I've removed DomainKeys (not DKIM) from qmail altogether in later
versions and decided to use a wrapper for DKIM.
So,
If you have below list from /var/qmail/bin
# ls -l /var/qmail/bin/qmail-queue /var/qmail/bin/qmail-queue.orig
/var/qmail/bin/qmail-dk
-rws--x--x 1 qmailq qmail 52096 Jan 21 2018 /var/qmail/bin/qmail-dk
lrwxrwxrwx 1 root root 23 Jun 14 2018 /var/qmail/bin/qmail-queue
-> /var/qmail/bin/qmail-dk
-rws--x--x 1 qmailq qmail 27040 Jan 21 2018 /var/qmail/bin/qmail-queue.orig
Stop qmail
# qmailctl stop
Remove symlink to qmail-dk
# unlink /var/qmail/bin/qmail-queue
Move qmail-queue.orig to qmail-queue
# mv /var/qmail/bin/qmail-queue.orig /var/qmail/bin/qmail-queue
Start qmail
# qmailctl start
Remove DKSIGN, DKVERIFY, DKQUEUE (DomainKeys) from tcp.smtp.
# qmailctl cdb
On 9/29/2019 10:56 PM, ChandranManikandan wrote:
Hi Eric,
Thanks for your help.
I have successfully rectified the issue with the following your steps
above and tested in Gmail account from squirrel webmail.
It is working now.
I have notified in /etc/tcprules.d/tcp.smtp file in below lines. Do i
need amend the lines in this file. please let me know.
DKSIGN="/var/qmail/control/domainkeys/%/private"
On Sun, Sep 29, 2019 at 10:47 PM Eric Broch <[email protected]
<mailto:[email protected]>> wrote:
Step 2) from http://www.qmailtoaster.com/dkim.html
At the command line first create the key and txt record for the
domain you want signed (replace otherdomain.com
<http://otherdomain.com> with the domain you want in every command
below).
So if your domain is mydomain.com <http://mydomain.com> the
command would be, '# dknewkey
/var/qmail/control/dkim/mydomain.com.key 1024 >
/var/qmail/control/dkim/mydomain.com.txt'
# dknewkey /var/qmail/control/dkim/otherdomain.com.key 1024 >
/var/qmail/control/dkim/otherdomain.com.txt
At command line change the selector in the txt record from
'otherdomain.com.key._domainkey' to 'dkim1._domainkey'
# perl -pi -e 's/^.*\.key/dkim1/'
/var/qmail/control/dkim/otherdomain.com.txt
Check the file to see if substitution happened.
# cat /var/qmail/control/dkim/otherdomain.com.txt
dkim1._domainkey IN TXT "k=rsa;
p=******************************"
Create DNS TXT record for otherdomain.com <http://otherdomain.com>
using the output from the text file 'otherdomain.com.txt' where
your DNS settings are managed, usually your ISP (mine are Godaddy).
Host Text
dkim1._domainkey IN TXT v=DKIM1; k=rsa;
p=*************************
Edit the signature file and add your domain. This is what the perl
script 'qmail-remote' will read and then call the original
qmail-remote now renamed to qmail-remote.orig.
# vi /var/qmail/control/dkim/signconf.xml
<otherdomain.com <http://otherdomain.com>
domain="otherdomain.com <http://otherdomain.com>"
keyfile="/var/qmail/control/dkim/otherdomain.com.key"
selector="dkim1">
<types id="dkim" />
<types id="domainkey" method="nofws" />
</otherdomain.com <http://otherdomain.com>>
So file looks like this:
<dkimsign>
<!-- per default sign all mails using dkim -->
<global algorithm="rsa-sha1" domain="/var/qmail/control/me"
keyfile="/var/qmail/control/dkim/global.key" method="simple"
selector="dkim1">
<types id="dkim" />
</global>
<otherdomain.com <http://otherdomain.com>
domain="otherdomain.com <http://otherdomain.com>"
keyfile="/var/qmail/control/dkim/otherdomain.com.key"
selector="dkim1">
<types id="dkim" />
<types id="domainkey" method="nofws" />
</otherdomain.com <http://otherdomain.com>>
</dkimsign>
Notes Step 2) Test your DKIM signature (Remember, replace
otherdomain.com <http://otherdomain.com> with your domain).
