Hi Eric, I have done of your advise. the below list of files
-rws--x--x 1 qmailq qmail 50K Apr 15 2014 qmail-dk -rws--x--x 1 qmailq qmail 27K Apr 15 2014 qmail-queue There is no link with qmail-queue and qmail-dk and there is no qmail-queue.orig file and tcp.smtp file is like below. 127.:allow,RELAYCLIENT="",RBLSMTPD="",NOP0FCHECK="1" :allow,BADMIMETYPE="",BADLOADERTYPE="M",CHKUSER_RCPTLIMIT="50",CHKUSER_WRONGRCPTLIMIT="10",NOP0FCHECK="1",QMAILQUEUE="/var/qmail/bin/simscan" Is it my setup is okay or did i miss anything. Thanks. On Mon, Sep 30, 2019 at 11:05 PM Eric Broch <[email protected]> wrote: > I've removed DomainKeys (not DKIM) from qmail altogether in later versions > and decided to use a wrapper for DKIM. > > So, > > If you have below list from /var/qmail/bin > > # ls -l /var/qmail/bin/qmail-queue /var/qmail/bin/qmail-queue.orig > /var/qmail/bin/qmail-dk > -rws--x--x 1 qmailq qmail 52096 Jan 21 2018 /var/qmail/bin/qmail-dk > lrwxrwxrwx 1 root root 23 Jun 14 2018 /var/qmail/bin/qmail-queue -> > /var/qmail/bin/qmail-dk > -rws--x--x 1 qmailq qmail 27040 Jan 21 2018 > /var/qmail/bin/qmail-queue.orig > > Stop qmail > > # qmailctl stop > > Remove symlink to qmail-dk > > # unlink /var/qmail/bin/qmail-queue > > Move qmail-queue.orig to qmail-queue > > # mv /var/qmail/bin/qmail-queue.orig /var/qmail/bin/qmail-queue > > Start qmail > > # qmailctl start > > Remove DKSIGN, DKVERIFY, DKQUEUE (DomainKeys) from tcp.smtp. > > # qmailctl cdb > > > On 9/29/2019 10:56 PM, ChandranManikandan wrote: > > Hi Eric, > > Thanks for your help. > I have successfully rectified the issue with the following your steps > above and tested in Gmail account from squirrel webmail. > It is working now. > > I have notified in /etc/tcprules.d/tcp.smtp file in below lines. Do i need > amend the lines in this file. please let me know. > > DKSIGN="/var/qmail/control/domainkeys/%/private" > > On Sun, Sep 29, 2019 at 10:47 PM Eric Broch <[email protected]> wrote: > >> Step 2) from http://www.qmailtoaster.com/dkim.html >> >> At the command line first create the key and txt record for the domain >> you want signed (replace otherdomain.com with the domain you want in >> every command below). >> So if your domain is mydomain.com the command would be, '# dknewkey >> /var/qmail/control/dkim/mydomain.com.key 1024 > >> /var/qmail/control/dkim/mydomain.com.txt' >> # dknewkey /var/qmail/control/dkim/otherdomain.com.key 1024 > >> /var/qmail/control/dkim/otherdomain.com.txt >> >> At command line change the selector in the txt record from >> 'otherdomain.com.key._domainkey' to 'dkim1._domainkey' >> # perl -pi -e 's/^.*\.key/dkim1/' >> /var/qmail/control/dkim/otherdomain.com.txt >> >> Check the file to see if substitution happened. >> # cat /var/qmail/control/dkim/otherdomain.com.txt >> dkim1._domainkey IN TXT "k=rsa; >> p=******************************" >> >> >> Create DNS TXT record for otherdomain.com using the output from the text >> file 'otherdomain.com.txt' where your DNS settings are managed, usually >> your ISP (mine are Godaddy). >> Host Text >> dkim1._domainkey IN TXT v=DKIM1; k=rsa; >> p=************************* >> >> Edit the signature file and add your domain. This is what the perl script >> 'qmail-remote' will read and then call the original qmail-remote now >> renamed to qmail-remote.orig. >> # vi /var/qmail/control/dkim/signconf.xml >> <otherdomain.com domain="otherdomain.com" >> keyfile="/var/qmail/control/dkim/otherdomain.com.key" selector="dkim1"> >> <types id="dkim" /> >> <types id="domainkey" method="nofws" /> >> </otherdomain.com> >> >> So file looks like this: >> >> <dkimsign> >> <!