Dear Anil / Everyone, After waiting for 1 long week, I'm still able to see same error
Authentication-Results: mta179.mail.ac4.yahoo.com from=vanaz.com; domainkeys=fail (bad syntax); from=mailserver; dkim=permerror (no key) Any help? Regards, Amit At Tuesday, 06-04-2010 on 10:29 Anil Aliyan wrote: Dear Amit, Please be patient and wait for couple of days until yahoo’s dns server are updated and start reading you new public key this error will go away and will pass the test. http://domainkeys.sourceforge.net/cgi-bin/check_selector?selector=dkim1._domainkey.vanaz.com&Submit=Submit DKIM1._DOMAINKEY.VANAZ.COM New test [1] TXT Record length = 113 k=rsa; p=MEwwDQYJKoZIhvcNAQEBBQADOwAwOAIxAMr0cG1KMKOsR3sNt69ZuqdCPts+mUfBappgKc0 ...qvB+6+X1cXYln9Eq6sikdiIzV4QIDAQAB This selector appears valid. TAG VALUE EXPLANATION k rsa The public key algorithm used to verify the signature p MEwwDQYJKoZIhvcNAQEBBQADOwAwOAIxAMr0 cG1KMKOsR3sNt69ZuqdC... Modulus Size=384 Exponent=65537 is already showing your new key without any errors now. So just hang on for a max two more days and it will be resolved soon with yahoo as well. Regards, Anil Aliyan FROM: Amit Dalia [mailto:a...@ikf.co.in] SENT: Monday, April 05, 2010 8:49 PM TO: qmailtoaster-list@qmailtoaster.com SUBJECT: Re: [qmailtoaster] Re: Mails getting bounced Sorry again. Better I'll wait and check it after 2-3 days. Regards, Amit At Monday, 05-04-2010 on 20:44 Postmaster wrote: Amit, I think we have discussed it before. You should wait for several days for your DNS to propagate and all DNS caches to renew data. Personally, I cannot see your new TXT entries into your DNS and I am sure I am not alone. Regards Alex On 05/04/2010 16:08, Amit Dalia wrote: Hi, Now I'm able to see signature in my mails, but also getting error. Please see details below: DomainKey-Signature: a=rsa-sha1; c=nofws; d=mailserver; h=to:subject :mime-version:date:from:cc:message-id:content-type; q=dns; s= dkim1; b=EJJf493aRwtpqumbElVUhczVFtJi4Y+XhG9rcW5lMMvMQe5rQJsV5BE BF/QITML9 DKIM-Signature: v=1; a=rsa-sha1; c=simple; d=mailserver; h=to:subject :mime-version:date:from:cc:message-id:content-type; q=dns; s= dkim1; bh=FNfmzKx9JuLnfrW3zJJj57jDbkc=; b=Mpco6Xx/zZkP0IxiYSZiNk RHuFuGDzOMsJdmkkw+YIYygZiWN4a33AeFk1kXbXrW Authentication-Results: mta179.mail.ac4.yahoo.com from=vanaz.com; domainkeys=fail (bad syntax); from=mailserver; dkim=permerror (no key) Regards, Amit At Monday, 05-04-2010 on 19:04 Anil Aliyan wrote: OK I got ur mail and it has both the signatures .... its working man. Try sending some test message to any of yours account on gmail and yahoo then check the headers. Regards, Anil Aliyan FROM: Amit Dalia [mailto:a...@ikf.co.in] SENT: Monday, April 05, 2010 6:44 PM TO: qmailtoaster-list@qmailtoaster.com SUBJECT: RE: [qmailtoaster] Re: Mails getting bounced Done. Sorry I had forgot to do qmailctl cdb. Anyway Anil please check whether you received my mail or not. Regards, Amit At Monday, 05-04-2010 on 18:36 Anil Aliyan wrote: That’s nice. If you would have simply renamed the domainkey folder would have served the purpose. Coz if the domainkey folder doesn’t exist that line in the tcp.smtp will not have any effect. Regards, Anil Aliyan FROM: Amit Dalia [mailto:a...@ikf.co.in] SENT: Monday, April 05, 2010 6:30 PM TO: qmailtoaster-list@qmailtoaster.com SUBJECT: RE: [qmailtoaster] Re: Mails getting bounced Dear Anil, Yes, dkim1._domainkey.vanaz.com is the same key which I generate for DKIM. Second, right now DKSIGN="/var/qmail/control/%/private". So do I modify it to DKSIGN="". Regards, Amit At Monday, 05-04-2010 on 18:23 Anil Aliyan wrote: Dear Amit, 1) do I need to remove delete domainkey folder from control? SIMPLY RENAME THE DOMAINKEY FOLDER TO DOMAIN-KEY OR SOMETHING ELSE , THAT’S UPTO YOU. 2) do I need to modify DKSIGN="" in tcp.smtp? YOU DON’T HAVE TO MAKE ANY CHANGES IN YOUR TCP.SMTP, JUST KEEP THEM AS IT IS. 3) do I need to modify my DNS server entries and if yes then what the new entry I should made? IF THE DNS ENTRY FOR DKIM1._DOMAINKEY.VANZA.COM IS THE SAME KEY YOU HAVE GENERATED FOR DKIM THEN YOU NEED NOT DO ANYTHING ELSE. JUST KEEP THE SAME KEY AND SAME KEY WILL BE USED FOR VERIFICATION OF BOTK DKIM AND DOMAINKEY. Regards, Anil Aliyan FROM: Amit Dalia [mailto:a...@ikf.co.in] SENT: Monday, April 05, 2010 6:13 PM TO: qmailtoaster-list@qmailtoaster.com SUBJECT: RE: [qmailtoaster] Re: Mails getting bounced Dear Anil, Ok. After modifying this, I have queries: 1) do I need to remove delete domainkey folder from control? 2) do I need to modify DKSIGN="" in tcp.smtp? 3) do I need to modify my DNS server entries and if yes then what the new entry I should made? Thanks and regards, Amit At Monday, 05-04-2010 on 18:05 Anil Aliyan wrote: By default singconf.xml file contains on first line as below and only signs for DKIM: But if you want to sign mails for Domainkeys as well then you will have to add one more line just below AND ABOVE IN THE ABOVE EXAMPLE: REGARDS, ANIL ALIYAN FROM: Postmaster [mailto:postmas...