# yum install epel-release opendkim
# opendkim-testkey -vvvv -d otherdomain.com
<http://otherdomain.com> -k
/var/qmail/control/dkim/otherdomain.com.key -s dkim1
On Sun, Sep 29, 2019 at 7:19 AM ChandranManikandan
<[email protected] <mailto:[email protected]>> wrote:
Hi Eric,
How do i implement DKIM for my domain. Really need your help.
I have followed your 1 step only. do i need to follow all the
four steps and how do i configure in DNS server.
why the gmail marked into spam folder of my domains emails.
Appreciate discussions and help.
On Fri, Sep 27, 2019 at 11:51 PM Eric Broch
<[email protected] <mailto:[email protected]>> wrote:
DKIM is not DomainKeys
On 9/27/2019 3:54 AM, ChandranManikandan wrote:
Hi Eric,
I have setup Global key (default for all domains)from
your link and also configured in dns server then i
checked in mxtoolbox and getting the result of the domain
key. after that i tried to send an email to gmail it is
showing the error. the email header is below.
Do i need to follow the all 4 steps.
I will wait one day for the dns propagation and will
update you.
Meanwhile could you look at the message header below.
Delivered-To:[email protected] <mailto:[email protected]>
Received: by 2002:ac0:bf91:0:0:0:0:0 with SMTP id o17csp3358759imk;
Fri, 27 Sep 2019 02:46:35 -0700 (PDT)
X-Google-Smtp-Source:
APXvYqxHJMofBlzODo5fRYA7j7xd5qZEt0t2DjgnfAXGA8ChxXq9w+4D0NB8ME1egn3uV3gOsfgn
X-Received: by 2002:a65:5043:: with SMTP id
k3mr8485146pgo.406.1569577595481;
Fri, 27 Sep 2019 02:46:35 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; t=1569577595; cv=none;
d=google.com <http://google.com>; s=arc-20160816;
b=RFuQ52Ha1QndJ/rcALmW4+lfa1pnwK/ZJkH9jaupESEWm1/PtRA9kZyafMuPBecpAg
YV9EeqVPixu33bKBCJejpSjM11/GACFlCwfR8pNZA43LWBNH+DhzvduVAFdrtUB0f8c7
+QQxKJQ/hX9Lfjk9AdGzMAUITK23naokgpUGdThCz1pfKgweBZW0TZWbvPdUZp+5FjlX
KhldCT1Q76+5Ec5SuxOqmqDpqxsJ8KZRAAdQs6IFm5/wGzrVyH2V7f4aB/AsqKuEtiRd
PpWDunYjYGQJwbfUfC5APHTV6OxkiTIhVFSphLJdHu7JHF8AKOo/M4CbzYQeJTqAzvgH
zMzQ==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com
<http://google.com>; s=arc-20160816;
h=importance:content-transfer-encoding:mime-version:user-agent:to
:from:subject:date:message-id:dkim-signature;
bh=g3zLYH4xKxcPrHOD18z9YfpQcnk/GaJedfustWU5uGs=;
b=Q1EqIgKIoYX1ckvl46Hs88ezj8DlGnJ7/hOBQUaBEFimABh9utR16law3oLDNmvNcD
O6LbpRcBYuwAimiplbgqWa8r7rQ0lYgbrJuZhJW1aGANQnoA9gZsNYBCIrbIlLtXNsGO
xFDWArhAVHM7oAyTjF1gAejKmnmAFgWWWV5rj9LUg02LRwWenn++FOb/8ZkMfblJktag
a/Vq/TWD9fx8pJz1b37D7AH2ymS8rdeD0mllY3mOMnRnPYslBxoUPdEny9UXsago21sg
BHQKDodcmbNmXG9IqiKmePJxTLqxLM7/M9qajfPv0lP66kstcO15jF8wTwpSMjhYCHfZ
zbSg==
ARC-Authentication-Results: i=1;mx.google.com
<http://mx.google.com>;
dkim=temperror (no key for signature) [email protected]
<http://mail.pan-asia.in> header.s=dkim1 header.b=ia7qahkm;
spf=pass (google.com <http://google.com>: domain
[email protected] <mailto:[email protected]> designates
49.128.33.86 as permitted sender) [email protected]
<mailto:[email protected]>;