-- per default sign all mails using dkim --> >> <global algorithm="rsa-sha1" domain="/var/qmail/control/me" >> keyfile="/var/qmail/control/dkim/global.key" method="simple" >> selector="dkim1"> >> <types id="dkim" /> >> </global> >> <otherdomain.com domain="otherdomain.com" >> keyfile="/var/qmail/control/dkim/otherdomain.com.key" selector="dkim1"> >> <types id="dkim" /> >> <types id="domainkey" method="nofws" /> >> </otherdomain.com> >> </dkimsign> >> >> >> Notes Step 2) Test your DKIM signature (Remember, replace otherdomain.com >> with your domain). >> # yum install epel-release opendkim >> # opendkim-testkey -vvvv -d otherdomain.com -k >> /var/qmail/control/dkim/otherdomain.com.key -s dkim1 >> >> On Sun, Sep 29, 2019 at 7:19 AM ChandranManikandan <[email protected]> >> wrote: >> >>> Hi Eric, >>> >>> How do i implement DKIM for my domain. Really need your help. >>> I have followed your 1 step only. do i need to follow all the four steps >>> and how do i configure in DNS server. >>> why the gmail marked into spam folder of my domains emails. >>> >>> Appreciate discussions and help. >>> >>> >>> On Fri, Sep 27, 2019 at 11:51 PM Eric Broch <[email protected]> >>> wrote: >>> >>>> DKIM is not DomainKeys >>>> >>>> >>>> On 9/27/2019 3:54 AM, ChandranManikandan wrote: >>>> >>>> Hi Eric, >>>> >>>> I have setup Global key (default for all domains)from your link and >>>> also configured in dns server then i checked in mxtoolbox and getting the >>>> result of the domain key. after that i tried to send an email to gmail it >>>> is showing the error. the email header is below. >>>> >>>> Do i need to follow the all 4 steps. >>>> >>>> I will wait one day for the dns propagation and will update you. >>>> Meanwhile could you look at the message header below. >>>> >>>> Delivered-To: [email protected] >>>> Received: by 2002:ac0:bf91:0:0:0:0:0 with SMTP id o17csp3358759imk; >>>> Fri, 27 Sep 2019 02:46:35 -0700 (PDT) >>>> X-Google-Smtp-Source: >>>> APXvYqxHJMofBlzODo5fRYA7j7xd5qZEt0t2DjgnfAXGA8ChxXq9w+4D0NB8ME1egn3uV3gOsfgn >>>> X-Received: by 2002:a65:5043:: with SMTP id >>>> k3mr8485146pgo.406.1569577595481; >>>> Fri, 27 Sep 2019 02:46:35 -0700 (PDT) >>>> ARC-Seal: i=1; a=rsa-sha256; t=1569577595; cv=none; >>>> d=google.com; s=arc-20160816; >>>> >>>> b=RFuQ52Ha1QndJ/rcALmW4+lfa1pnwK/ZJkH9jaupESEWm1/PtRA9kZyafMuPBecpAg >>>> >>>> YV9EeqVPixu33bKBCJejpSjM11/GACFlCwfR8pNZA43LWBNH+DhzvduVAFdrtUB0f8c7 >>>> >>>> +QQxKJQ/hX9Lfjk9AdGzMAUITK23naokgpUGdThCz1pfKgweBZW0TZWbvPdUZp+5FjlX >>>> >>>> KhldCT1Q76+5Ec5SuxOqmqDpqxsJ8KZRAAdQs6IFm5/wGzrVyH2V7f4aB/AsqKuEtiRd >>>> >>>> PpWDunYjYGQJwbfUfC5APHTV6OxkiTIhVFSphLJdHu7JHF8AKOo/M4CbzYQeJTqAzvgH >>>> zMzQ== >>>> ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; >>>> s=arc-20160816; >>>> h=importance:content-transfer-encoding:mime-version:user-agent:to >>>> :from:subject:date:message-id:dkim-signature; >>>> bh=g3zLYH4xKxcPrHOD18z9YfpQcnk/GaJedfustWU5uGs=; >>>> >>>> b=Q1EqIgKIoYX1ckvl46Hs88ezj8DlGnJ7/hOBQUaBEFimABh9utR16law3oLDNmvNcD >>>> >>>> O6LbpRcBYuwAimiplbgqWa8r7rQ0lYgbrJuZhJW1aGANQnoA9gZsNYBCIrbIlLtXNsGO >>>> >>>> xFDWArhAVHM7oAyTjF1gAejKmnmAFgWWWV5rj9LUg02LRwWenn++FOb/8ZkMfblJktag >>>> >>>> a/Vq/TWD9fx8pJz1b37D7AH2ymS8rdeD0mllY3mOMnRnPYslBxoUPdEny9UXsago21sg >>>> >>>> BHQKDodcmbNmXG9IqiKmePJxTLqxLM7/M9qajfPv0lP66kstcO15jF8wTwpSMjhYCHfZ >>>> zbSg== >>>> ARC-Authentication-Results: i=1; mx.google.com; >>>> dkim=temperror (no key for signature) [email protected] >>>> header.s=dkim1 header.b=ia7qahkm; >>>> spf=pass (google.com: domain of [email protected] >>>> designates 49.128.33.86 as permitted sender) >>>> [email protected]; >>>> dmarc=pass (p=NONE sp=NONE dis=NONE) >>>> header.from=reliancehrconsulting.com >>>> Return-Path: <[email protected]> >>>> Received: from mail.pan-asia.in ([49.128.33.86]) >>>> by mx.google.com with ESMTPS id >>>> 70si2236946plc.139.2019.09.27.02.46.34 >>>> for <[email protected]> >>>> (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); >>>> Fri, 27 Sep 2019 02:46:35 -0700 (PDT) >>>> Received-SPF: pass (google.com: domain of [email protected] >>>> designates 49.128.33.86 as permitted sender) client-ip=49.128.33.86; >>>> Authentication-Results: mx.google.com; >>>> dkim=temperror (no key for signature) [email protected] >>>> header.s=dkim1 header.b=ia7qahkm; >>>> spf=pass (google.com: domain of [email protected] >>>> designates 49.128.33.86 as permitted sender) >>>> [email protected]; >>>> dmarc=pass (p=NONE sp=NONE dis=NONE) >>>> header.from=reliancehrconsulting.com >>>> DKIM-Signature: v=1; a=rsa-sha1; c=simple; d=mail.pan-asia.in; h= >>>> message-id:date:subject:from:to:mime-version:content-type >>>> :content-transfer-encoding; s=dkim1; bh=/edzoYuyn17WXm8KeqcX/R+k hdQ=; >>>> b=ia7qahkmumkHx2g7FdiBdtJy5mkw5k/iesJrpNPz5Xswk5VIQ8KUGC0O >>>> UZPZEc+WCRME/xtYvU+JMG/86y96fy8NDbBZIOnBc9z7kp7EJxNFKt9WIowOGjpE >>>> RH6TgnTeFVW8IkRXb+eTZMO8D01wK27fdffYsp1FFf43v16WBak= >>>> Received: (qmail 27072 invoked by uid 89); 27 Sep 2019 09:46:33 -0000 >>>> Received: from unknown (HELO mail.reliancehrconsulting.com) >>>> ([email protected]@127.0.0.1) >>>> by mail.pan-asia.in with ESMTPA; 27 Sep 2019 09:46:33 -0000 >>>> Received: from 129.126.169.22 >>>> (SquirrelMail authenticated user [email protected]) >>>> by mail.reliancehrconsulting.com with HTTP; >>>> Fri, 27 Sep 2019 17:46:33 +0800 >>>> Message-ID: >>>> <21567bbff8eb0eb22d4c8b720f400d23.squir...@mail.reliancehrconsulting.com> >>>> Date: Fri, 27 Sep 2019 17:46:33 +0800 >>>> Subject: test >>>> From: [email protected] >>>> To: [email protected] >>>> User-Agent: SquirrelMail/1.4.22-0.qt.el6 >>>> MIME-Version: 1.0 >>>> Content-Type: text/plain;charset=iso-8859-1 >>>> Content-Transfer-Encoding: 8bit >>>> X-Priority: 3 (Normal) >>>> Importance: Normal >>>> >>>> test >>>> >>>> >>>> >>>> >>>> On Fri, Sep 27, 2019 at 2:53 PM Eric's mail <[email protected]> >>>> wrote: >>>> >>>>> http://www.qmailtoaster.com/dkim.html >>>>> >>>>> Get Outlook for Android <https://aka.ms/ghei36> >>>>> >>>>> >>>>> >>>>> >>>>> On Thu, Sep 26, 2019 at 10:41 PM -0600, "ChandranManikandan" < >>>>> [email