Step 2) from http://www.qmailtoaster.com/dkim.html

At the command line first create the key and txt record for the domain you
want signed (replace otherdomain.com with the domain you want in every
command below).
So if your domain is mydomain.com the command would be, '# dknewkey
/var/qmail/control/dkim/mydomain.com.key 1024 >
/var/qmail/control/dkim/mydomain.com.txt'
# dknewkey /var/qmail/control/dkim/otherdomain.com.key 1024 >
/var/qmail/control/dkim/otherdomain.com.txt

At command line change the selector in the txt record from
'otherdomain.com.key._domainkey'  to  'dkim1._domainkey'
# perl -pi -e 's/^.*\.key/dkim1/'
/var/qmail/control/dkim/otherdomain.com.txt

Check the file to see if substitution happened.
# cat /var/qmail/control/dkim/otherdomain.com.txt
   dkim1._domainkey       IN      TXT     "k=rsa;
p=******************************"


Create DNS TXT record for otherdomain.com using the output from the text
file 'otherdomain.com.txt' where your DNS settings are managed, usually
your ISP (mine are Godaddy).
   Host                                Text
   dkim1._domainkey       IN       TXT v=DKIM1; k=rsa;
p=*************************

Edit the signature file and add your domain. This is what the perl script
'qmail-remote' will read and then call the original qmail-remote now
renamed to qmail-remote.orig.
# vi /var/qmail/control/dkim/signconf.xml
  <otherdomain.com domain="otherdomain.com"
keyfile="/var/qmail/control/dkim/otherdomain.com.key" selector="dkim1">
    <types id="dkim" />
    <types id="domainkey" method="nofws" />
  </otherdomain.com>

So file looks like this:

<dkimsign>
  <!-- per default sign all mails using dkim -->
  <global algorithm="rsa-sha1" domain="/var/qmail/control/me"
keyfile="/var/qmail/control/dkim/global.key" method="simple"
selector="dkim1">
    <types id="dkim" />
  </global>
  <otherdomain.com domain="otherdomain.com"
keyfile="/var/qmail/control/dkim/otherdomain.com.key" selector="dkim1">
    <types id="dkim" />
    <types id="domainkey" method="nofws" />
  </otherdomain.com>
</dkimsign>


Notes Step 2) Test your DKIM signature (Remember, replace otherdomain.com
with your domain).
# yum install epel-release opendkim
# opendkim-testkey -vvvv -d otherdomain.com  -k
/var/qmail/control/dkim/otherdomain.com.key -s dkim1

On Sun, Sep 29, 2019 at 7:19 AM ChandranManikandan <kand...@gmail.com>
wrote:

> Hi Eric,
>
> How do i implement DKIM for my domain. Really need your help.
> I have followed your 1 step only. do i need to follow all the four steps
> and how do i configure in DNS server.
> why the gmail marked into spam folder of my domains emails.
>
> Appreciate discussions and help.
>
>
> On Fri, Sep 27, 2019 at 11:51 PM Eric Broch <ebr...@whitehorsetc.com>
> wrote:
>
>> DKIM is not DomainKeys
>>
>>
>> On 9/27/2019 3:54 AM, ChandranManikandan wrote:
>>
>> Hi Eric,
>>
>> I have setup Global key (default for all domains)from your link and also
>> configured in dns server then i checked in mxtoolbox and getting the result
>> of the domain key. after that i tried to send an email to gmail it is
>> showing the error. the email header is below.
>>
>> Do i need to follow the all 4 steps.
>>
>> I will wait one day for the dns propagation and will update you.
>> Meanwhile could you look at the message header below.
>>
>> Delivered-To: kand...@gmail.com
>> Received: by 2002:ac0:bf91:0:0:0:0:0 with SMTP id o17csp3358759imk;
>>         Fri, 27 Sep 2019 02:46:35 -0700 (PDT)
>> X-Google-Smtp-Source: 
>> APXvYqxHJMofBlzODo5fRYA7j7xd5qZEt0t2DjgnfAXGA8ChxXq9w+4D0NB8ME1egn3uV3gOsfgn
>> X-Received: by 2002:a65:5043:: with SMTP id k3mr8485146pgo.406.1569577595481;
>>         Fri, 27 Sep 2019 02:46:35 -0700 (PDT)
>> ARC-Seal: i=1; a=rsa-sha256; t=1569577595; cv=none;
>>         d=google.com; s=arc-20160816;
>>         b=RFuQ52Ha1QndJ/rcALmW4+lfa1pnwK/ZJkH9jaupESEWm1/PtRA9kZyafMuPBecpAg
>>          YV9EeqVPixu33bKBCJejpSjM11/GACFlCwfR8pNZA43LWBNH+DhzvduVAFdrtUB0f8c7
>>          +QQxKJQ/hX9Lfjk9AdGzMAUITK23naokgpUGdThCz1pfKgweBZW0TZWbvPdUZp+5FjlX
>>          KhldCT1Q76+5Ec5SuxOqmqDpqxsJ8KZRAAdQs6IFm5/wGzrVyH2V7f4aB/AsqKuEtiRd
>>          PpWDunYjYGQJwbfUfC5APHTV6OxkiTIhVFSphLJdHu7JHF8AKOo/M4CbzYQeJTqAzvgH
>>          zMzQ==
>> ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; 
>> s=arc-20160816;
>>         h=importance:content-transfer-encoding:mime-version:user-agent:to
>>          :from:subject:date:message-id:dkim-signature;
>>         bh=g3zLYH4xKxcPrHOD18z9YfpQcnk/GaJedfustWU5uGs=;
>>         b=Q1EqIgKIoYX1ckvl46Hs88ezj8DlGnJ7/hOBQUaBEFimABh9utR16law3oLDNmvNcD
>>          O6LbpRcBYuwAimiplbgqWa8r7rQ0lYgbrJuZhJW1aGANQnoA9gZsNYBCIrbIlLtXNsGO
>>          xFDWArhAVHM7oAyTjF1gAejKmnmAFgWWWV5rj9LUg02LRwWenn++FOb/8ZkMfblJktag
>>          a/Vq/TWD9fx8pJz1b37D7AH2ymS8rdeD0mllY3mOMnRnPYslBxoUPdEny9UXsago21sg
>>          BHQKDodcmbNmXG9IqiKmePJxTLqxLM7/M9qajfPv0lP66kstcO15jF8wTwpSMjhYCHfZ
>>          zbSg==
>> ARC-Authentication-Results: i=1; mx.google.com;
>>        dkim=temperror (no key for signature) header.i=@mail.pan-asia.in 
>> header.s=dkim1 header.b=ia7qahkm;
>>        spf=pass (google.com: domain of m...@reliancehrconsulting.com 
>> designates 49.128.33.86 as permitted sender) 
>> smtp.mailfrom=m...@reliancehrconsulting.com;
>>        dmarc=pass (p=NONE sp=NONE dis=NONE) 
>> header.from=reliancehrconsulting.com
>> Return-Path: <m...@reliancehrconsulting.com>
>> Received: from mail.pan-asia.in ([49.128.33.86])