dmarc=pass (p=NONE sp=NONE dis=NONE)
header.from=reliancehrconsulting.com <http://reliancehrconsulting.com>
Return-Path: <[email protected]
<mailto:[email protected]>>
Received: frommail.pan-asia.in <http://mail.pan-asia.in>
([49.128.33.86])
bymx.google.com <http://mx.google.com> with ESMTPS id
70si2236946plc.139.2019.09.27.02.46.34
for <[email protected] <mailto:[email protected]>>
(version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256
bits=128/128);
Fri, 27 Sep 2019 02:46:35 -0700 (PDT)
Received-SPF: pass (google.com <http://google.com>: domain
[email protected] <mailto:[email protected]> designates
49.128.33.86 as permitted sender) client-ip=49.128.33.86;
Authentication-Results:mx.google.com <http://mx.google.com>;
dkim=temperror (no key for signature) [email protected]
<http://mail.pan-asia.in> header.s=dkim1 header.b=ia7qahkm;
spf=pass (google.com <http://google.com>: domain
[email protected] <mailto:[email protected]> designates
49.128.33.86 as permitted sender) [email protected]
<mailto:[email protected]>;
dmarc=pass (p=NONE sp=NONE dis=NONE)
header.from=reliancehrconsulting.com <http://reliancehrconsulting.com>
DKIM-Signature: v=1; a=rsa-sha1; c=simple; d=mail.pan-asia.in
<http://mail.pan-asia.in>; h=
message-id:date:subject:from:to:mime-version:content-type :content-transfer-encoding;
s=dkim1; bh=/edzoYuyn17WXm8KeqcX/R+k hdQ=;
b=ia7qahkmumkHx2g7FdiBdtJy5mkw5k/iesJrpNPz5Xswk5VIQ8KUGC0O
UZPZEc+WCRME/xtYvU+JMG/86y96fy8NDbBZIOnBc9z7kp7EJxNFKt9WIowOGjpE
RH6TgnTeFVW8IkRXb+eTZMO8D01wK27fdffYsp1FFf43v16WBak=
Received: (qmail 27072 invoked by uid 89); 27 Sep 2019 09:46:33
-0000
Received: from unknown (HELOmail.reliancehrconsulting.com
<http://mail.reliancehrconsulting.com>) ([email protected]@
<mailto:[email protected]@>127.0.0.1 <http://127.0.0.1>)
bymail.pan-asia.in <http://mail.pan-asia.in> with ESMTPA; 27
Sep 2019 09:46:33 -0000
Received: from 129.126.169.22
(SquirrelMail authenticated [email protected]
<mailto:[email protected]>)
bymail.reliancehrconsulting.com
<http://mail.reliancehrconsulting.com> with HTTP;
Fri, 27 Sep 2019 17:46:33 +0800
Message-ID:
<21567bbff8eb0eb22d4c8b720f400d23.squir...@mail.reliancehrconsulting.com
<mailto:21567bbff8eb0eb22d4c8b720f400d23.squir...@mail.reliancehrconsulting.com>>
Date: Fri, 27 Sep 2019 17:46:33 +0800
Subject: test
From:[email protected]
<mailto:[email protected]>
To:[email protected] <mailto:[email protected]>
User-Agent: SquirrelMail/1.4.22-0.qt.el6
MIME-Version: 1.0
Content-Type: text/plain;charset=iso-8859-1
Content-Transfer-Encoding: 8bit
X-Priority: 3 (Normal)
Importance: Normal
test
On Fri, Sep 27, 2019 at 2:53 PM Eric's mail
<[email protected]
<mailto:[email protected]>> wrote:
http://www.qmailtoaster.com/dkim.html
Get Outlook for Android <https://aka.ms/ghei36>
On Thu, Sep 26, 2019 at 10:41 PM -0600,
"ChandranManikandan" <[email protected]
<mailto:[email protected]>> wrote:
Hi Andy,
I have installed DKIM in our server and there is
private and public key on our server.
