I've removed DomainKeys (not DKIM) from qmail altogether in later versions and decided to use a wrapper for DKIM.

So,

If you have below list from /var/qmail/bin

# ls -l /var/qmail/bin/qmail-queue /var/qmail/bin/qmail-queue.orig /var/qmail/bin/qmail-dk
-rws--x--x 1 qmailq qmail 52096 Jan 21  2018 /var/qmail/bin/qmail-dk
lrwxrwxrwx 1 root   root     23 Jun 14  2018 /var/qmail/bin/qmail-queue -> /var/qmail/bin/qmail-dk
-rws--x--x 1 qmailq qmail 27040 Jan 21  2018 /var/qmail/bin/qmail-queue.orig

Stop qmail

# qmailctl stop

Remove symlink to qmail-dk

# unlink /var/qmail/bin/qmail-queue

Move qmail-queue.orig to qmail-queue

# mv /var/qmail/bin/qmail-queue.orig /var/qmail/bin/qmail-queue

Start qmail

# qmailctl start

Remove DKSIGN, DKVERIFY, DKQUEUE (DomainKeys) from tcp.smtp.

# qmailctl cdb


On 9/29/2019 10:56 PM, ChandranManikandan wrote:
Hi Eric,

Thanks for your help.
I have successfully rectified the issue with the following your steps above and tested in Gmail account from squirrel webmail.
It is working now.

I have notified in /etc/tcprules.d/tcp.smtp file in below lines. Do i need amend the lines in this file. please let me know.

DKSIGN="/var/qmail/control/domainkeys/%/private"

On Sun, Sep 29, 2019 at 10:47 PM Eric Broch <ebroch.w...@gmail.com <mailto:ebroch.w...@gmail.com>> wrote:

    Step 2) from http://www.qmailtoaster.com/dkim.html

    At the command line first create the key and txt record for the
    domain you want signed (replace otherdomain.com
    <http://otherdomain.com> with the domain you want in every command
    below).
    So if your domain is mydomain.com <http://mydomain.com> the
    command would be, '# dknewkey
    /var/qmail/control/dkim/mydomain.com.key 1024 >
    /var/qmail/control/dkim/mydomain.com.txt'
    # dknewkey /var/qmail/control/dkim/otherdomain.com.key 1024 >
    /var/qmail/control/dkim/otherdomain.com.txt

    At command line change the selector in the txt record from
    'otherdomain.com.key._domainkey'  to 'dkim1._domainkey'
    # perl -pi -e 's/^.*\.key/dkim1/'
    /var/qmail/control/dkim/otherdomain.com.txt

    Check the file to see if substitution happened.
    # cat /var/qmail/control/dkim/otherdomain.com.txt
       dkim1._domainkey       IN      TXT  "k=rsa;
    p=******************************"


    Create DNS TXT record for otherdomain.com <http://otherdomain.com>
    using the output from the text file 'otherdomain.com.txt' where
    your DNS settings are managed, usually your ISP (mine are Godaddy).
       Host Text
       dkim1._domainkey       IN       TXT v=DKIM1; k=rsa;
    p=*************************

    Edit the signature file and add your domain. This is what the perl
    script 'qmail-remote' will read and then call the original
    qmail-remote now renamed to qmail-remote.orig.
    # vi /var/qmail/control/dkim/signconf.xml
      <otherdomain.com <http://otherdomain.com>
    domain="otherdomain.com <http://otherdomain.com>"
    keyfile="/var/qmail/control/dkim/otherdomain.com.key"
    selector="dkim1">
        <types id="dkim" />
        <types id="domainkey" method="nofws" />
      </otherdomain.com <http://otherdomain.com>>

    So file looks like this:

    <dkimsign>
      <!-- per default sign all mails using dkim -->
      <global algorithm="rsa-sha1" domain="/var/qmail/control/me"
    keyfile="/var/qmail/control/dkim/global.key" method="simple"
    selector="dkim1">
        <types id="dkim" />
      </global>
      <otherdomain.com <http://otherdomain.com>
    domain="otherdomain.com <http://otherdomain.com>"
    keyfile="/var/qmail/control/dkim/otherdomain.com.key"
    selector="dkim1">
        <types id="dkim" />
        <types id="domainkey" method="nofws" />
      </otherdomain.com <http://otherdomain.com>>
    </dkimsign>