@seawise-chartering.co.uk] SENT: Monday, April 05, 2010 5:52 PM TO: qmailtoaster-list@qmailtoaster.com SUBJECT: Re: [qmailtoaster] Re: Mails getting bounced I have not looked into possibility of having Domainkey and DKIM signed by DKIM as I installed qmailtoaster with Domainkey first and then added DKIM functionality and for this reason I'd keep them separate. Regards Alex On 05/04/2010 13:15, Anil Aliyan wrote: Dear Alex, I do agree with you and we can use two different keys but them you will have to use both DKIM and Domainkeys separately and need to configure them separately. But when DKIM alone can handle both DKIM and Domainkeys with single key its not required to configure serparately. Regards, Anil Aliyan FROM: Postmaster [mailto:postmas...@seawise-chartering.co.uk] SENT: Monday, April 05, 2010 5:41 PM TO: qmailtoaster-list@qmailtoaster.com SUBJECT: Re: [qmailtoaster] Re: Mails getting bounced There is no reason why different keys cannot be used for Domainkey and DKIM. I am using different keys and have had no problems so far. Regards Alex On 05/04/2010 13:01, Anil Aliyan wrote: I have checked both the entries exists but not updated globally yet. BUT BOTH KEYS ARE DIFFERENT, please use one single key for both DKIM and DomainKeys If you run dig command from your server you can see these records: DIG TXT _DOMAINKEY.VANZA.COM (ANSWERS AS BELOW) [r...@ncode-imss ~]# dig txt dkim1._domainkey.vanaz.com ; DiG 9.3.6-P1-RedHat-9.3.6-4.P1.el5 txt dkim1._domainkey.vanaz.com ;; global options: printcmd ;; Got answer: ;; ->>HEADERHEADER Eric/Jake, > > Will re-installing qmail toaster package can solve the problem? > > Amit > > At Monday, 29-03-2010 on 21:18 Eric Shubert wrote: > > Amit, > > No way to repair qmail-dk, until someone steps up and fixes the code. > > Check out Jake's videos for a way to use DKIM. > > In order to disable DK entirely, do: > # cd /var/qmail/bin > # ln -sf qmail-queue.orig qmail-queue > > -- > -Eric 'shubes' > > Amit Dalia wrote: > > > > Dear Eric, > > > > This was outgoing mail from server and occurred first time only. If > > qmail-dk is broken then is there any way to repair this? Is there > any > > other way to use Domain Key or DKIM with my server? Else how to > remove > > Domain Key from my server. > > > > Thanks and regards, > > > > Amit > > > > At Monday, 29-03-2010 on 20:50 Eric Shubert wrote: > > > > Amit Dalia wrote: > > > Dear Team, > > > > > > I have been using Domain Key for one of my domain without any > > problem > > > from long time. But today 1 server bounced it back mentioning the > > below > > > error: > > > > > > [] The reason of the delivery failure was: > > > > > > > > 550 Message does not pass DomainKeys requirements for domain > > vanaz.com > > > > > > Is my domain key break? > > > > > > Thanks and regards, > > > > > > Amit > > > > Perhaps. The qmail-dk program included with QMT is broken in some > > areas, > > particularly inbound. While we've been under the impression that > > signing > > was working ok, it's entirely possible that there's a bug in > there. The > > safest bet is to simply not use it at all. > > > > -- > > -Eric 'shubes' > > > > > --------------------------------------------------------------------------------- > Qmailtoaster is sponsored by Vickers Consulting Group > (www.vickersconsulting.com [4]) > Vickers Consulting Group offers Qmailtoaster support and installations. > If you need professional help with your setup, contact them today! > --------------------------------------------------------------------------------- > Please visit qmailtoaster.com for the latest news, updates, and > packages. > > To unsubscribe, e-mail: qmailtoaster-list-unsubscr...@qmailtoaster.com > For additional commands, e-mail: qmailtoaster-list-h...@qmailtoaster.com > -- -Eric 'shubes' --------------------------------------------------------------------------------- Qmailtoaster is sponsored by Vickers Consulting Group (www.vickersconsulting.com [4]) Vickers Consulting Group offers Qmailtoaster support and installations. If you need professional help with your setup, contact them today! --------------------------------------------------------------------------------- Please visit qmailtoaster.com for the latest news, updates, and packages. To unsubscribe, e-mail: qmailtoaster-list-unsubscr...@qmailtoaster.com For additional commands, e-mail: qmailtoaster-list-h...@qmailtoaster.com Links: ------ [1] http://domainkeys.sourceforge.net/selectorcheck.html [2] http://domainkeys.sourceforge.net/policycheck.html [3] http://vanaz.com/ [4] http://www.vickersconsulting.com