I have added the public like below in our dns
hosting provider (Godaddy) control panel
TXT
Host: rhc._domainkey.domainname
TXT value: k=rsa; p=private key
TTL 1 hour
But it's not signed in the email.
I have configured MX,SPF,DMARC and DKIM in DNS
server settings.
Did i made a mistake in DNS settings?
Could you help me
On Fri, Sep 27, 2019 at 11:50 AM Andrew Swartz
<[email protected]
<mailto:[email protected]>> wrote:
Your email does not contain a DKIM signature.
The ARC* headers are signatures added by
gmail after receipt.
If you had a DKIM signature, it would be
below this part of the header chain:
Received: frommail.pan-asia.in
<http://mail.pan-asia.in> ([49.128.33.86])
bymx.google.com <http://mx.google.com> with
ESMTPS id t6si1129421pgt.557.2019.09.25.21.12.54
for <[email protected]
<mailto:[email protected]>>
(version=TLS1_2
cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128);
Wed, 25 Sep 2019 21:12:55 -0700 (PDT)
Received-SPF: pass (google.com <http://google.com>: domain
[email protected] <mailto:[email protected]> designates
49.128.33.86 as permitted sender) client-ip=49.128.33.86;
Authentication-Results:mx.google.com
<http://mx.google.com>;
spf=pass (google.com <http://google.com>: domain
[email protected] <mailto:[email protected]> designates
49.128.33.86 as permitted sender) [email protected]
<mailto:[email protected]>;
dmarc=pass (p=NONE sp=NONE dis=NONE)
header.from=reliancehrconsulting.com <http://reliancehrconsulting.com>
That and everything above it was added by gmail.
You may have set up the DNS part of DKIM, but
your server does not seem to be signing the
emails.
When you get it working, you can test by
sending an email to a reflector, like this:
[email protected]
<mailto:[email protected]>
It will analyze the smtp session and the
email and then email the results back to you.
There are several other reflectors listed at
the bottom of this page:
https://www.cisco.com/c/en/us/support/docs/security/email-security-appliance/118571-technote-esa-00.html
Hope this helps,
-Andy
On 9/25/2019 8:39 PM, ChandranManikandan wrote:
Hi Friends,
I have tried to send an test email from my
domain to gmail.
It is going the gmail spam folder and i have
configured SPF and DMARC in dns.
Could you look at the below message header
in gmail and help me to solve this problem.
Delivered-To:[email protected]
<mailto:[email protected]>
Received: by 2002:ac0:bf91:0:0:0:0:0 with SMTP id
o17csp1656435imk;
Wed, 25 Sep 2019 21:12:55 -0700 (PDT)
X-Google-Smtp-Source:
APXvYqxiLedyv3u6JDrnZQHvyrvIcmrH9n2kSrdj3NOCigD3cs53Rm6tgsJPdMbI9UBNqbqOc1Hz
X-Received: by 2002:a63:1720:: with SMTP id
x32mr1332168pgl.289.1569471175444;
Wed, 25 Sep 2019 21:12:55 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; t=1569471175; cv=none;
d=google.com <http://google.com>;
s=arc-20160816;
b=JGxA7PMxFt1qrwUPb9SXj40SHUhyOOPo+pENSvAaYhLkzdijEWpCgu5KWAW3yEfvWA
a2+Q9sPT9qJQZlwFvFmH4ZRi20KCLo9RMvbkRSW3L/L8Lzztic/OCfj2+o1HKmCKl4gk
bPWD4Tv9a/0Zg+EqIFUgJD0QhpFnSXMHmw59RoD3EurAA7zex+55NNRdnS2o7aluru0U
dYI9xixpZd276FwfDDy+FLSh5EYuYTmjkXEMEgmbNCMhGQ5WQ9AASzwVyDbXhFt9ixSN
JB8MKPw3P8cDyX/+Db1WoflU82H2KbVV+ON4GFhrvDVYkpQiWHbASNVipQfPj2YSItPP