    Notes Step 2) Test your DKIM signature (Remember, replace
    otherdomain.com <http://otherdomain.com> with your domain).
    # yum install epel-release opendkim
    # opendkim-testkey -vvvv -d otherdomain.com
    <http://otherdomain.com> -k
    /var/qmail/control/dkim/otherdomain.com.key -s dkim1

    On Sun, Sep 29, 2019 at 7:19 AM ChandranManikandan
    <kand...@gmail.com <mailto:kand...@gmail.com>> wrote:

        Hi Eric,

        How do i implement DKIM for my domain. Really need your help.
        I have followed your 1 step only. do i need to follow all the
        four steps and how do i configure in DNS server.
        why the gmail marked into spam folder of my domains emails.

        Appreciate discussions and help.


        On Fri, Sep 27, 2019 at 11:51 PM Eric Broch
        <ebr...@whitehorsetc.com <mailto:ebr...@whitehorsetc.com>> wrote:

            DKIM is not DomainKeys


            On 9/27/2019 3:54 AM, ChandranManikandan wrote:
            Hi Eric,

            I have setup Global key (default for all domains)from
            your link and also configured in dns server then i
            checked in mxtoolbox and getting the result of the domain
            key. after that i tried to send an email to gmail it is
            showing the error. the email header is below.

            Do i need to follow the all 4 steps.

            I will wait one day for the dns propagation and will
            update you.
            Meanwhile could you look at the message header below.

            Delivered-To:kand...@gmail.com  <mailto:kand...@gmail.com>
            Received: by 2002:ac0:bf91:0:0:0:0:0 with SMTP id o17csp3358759imk;
                     Fri, 27 Sep 2019 02:46:35 -0700 (PDT)
            X-Google-Smtp-Source: 
APXvYqxHJMofBlzODo5fRYA7j7xd5qZEt0t2DjgnfAXGA8ChxXq9w+4D0NB8ME1egn3uV3gOsfgn
            X-Received: by 2002:a65:5043:: with SMTP id 
k3mr8485146pgo.406.1569577595481;
                     Fri, 27 Sep 2019 02:46:35 -0700 (PDT)
            ARC-Seal: i=1; a=rsa-sha256; t=1569577595; cv=none;
                     d=google.com  <http://google.com>; s=arc-20160816;
                     
b=RFuQ52Ha1QndJ/rcALmW4+lfa1pnwK/ZJkH9jaupESEWm1/PtRA9kZyafMuPBecpAg
                      
YV9EeqVPixu33bKBCJejpSjM11/GACFlCwfR8pNZA43LWBNH+DhzvduVAFdrtUB0f8c7
                      
+QQxKJQ/hX9Lfjk9AdGzMAUITK23naokgpUGdThCz1pfKgweBZW0TZWbvPdUZp+5FjlX
                      
KhldCT1Q76+5Ec5SuxOqmqDpqxsJ8KZRAAdQs6IFm5/wGzrVyH2V7f4aB/AsqKuEtiRd
                      
PpWDunYjYGQJwbfUfC5APHTV6OxkiTIhVFSphLJdHu7JHF8AKOo/M4CbzYQeJTqAzvgH
                      zMzQ==
            ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com 
 <http://google.com>; s=arc-20160816;
                     
h=importance:content-transfer-encoding:mime-version:user-agent:to
                      :from:subject:date:message-id:dkim-signature;
                     bh=g3zLYH4xKxcPrHOD18z9YfpQcnk/GaJedfustWU5uGs=;
                     