>>         by mx.google.com with ESMTPS id 
>> 70si2236946plc.139.2019.09.27.02.46.34
>>         for <kand...@gmail.com>
>>         (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128);
>>         Fri, 27 Sep 2019 02:46:35 -0700 (PDT)
>> Received-SPF: pass (google.com: domain of m...@reliancehrconsulting.com 
>> designates 49.128.33.86 as permitted sender) client-ip=49.128.33.86;
>> Authentication-Results: mx.google.com;
>>        dkim=temperror (no key for signature) header.i=@mail.pan-asia.in 
>> header.s=dkim1 header.b=ia7qahkm;
>>        spf=pass (google.com: domain of m...@reliancehrconsulting.com 
>> designates 49.128.33.86 as permitted sender) 
>> smtp.mailfrom=m...@reliancehrconsulting.com;
>>        dmarc=pass (p=NONE sp=NONE dis=NONE) 
>> header.from=reliancehrconsulting.com
>> DKIM-Signature: v=1; a=rsa-sha1; c=simple; d=mail.pan-asia.in; h= 
>> message-id:date:subject:from:to:mime-version:content-type 
>> :content-transfer-encoding; s=dkim1; bh=/edzoYuyn17WXm8KeqcX/R+k hdQ=; 
>> b=ia7qahkmumkHx2g7FdiBdtJy5mkw5k/iesJrpNPz5Xswk5VIQ8KUGC0O 
>> UZPZEc+WCRME/xtYvU+JMG/86y96fy8NDbBZIOnBc9z7kp7EJxNFKt9WIowOGjpE 
>> RH6TgnTeFVW8IkRXb+eTZMO8D01wK27fdffYsp1FFf43v16WBak=
>> Received: (qmail 27072 invoked by uid 89); 27 Sep 2019 09:46:33 -0000
>> Received: from unknown (HELO mail.reliancehrconsulting.com) 
>> (m...@reliancehrconsulting.com@127.0.0.1)
>>   by mail.pan-asia.in with ESMTPA; 27 Sep 2019 09:46:33 -0000
>> Received: from 129.126.169.22
>>         (SquirrelMail authenticated user m...@reliancehrconsulting.com)
>>         by mail.reliancehrconsulting.com with HTTP;
>>         Fri, 27 Sep 2019 17:46:33 +0800
>> Message-ID: 
>> <21567bbff8eb0eb22d4c8b720f400d23.squir...@mail.reliancehrconsulting.com>
>> Date: Fri, 27 Sep 2019 17:46:33 +0800
>> Subject: test
>> From: m...@reliancehrconsulting.com
>> To: kand...@gmail.com
>> User-Agent: SquirrelMail/1.4.22-0.qt.el6
>> MIME-Version: 1.0
>> Content-Type: text/plain;charset=iso-8859-1
>> Content-Transfer-Encoding: 8bit
>> X-Priority: 3 (Normal)
>> Importance: Normal
>>
>> test
>>
>>
>>
>>
>> On Fri, Sep 27, 2019 at 2:53 PM Eric's mail <ebr...@whitehorsetc.com>
>> wrote:
>>
>>> http://www.qmailtoaster.com/dkim.html
>>>
>>> Get Outlook for Android <https://aka.ms/ghei36>
>>>
>>>
>>>
>>>
>>> On Thu, Sep 26, 2019 at 10:41 PM -0600, "ChandranManikandan" <
>>> kand...@gmail.com> wrote:
>>>
>>> Hi Andy,
>>>>
>>>> I have installed DKIM in our server and there is private and public key
>>>> on our server.
>>>> I have added the public like below in our dns hosting provider
>>>> (Godaddy) control panel
>>>>
>>>> TXT
>>>> Host: rhc._domainkey.domainname
>>>> TXT value:  k=rsa; p=private key
>>>> TTL 1 hour
>>>>
>>>> But it's not signed in the email.
>>>>
>>>> I have configured MX,SPF,DMARC and DKIM in DNS server settings.
>>>>
>>>> Did i made a mistake in DNS settings?
>>>>
>>>> Could you help me
>>>>
>>>> On Fri, Sep 27, 2019 at 11:50 AM Andrew Swartz <awswa...@acsalaska.net>
>>>> wrote:
>>>>
>>>>> Your email does not contain a DKIM signature.
>>>>>