g6Ng==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed;
d=google.com <http://google.com>; s=arc-20160816;
h=importance:content-transfer-encoding:mime-version:user-agent:cc:to
:from:subject:date:message-id;
bh=g3zLYH4xKxcPrHOD18z9YfpQcnk/GaJedfustWU5uGs=;
b=XDv2dnoYR6tpeltyJ8tD82IKUIGCs0888LAX5xt4MqpL8IPAcUqA8xYLJvNx+heJH/
5xT0tBciuRolqjCA7jRI2BSSTGmO7wKoEuuL8uvaYfpxM+7eGTNpnIV0mLH3V9z7SUr0
/Wcr/O3KstHzBxoYgAc71UguXyLG6LarOFgjcxvpVh4k3FbMKXJy+7wDDJC5zCfAcSQr
VrmJqYWJsc4VcgFrs0+O024BqMmlrLn5WycmtpLAZ0LP/tflbx4OzMMoL+K3AvpIdccB
hHtkCIyNislpUv6EqxxZLvumM2ysFL4Dd7M06ZpBxm5gIA3HVOL33E7JY2YQefIHv/io
vIpg==
ARC-Authentication-Results: i=1;mx.google.com
<http://mx.google.com>;
spf=pass (google.com <http://google.com>: domain
[email protected] <mailto:[email protected]> designates
49.128.33.86 as permitted sender) [email protected]
<mailto:[email protected]>;
dmarc=pass (p=NONE sp=NONE dis=NONE)
header.from=reliancehrconsulting.com <http://reliancehrconsulting.com>
Return-Path: <[email protected]
<mailto:[email protected]>>
Received: frommail.pan-asia.in
<http://mail.pan-asia.in> ([49.128.33.86])
bymx.google.com <http://mx.google.com> with
ESMTPS id t6si1129421pgt.557.2019.09.25.21.12.54
for <[email protected]
<mailto:[email protected]>>
(version=TLS1_2
cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128);
Wed, 25 Sep 2019 21:12:55 -0700 (PDT)
Received-SPF: pass (google.com <http://google.com>: domain
[email protected] <mailto:[email protected]> designates
49.128.33.86 as permitted sender) client-ip=49.128.33.86;
Authentication-Results:mx.google.com
<http://mx.google.com>;
spf=pass (google.com <http://google.com>: domain
[email protected] <mailto:[email protected]> designates
49.128.33.86 as permitted sender) [email protected]
<mailto:[email protected]>;
dmarc=pass (p=NONE sp=NONE dis=NONE)
header.from=reliancehrconsulting.com <http://reliancehrconsulting.com>
Received: (qmail 11583 invoked by uid 89); 26 Sep 2019
04:12:53 -0000
Received: from unknown (HELOmail.reliancehrconsulting.com
<http://mail.reliancehrconsulting.com>) ([email protected]@
<mailto:[email protected]@>127.0.0.1 <http://127.0.0.1>)
bymail.pan-asia.in <http://mail.pan-asia.in> with
ESMTPA; 26 Sep 2019 04:12:53 -0000
Received: from 129.126.169.22
(SquirrelMail authenticated
[email protected] <mailto:[email protected]>)
bymail.reliancehrconsulting.com
<http://mail.reliancehrconsulting.com> with HTTP;
Thu, 26 Sep 2019 12:12:53 +0800
Message-ID:
<afd61f84dae4a2d7454e332d9f725c75.squir...@mail.reliancehrconsulting.com
<mailto:afd61f84dae4a2d7454e332d9f725c75.squir...@mail.reliancehrconsulting.com>>
Date: Thu, 26 Sep 2019 12:12:53 +0800
Subject: test
From:[email protected]
<mailto:[email protected]>
To:[email protected] <mailto:[email protected]>
Cc:[email protected]
<mailto:[email protected]>
User-Agent: SquirrelMail/1.4.22-0.qt.el6
MIME-Version: 1.0
Content-Type: text/plain;charset=iso-8859-1
Content-Transfer-Encoding: 8bit
X-Priority: 3 (Normal)
Importance: Normal
test
--
*/Regards,
Manikandan.C
/*
--
*/Regards,
Manikandan.C
/*
--
*/Regards,
Manikandan.C
/*
--
*/Regards,
Manikandan.C
/*
--
*/Regards,
Manikandan.C
/*