b=Q1EqIgKIoYX1ckvl46Hs88ezj8DlGnJ7/hOBQUaBEFimABh9utR16law3oLDNmvNcD
                      
O6LbpRcBYuwAimiplbgqWa8r7rQ0lYgbrJuZhJW1aGANQnoA9gZsNYBCIrbIlLtXNsGO
                      
xFDWArhAVHM7oAyTjF1gAejKmnmAFgWWWV5rj9LUg02LRwWenn++FOb/8ZkMfblJktag
                      
a/Vq/TWD9fx8pJz1b37D7AH2ymS8rdeD0mllY3mOMnRnPYslBxoUPdEny9UXsago21sg
                      
BHQKDodcmbNmXG9IqiKmePJxTLqxLM7/M9qajfPv0lP66kstcO15jF8wTwpSMjhYCHfZ
                      zbSg==
            ARC-Authentication-Results: i=1;mx.google.com  
<http://mx.google.com>;
                    dkim=temperror (no key for signature) header.i=@mail.pan-asia.in  
<http://mail.pan-asia.in>  header.s=dkim1 header.b=ia7qahkm;
                    spf=pass (google.com  <http://google.com>: domain 
ofm...@reliancehrconsulting.com  <mailto:m...@reliancehrconsulting.com>  designates 
49.128.33.86 as permitted sender) smtp.mailfrom=m...@reliancehrconsulting.com  
<mailto:m...@reliancehrconsulting.com>;
                    dmarc=pass (p=NONE sp=NONE dis=NONE) 
header.from=reliancehrconsulting.com  <http://reliancehrconsulting.com>
            Return-Path: <m...@reliancehrconsulting.com  
<mailto:m...@reliancehrconsulting.com>>
            Received: frommail.pan-asia.in  <http://mail.pan-asia.in>  
([49.128.33.86])
                     bymx.google.com  <http://mx.google.com>  with ESMTPS id 
70si2236946plc.139.2019.09.27.02.46.34
                     for <kand...@gmail.com  <mailto:kand...@gmail.com>>
                     (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 
bits=128/128);
                     Fri, 27 Sep 2019 02:46:35 -0700 (PDT)
            Received-SPF: pass (google.com  <http://google.com>: domain 
ofm...@reliancehrconsulting.com  <mailto:m...@reliancehrconsulting.com>  designates 
49.128.33.86 as permitted sender) client-ip=49.128.33.86;
            Authentication-Results:mx.google.com  <http://mx.google.com>;
                    dkim=temperror (no key for signature) header.i=@mail.pan-asia.in  
<http://mail.pan-asia.in>  header.s=dkim1 header.b=ia7qahkm;
                    spf=pass (google.com  <http://google.com>: domain 
ofm...@reliancehrconsulting.com  <mailto:m...@reliancehrconsulting.com>  designates 
49.128.33.86 as permitted sender) smtp.mailfrom=m...@reliancehrconsulting.com  
<mailto:m...@reliancehrconsulting.com>;
                    dmarc=pass (p=NONE sp=NONE dis=NONE) 
header.from=reliancehrconsulting.com  <http://reliancehrconsulting.com>
            DKIM-Signature: v=1; a=rsa-sha1; c=simple; d=mail.pan-asia.in  
<http://mail.pan-asia.in>; h= 
message-id:date:subject:from:to:mime-version:content-type :content-transfer-encoding; 
s=dkim1; bh=/edzoYuyn17WXm8KeqcX/R+k hdQ=; 
b=ia7qahkmumkHx2g7FdiBdtJy5mkw5k/iesJrpNPz5Xswk5VIQ8KUGC0O 
UZPZEc+WCRME/xtYvU+JMG/86y96fy8NDbBZIOnBc9z7kp7EJxNFKt9WIowOGjpE 
RH6TgnTeFVW8IkRXb+eTZMO8D01wK27fdffYsp1FFf43v16WBak=
            Received: (qmail 27072 invoked by uid 89); 27 Sep 2019 09:46:33 
-0000
            Received: from unknown (HELOmail.reliancehrconsulting.com  
<http://mail.reliancehrconsulting.com>) (m...@reliancehrconsulting.com@  
<mailto:m...@reliancehrconsulting.com@>127.0.0.1  <http://127.0.0.1>)
               bymail.pan-asia.in  <http://mail.pan-asia.in>  with ESMTPA; 27 
Sep 2019 09:46:33 -0000
            Received: from 129.126.169.22
                     (SquirrelMail authenticated userm...@reliancehrconsulting.com  
<mailto:m...@reliancehrconsulting.com>)
                     bymail.reliancehrconsulting.com  
<http://mail.reliancehrconsulting.com>  with HTTP;
                     Fri, 27 Sep 2019 17:46:33 +0800
            Message-ID: 
<21567bbff8eb0eb22d4c8b720f400d23.squir...@mail.reliancehrconsulting.com  
<mailto:21567bbff8eb0eb22d4c8b720f400d23.squir...@mail.reliancehrconsulting.com>>
            Date: Fri, 27 Sep 2019 17:46:33 +0800
            Subject: test
            From:m...@reliancehrconsulting.com  
<mailto:m...@reliancehrconsulting.com>
            To:kand...@gmail.com  <mailto:kand...@gmail.com>
            User-Agent: SquirrelMail/1.4.22-0.qt.el6
            MIME-Version: 1.0
            Content-Type: text/plain;charset=iso-8859-1
            Content-Transfer-Encoding: 8bit
            X-Priority: 3 (Normal)
            Importance: Normal

