:57, Amit Dalia wrote: 

I had removed qmail-dk from my server using
ln -sf qmail-queue.orig qmail-queue

Now how do re-enable qmail-dk for my server.

Regards,

Amit

At Monday, 05-04-2010 on 15:08 Postmaster wrote:

This may not help. You do not have control over the other server and your 
domain may be rejected if the other server has
a strict Domainkey policy. I would recommend to keep qmail-dk and DNS entries 
unless you have serious problems (qmail-dk is completely broken). 

Personally, I have not had any issues with Domainkey.

Regards
Alex



On 05/04/2010 10:21, Amit Dalia wrote: 

It is my domain which got rejected. And I had now removed domain key for 
signing my out going emails. Also I had deleted domain key entries from my DNS 
Server.

Amit

At Monday, 05-04-2010 on 14:48 Postmaster wrote:

Is it your server rejecting mail or is it your domain got rejected?
Let's check - http://domainkeys.sourceforge.net/policycheck.html



Testing private._domainkey.vanaz.com

New test <http://domainkeys.sourceforge.net/policycheck.html> 

No _domainkey TXT record found for private._domainkey.vanaz.com


and 



Testing _domainkey.vanaz.com

New test <http://domainkeys.sourceforge.net/policycheck.html> 

No _domainkey TXT record found for _domainkey.vanaz.com


So there is no policy for vanaz.com, hence this domain would fail domainkey 
policy on other servers.
You need to insert 2 TXT records in vanaz.com DNS.


Regards
Alex





On 05/04/2010 07:21, Amit Dalia wrote: 

Hi Eric/Jake,

I had removed Domain Key from my server but I'm still getting below error:

<pnq.fitd...@orbit-star.com>:
202.46.201.27 failed after I sent the message.
Remote host said: 550 Message does not pass DomainKeys requirements for domain 
vanaz.com <http://vanaz.com/> 

Any help since this is creating problem to me know.

Regards,

Amit


At Monday, 29-03-2010 on 21:53 Eric Shubert wrote:

Not at all.

Amit Dalia wrote:
> Eric/Jake,
> 
> Will re-installing qmail toaster package can solve the problem?
> 
> Amit
> 
> At Monday, 29-03-2010 on 21:18 Eric Shubert wrote:
> 
> Amit,
> 
> No way to repair qmail-dk, until someone steps up and fixes the code.
> 
> Check out Jake's videos for a way to use DKIM.
> 
> In order to disable DK entirely, do:
> # cd /var/qmail/bin
> # ln -sf qmail-queue.orig qmail-queue
> 
> -- 
> -Eric 'shubes'
> 
> Amit Dalia wrote:
> >
> > Dear Eric,
> >
> > This was outgoing mail from server and occurred first time only. If
> > qmail-dk is broken then is there any way to repair this? Is there
> any
> > other way to use Domain Key or DKIM with my server? Else how to
> remove
> > Domain Key from my server.
> >
> > Thanks and regards,
> >
> > Amit
> >
> > At Monday, 29-03-2010 on 20:50 Eric Shubert wrote:
> >
> > Amit Dalia wrote:
> > > Dear Team,
> > >
> > > I have been using Domain Key for one of my domain without any
> > problem
> > > from long time. But today 1 server bounced it back mentioning the
> > below
> > > error:
> > >
> > > [<02>] The reason of the delivery failure was:
> > > >
> > > > 550 Message does not pass DomainKeys requirements for domain
> > vanaz.com
> > >
> > > Is my domain key break?
> > >
> > > Thanks and regards,
> > >
> > > Amit
> >
> > Perhaps. The qmail-dk program included with QMT is broken in some
> > areas,
> > particularly inbound. While we've been under the impression that
> > signing
> > was working ok, it's entirely possible that there's a bug in
> there. The
> > safest bet is to simply not use it at all.
> >
> > --
> > -Eric 'shubes'
> >
> 
> 
> ---------------------------------------------------------------------------------
> Qmailtoaster is sponsored by Vickers Consulting Group
> (www.vickersconsulting.com)
> Vickers Consulting Group offers Qmailtoaster support and installations.
> If you need professional help with your setup, contact them today!
> ---------------------------------------------------------------------------------
> Please visit qmailtoaster.com for the latest news, updates, and
> packages.
> 
> To unsubscribe, e-mail: qmailtoaster-list-unsubscr...@qmailtoaster.com
> For additional commands, e-mail: qmailtoaster-list-h...@qmailtoaster.com
> 


-- 
-Eric 'shubes'


---------------------------------------------------------------------------------
Qmailtoaster is sponsored by Vickers Consulting Group 
(www.vickersconsulting.com)
Vickers Consulting Group offers Qmailtoaster support and installations.
If you need professional help with your setup, contact them today!
---------------------------------------------------------------------------------
Please visit qmailtoaster.com for the latest news, updates, and packages.

To unsubscribe, e-mail: qmailtoaster-list-unsubscr...@qmailtoaster.com
For additional commands, e-mail: qmailtoaster-list-h...@qmailtoaster.com

RE: [qmailtoaster] Re: Mails getting bounced

Reply via email to