>>>>> The ARC* headers are signatures added by gmail after receipt.
>>>>>
>>>>> If you had a DKIM signature, it would be below this part of the header
>>>>> chain:
>>>>>
>>>>> Received: from mail.pan-asia.in ([49.128.33.86])
>>>>>         by mx.google.com with ESMTPS id 
>>>>> t6si1129421pgt.557.2019.09.25.21.12.54
>>>>>         for <kand...@gmail.com>
>>>>>         (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128);
>>>>>         Wed, 25 Sep 2019 21:12:55 -0700 (PDT)
>>>>> Received-SPF: pass (google.com: domain of m...@reliancehrconsulting.com 
>>>>> designates 49.128.33.86 as permitted sender) client-ip=49.128.33.86;
>>>>> Authentication-Results: mx.google.com;
>>>>>        spf=pass (google.com: domain of m...@reliancehrconsulting.com 
>>>>> designates 49.128.33.86 as permitted sender) 
>>>>> smtp.mailfrom=m...@reliancehrconsulting.com;
>>>>>        dmarc=pass (p=NONE sp=NONE dis=NONE) 
>>>>> header.from=reliancehrconsulting.com
>>>>>
>>>>>
>>>>> That and everything above it was added by gmail.
>>>>>
>>>>> You may have set up the DNS part of DKIM, but your server does not
>>>>> seem to be signing the emails.
>>>>>
>>>>> When you get it working, you can test by sending an email to a
>>>>> reflector, like this:
>>>>>
>>>>> sa-t...@sendmail.net
>>>>>
>>>>> It will analyze the smtp session and the email and then email the
>>>>> results back to you.
>>>>>
>>>>> There are several other reflectors listed at the bottom of this page:
>>>>>
>>>>>
>>>>> https://www.cisco.com/c/en/us/support/docs/security/email-security-appliance/118571-technote-esa-00.html
>>>>>
>>>>>
>>>>> Hope this helps,
>>>>>
>>>>> -Andy
>>>>>
>>>>>
>>>>>
>>>>> On 9/25/2019 8:39 PM, ChandranManikandan wrote:
>>>>>
>>>>> Hi Friends,
>>>>>
>>>>> I have tried to send an test email from my domain to gmail.
>>>>> It is going the gmail spam folder and i have configured SPF and DMARC
>>>>> in dns.
>>>>>
>>>>> Could you look at the below message header in gmail and help me to
>>>>> solve this problem.
>>>>>
>>>>> Delivered-To: kand...@gmail.com
>>>>> Received: by 2002:ac0:bf91:0:0:0:0:0 with SMTP id o17csp1656435imk;
>>>>>         Wed, 25 Sep 2019 21:12:55 -0700 (PDT)
>>>>> X-Google-Smtp-Source: 
>>>>> APXvYqxiLedyv3u6JDrnZQHvyrvIcmrH9n2kSrdj3NOCigD3cs53Rm6tgsJPdMbI9UBNqbqOc1Hz
>>>>> X-Received: by 2002:a63:1720:: with SMTP id 
>>>>> x32mr1332168pgl.289.1569471175444;
>>>>>         Wed, 25 Sep 2019 21:12:55 -0700 (PDT)
>>>>> ARC-Seal: i=1; a=rsa-sha256; t=1569471175; cv=none;
>>>>>         d=google.com; s=arc-20160816;
>>>>>         
>>>>> b=JGxA7PMxFt1qrwUPb9SXj40SHUhyOOPo+pENSvAaYhLkzdijEWpCgu5KWAW3yEfvWA
>>>>>          
>>>>> a2+Q9sPT9qJQZlwFvFmH4ZRi20KCLo9RMvbkRSW3L/L8Lzztic/OCfj2+o1HKmCKl4gk
>>>>>          
>>>>> bPWD4Tv9a/0Zg+EqIFUgJD0QhpFnSXMHmw59RoD3EurAA7zex+55NNRdnS2o7aluru0U
>>>>>          
>>>>> dYI9xixpZd276FwfDDy+FLSh5EYuYTmjkXEMEgmbNCMhGQ5WQ9AASzwVyDbXhFt9ixSN
>>>>>          
>>>>> JB8MKPw3P8cDyX/+Db1WoflU82H2KbVV+ON4GFhrvDVYkpQiWHbASNVipQfPj2YSItPP
>>>>>          g6Ng==
>>>>> ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; 
>>>>> d=google.com; s=arc-20160816;