            test



            On Fri, Sep 27, 2019 at 2:53 PM Eric's mail
            <ebr...@whitehorsetc.com
            <mailto:ebr...@whitehorsetc.com>> wrote:

                http://www.qmailtoaster.com/dkim.html

                Get Outlook for Android <https://aka.ms/ghei36>




                On Thu, Sep 26, 2019 at 10:41 PM -0600,
                "ChandranManikandan" <kand...@gmail.com
                <mailto:kand...@gmail.com>> wrote:

                    Hi Andy,

                    I have installed DKIM in our server and there is
                    private and public key on our server.
                    I have added the public like below in our dns
                    hosting provider (Godaddy) control panel

                    TXT
                    Host: rhc._domainkey.domainname
                    TXT value:  k=rsa; p=private key
                    TTL 1 hour

                    But it's not signed in the email.

                    I have configured MX,SPF,DMARC and DKIM in DNS
                    server settings.

                    Did i made a mistake in DNS settings?

                    Could you help me

                    On Fri, Sep 27, 2019 at 11:50 AM Andrew Swartz
                    <awswa...@acsalaska.net
                    <mailto:awswa...@acsalaska.net>> wrote:

                        Your email does not contain a DKIM signature.

                        The ARC* headers are signatures added by
                        gmail after receipt.

                        If you had a DKIM signature, it would be
                        below this part of the header chain:

                        Received: frommail.pan-asia.in  
<http://mail.pan-asia.in>  ([49.128.33.86])
                                 bymx.google.com  <http://mx.google.com>  with 
ESMTPS id t6si1129421pgt.557.2019.09.25.21.12.54
                                 for <kand...@gmail.com  
<mailto:kand...@gmail.com>>
                                 (version=TLS1_2 
cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128);
                                 Wed, 25 Sep 2019 21:12:55 -0700 (PDT)
                        Received-SPF: pass (google.com  <http://google.com>: domain 
ofm...@reliancehrconsulting.com  <mailto:m...@reliancehrconsulting.com>  designates 
49.128.33.86 as permitted sender) client-ip=49.128.33.86;
                        Authentication-Results:mx.google.com  
<http://mx.google.com>;
                                spf=pass (google.com  <http://google.com>: domain 
ofm...@reliancehrconsulting.com  <mailto:m...@reliancehrconsulting.com>  designates 
49.128.33.86 as permitted sender) smtp.mailfrom=m...@reliancehrconsulting.com  
<mailto:m...@reliancehrconsulting.com>;
                                dmarc=pass (p=NONE sp=NONE dis=NONE) 
header.from=reliancehrconsulting.com  <http://reliancehrconsulting.com>


                        That and everything above it was added by gmail.

                        You may have set up the DNS part of DKIM, but
                        your server does not seem to be signing the
                        emails.

                        When you get it working, you can test by
                        sending an email to a reflector, like this:

                        sa-t...@sendmail.net
                        <mailto:sa-t...@sendmail.net>

                        It will analyze the smtp session and the
                        email and then email the results back to you.

                        There are several other reflectors listed at
                        the bottom of this page:

                        
https://www.cisco.com/c/en/us/support/docs/security/email-security-appliance/118571-technote-esa-00.html


                        Hope this helps,

                        -Andy



                        On 9/25/2019 8:39 PM, ChandranManikandan wrote:
                        Hi Friends,

                        I have tried to send an test email from my
                        domain to gmail.
                        It is going the gmail spam folder and i have
                        configured SPF and DMARC in dns.

                        Could you look at the below message header
                        in gmail and help me to solve this problem.
                        Delivered-To:kand...@gmail.com  
<mailto:kand...@gmail.com>
                        Received: by 2002:ac0:bf91:0:0:0:0:0 with SMTP id 
o17csp1656435imk;
                                 Wed, 25 Sep 2019 21:12:55 -0700 (PDT)
                        X-Google-Smtp-Source: 
APXvYqxiLedyv3u6JDrnZQHvyrvIcmrH9n2kSrdj3NOCigD3cs53Rm6tgsJPdMbI9UBNqbqOc1Hz
                        X-Received: by 2002:a63:1720:: with SMTP id 
x32mr1332168pgl.289.1569471175444;
                                 Wed, 25 Sep 2019 21:12:55 -0700 (PDT)
                        ARC-Seal: i=1; a=rsa-sha256; t=1569471175; cv=none;
                                 d=google.com  <http://google.com>; 
s=arc-20160816;
                                 
b=JGxA7PMxFt1qrwUPb9SXj40SHUhyOOPo+pENSvAaYhLkzdijEWpCgu5KWAW3yEfvWA
                                  
a2+Q9sPT9qJQZlwFvFmH4ZRi20KCLo9RMvbkRSW3L/L8Lzztic/OCfj2+o1HKmCKl4gk
                                  
bPWD4Tv9a/0Zg+EqIFUgJD0QhpFnSXMHmw59RoD3EurAA7zex+55NNRdnS2o7aluru0U
                                  
dYI9xixpZd276FwfDDy+FLSh5EYuYTmjkXEMEgmbNCMhGQ5WQ9AASzwVyDbXhFt9ixSN
                                  
JB8MKPw3P8cDyX/+Db1WoflU82H2KbVV+ON4GFhrvDVYkpQiWHbASNVipQfPj2YSItPP
                                  g6Ng==
                        ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; 
d=google.com  <http://google.com>; s=arc-20160816;
                                 
h=importance:content-transfer-encoding:mime-version:user-agent:cc:to
                                  :from:subject:date:message-id;
                                 
bh=g3zLYH4xKxcPrHOD18z9YfpQcnk/GaJedfustWU5uGs=;
                                 