>>>>>         
>>>>> h=importance:content-transfer-encoding:mime-version:user-agent:cc:to
>>>>>          :from:subject:date:message-id;
>>>>>         bh=g3zLYH4xKxcPrHOD18z9YfpQcnk/GaJedfustWU5uGs=;
>>>>>         
>>>>> b=XDv2dnoYR6tpeltyJ8tD82IKUIGCs0888LAX5xt4MqpL8IPAcUqA8xYLJvNx+heJH/
>>>>>          
>>>>> 5xT0tBciuRolqjCA7jRI2BSSTGmO7wKoEuuL8uvaYfpxM+7eGTNpnIV0mLH3V9z7SUr0
>>>>>          
>>>>> /Wcr/O3KstHzBxoYgAc71UguXyLG6LarOFgjcxvpVh4k3FbMKXJy+7wDDJC5zCfAcSQr
>>>>>          
>>>>> VrmJqYWJsc4VcgFrs0+O024BqMmlrLn5WycmtpLAZ0LP/tflbx4OzMMoL+K3AvpIdccB
>>>>>          
>>>>> hHtkCIyNislpUv6EqxxZLvumM2ysFL4Dd7M06ZpBxm5gIA3HVOL33E7JY2YQefIHv/io
>>>>>          vIpg==
>>>>> ARC-Authentication-Results: i=1; mx.google.com;
>>>>>        spf=pass (google.com: domain of m...@reliancehrconsulting.com 
>>>>> designates 49.128.33.86 as permitted sender) 
>>>>> smtp.mailfrom=m...@reliancehrconsulting.com;
>>>>>        dmarc=pass (p=NONE sp=NONE dis=NONE) 
>>>>> header.from=reliancehrconsulting.com
>>>>> Return-Path: <m...@reliancehrconsulting.com>
>>>>> Received: from mail.pan-asia.in ([49.128.33.86])
>>>>>         by mx.google.com with ESMTPS id 
>>>>> t6si1129421pgt.557.2019.09.25.21.12.54
>>>>>         for <kand...@gmail.com>
>>>>>         (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128);
>>>>>         Wed, 25 Sep 2019 21:12:55 -0700 (PDT)
>>>>> Received-SPF: pass (google.com: domain of m...@reliancehrconsulting.com 
>>>>> designates 49.128.33.86 as permitted sender) client-ip=49.128.33.86;
>>>>> Authentication-Results: mx.google.com;
>>>>>        spf=pass (google.com: domain of m...@reliancehrconsulting.com 
>>>>> designates 49.128.33.86 as permitted sender) 
>>>>> smtp.mailfrom=m...@reliancehrconsulting.com;
>>>>>        dmarc=pass (p=NONE sp=NONE dis=NONE) 
>>>>> header.from=reliancehrconsulting.com
>>>>> Received: (qmail 11583 invoked by uid 89); 26 Sep 2019 04:12:53 -0000
>>>>> Received: from unknown (HELO mail.reliancehrconsulting.com) 
>>>>> (m...@reliancehrconsulting.com@127.0.0.1)
>>>>>   by mail.pan-asia.in with ESMTPA; 26 Sep 2019 04:12:53 -0000
>>>>> Received: from 129.126.169.22
>>>>>         (SquirrelMail authenticated user m...@reliancehrconsulting.com)
>>>>>         by mail.reliancehrconsulting.com with HTTP;
>>>>>         Thu, 26 Sep 2019 12:12:53 +0800
>>>>> Message-ID: 
>>>>> <afd61f84dae4a2d7454e332d9f725c75.squir...@mail.reliancehrconsulting.com>
>>>>> Date: Thu, 26 Sep 2019 12:12:53 +0800
>>>>> Subject: test
>>>>> From: m...@reliancehrconsulting.com
>>>>> To: kand...@gmail.com
>>>>> Cc: m...@reliancehrconsulting.com
>>>>> User-Agent: SquirrelMail/1.4.22-0.qt.el6
>>>>> MIME-Version: 1.0
>>>>> Content-Type: text/plain;charset=iso-8859-1
>>>>> Content-Transfer-Encoding: 8bit
>>>>> X-Priority: 3 (Normal)
>>>>> Importance: Normal
>>>>>
>>>>> test
>>>>>
>>>>>
>>>>>
>>>>>
>>>>> --
>>>>>
>>>>>
>>>>> *Regards, Manikandan.C *
>>>>>
>>>>>
>>>>
>>>> --
>>>>
>>>>
>>>> *Regards, Manikandan.C *
>>>>
>>>
>>
>> --
>>
>>
>> *Regards, Manikandan.C *
>>
>>
>
> --
>
>
> *Regards,Manikandan.C*
>

Reply via email to