b=XDv2dnoYR6tpeltyJ8tD82IKUIGCs0888LAX5xt4MqpL8IPAcUqA8xYLJvNx+heJH/
                                  
5xT0tBciuRolqjCA7jRI2BSSTGmO7wKoEuuL8uvaYfpxM+7eGTNpnIV0mLH3V9z7SUr0
                                  
/Wcr/O3KstHzBxoYgAc71UguXyLG6LarOFgjcxvpVh4k3FbMKXJy+7wDDJC5zCfAcSQr
                                  
VrmJqYWJsc4VcgFrs0+O024BqMmlrLn5WycmtpLAZ0LP/tflbx4OzMMoL+K3AvpIdccB
                                  
hHtkCIyNislpUv6EqxxZLvumM2ysFL4Dd7M06ZpBxm5gIA3HVOL33E7JY2YQefIHv/io
                                  vIpg==
                        ARC-Authentication-Results: i=1;mx.google.com  
<http://mx.google.com>;
                                spf=pass (google.com  <http://google.com>: domain 
ofm...@reliancehrconsulting.com  <mailto:m...@reliancehrconsulting.com>  designates 
49.128.33.86 as permitted sender) smtp.mailfrom=m...@reliancehrconsulting.com  
<mailto:m...@reliancehrconsulting.com>;
                                dmarc=pass (p=NONE sp=NONE dis=NONE) 
header.from=reliancehrconsulting.com  <http://reliancehrconsulting.com>
                        Return-Path: <m...@reliancehrconsulting.com  
<mailto:m...@reliancehrconsulting.com>>
                        Received: frommail.pan-asia.in  
<http://mail.pan-asia.in>  ([49.128.33.86])
                                 bymx.google.com  <http://mx.google.com>  with 
ESMTPS id t6si1129421pgt.557.2019.09.25.21.12.54
                                 for <kand...@gmail.com  
<mailto:kand...@gmail.com>>
                                 (version=TLS1_2 
cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128);
                                 Wed, 25 Sep 2019 21:12:55 -0700 (PDT)
                        Received-SPF: pass (google.com  <http://google.com>: domain 
ofm...@reliancehrconsulting.com  <mailto:m...@reliancehrconsulting.com>  designates 
49.128.33.86 as permitted sender) client-ip=49.128.33.86;
                        Authentication-Results:mx.google.com  
<http://mx.google.com>;
                                spf=pass (google.com  <http://google.com>: domain 
ofm...@reliancehrconsulting.com  <mailto:m...@reliancehrconsulting.com>  designates 
49.128.33.86 as permitted sender) smtp.mailfrom=m...@reliancehrconsulting.com  
<mailto:m...@reliancehrconsulting.com>;
                                dmarc=pass (p=NONE sp=NONE dis=NONE) 
header.from=reliancehrconsulting.com  <http://reliancehrconsulting.com>
                        Received: (qmail 11583 invoked by uid 89); 26 Sep 2019 
04:12:53 -0000
                        Received: from unknown (HELOmail.reliancehrconsulting.com  
<http://mail.reliancehrconsulting.com>) (m...@reliancehrconsulting.com@  
<mailto:m...@reliancehrconsulting.com@>127.0.0.1  <http://127.0.0.1>)
                           bymail.pan-asia.in  <http://mail.pan-asia.in>  with 
ESMTPA; 26 Sep 2019 04:12:53 -0000
                        Received: from 129.126.169.22
                                 (SquirrelMail authenticated 
userm...@reliancehrconsulting.com  <mailto:m...@reliancehrconsulting.com>)
                                 bymail.reliancehrconsulting.com  
<http://mail.reliancehrconsulting.com>  with HTTP;
                                 Thu, 26 Sep 2019 12:12:53 +0800
                        Message-ID: 
<afd61f84dae4a2d7454e332d9f725c75.squir...@mail.reliancehrconsulting.com  
<mailto:afd61f84dae4a2d7454e332d9f725c75.squir...@mail.reliancehrconsulting.com>>
                        Date: Thu, 26 Sep 2019 12:12:53 +0800
                        Subject: test
                        From:m...@reliancehrconsulting.com  
<mailto:m...@reliancehrconsulting.com>
                        To:kand...@gmail.com  <mailto:kand...@gmail.com>
                        Cc:m...@reliancehrconsulting.com  
<mailto:m...@reliancehrconsulting.com>
                        User-Agent: SquirrelMail/1.4.22-0.qt.el6
                        MIME-Version: 1.0
                        Content-Type: text/plain;charset=iso-8859-1
                        Content-Transfer-Encoding: 8bit
                        X-Priority: 3 (Normal)
                        Importance: Normal

                        test



-- */Regards,
                        Manikandan.C
                        /*



-- */Regards,
                    Manikandan.C
                    /*



-- */Regards,
            Manikandan.C
            /*



-- */Regards,
        Manikandan.C
        /*



--
*/Regards,
Manikandan.C
/*

Reply via email to