protected]> wrote: >>>>> >>>>> Hi Andy, >>>>>> >>>>>> I have installed DKIM in our server and there is private and public >>>>>> key on our server. >>>>>> I have added the public like below in our dns hosting provider >>>>>> (Godaddy) control panel >>>>>> >>>>>> TXT >>>>>> Host: rhc._domainkey.domainname >>>>>> TXT value: k=rsa; p=private key >>>>>> TTL 1 hour >>>>>> >>>>>> But it's not signed in the email. >>>>>> >>>>>> I have configured MX,SPF,DMARC and DKIM in DNS server settings. >>>>>> >>>>>> Did i made a mistake in DNS settings? >>>>>> >>>>>> Could you help me >>>>>> >>>>>> On Fri, Sep 27, 2019 at 11:50 AM Andrew Swartz < >>>>>> [email protected]> wrote: >>>>>> >>>>>>> Your email does not contain a DKIM signature. >>>>>>> >>>>>>> The ARC* headers are signatures added by gmail after receipt. >>>>>>> >>>>>>> If you had a DKIM signature, it would be below this part of the >>>>>>> header chain: >>>>>>> >>>>>>> Received: from mail.pan-asia.in ([49.128.33.86]) >>>>>>> by mx.google.com with ESMTPS id >>>>>>> t6si1129421pgt.557.2019.09.25.21.12.54 >>>>>>> for <[email protected]> >>>>>>> (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 >>>>>>> bits=128/128); >>>>>>> Wed, 25 Sep 2019 21:12:55 -0700 (PDT) >>>>>>> Received-SPF: pass (google.com: domain of [email protected] >>>>>>> designates 49.128.33.86 as permitted sender) client-ip=49.128.33.86; >>>>>>> Authentication-Results: mx.google.com; >>>>>>> spf=pass (google.com: domain of [email protected] >>>>>>> designates 49.128.33.86 as permitted sender) >>>>>>> [email protected]; >>>>>>> dmarc=pass (p=NONE sp=NONE dis=NONE) >>>>>>> header.from=reliancehrconsulting.com >>>>>>> >>>>>>> >>>>>>> That and everything above it was added by gmail. >>>>>>> >>>>>>> You may have set up the DNS part of DKIM, but your server does not >>>>>>> seem to be signing the emails. >>>>>>> >>>>>>> When you get it working, you can test by sending an email to a >>>>>>> reflector, like this: >>>>>>> >>>>>>> [email protected] >>>>>>> >>>>>>> It will analyze the smtp session and the email and then email the >>>>>>> results back to you. >>>>>>> >>>>>>> There are several other reflectors listed at the bottom of this >>>>>>> page: >>>>>>> >>>>>>> >>>>>>> https://www.cisco.com/c/en/us/support/docs/security/email-security-appliance/118571-technote-esa-00.html >>>>>>> >>>>>>> >>>>>>> Hope this helps, >>>>>>> >>>>>>> -Andy >>>>>>> >>>>>>> >>>>>>> >>>>>>> On 9/25/2019 8:39 PM, ChandranManikandan wrote: >>>>>>> >>>>>>> Hi Friends, >>>>>>> >>>>>>> I have tried to send an test email from my domain to gmail. >>>>>>> It is going the gmail spam folder and i have configured SPF and >>>>>>> DMARC in dns. >>>>>>> >>>>>>> Could you look at the below message header in gmail and help me to >>>>>>> solve this problem. >>>>>>> >>>>>>> Delivered-To: [email protected] >>>>>>> Received: by 2002:ac0:bf91:0:0:0:0:0 with SMTP id o17csp1656435imk; >>>>>>> Wed, 25 Sep 2019 21:12:55 -0700 (PDT) >>>>>>> X-Google-Smtp-Source: >>>>>>> APXvYqxiLedyv3u6JDrnZQHvyrvIcmrH9n2kSrdj3NOCigD3cs53Rm6tgsJPdMbI9UBNqbqOc1Hz >>>>>>> X-Received: by 2002:a63:1720:: with SMTP id >>>>>>> x32mr1332168pgl.289.1569471175444; >>>>>>> Wed, 25 Sep 2019 21:12:55 -0700 (PDT) >>>>>>> ARC-Seal: i=1; a=rsa-sha256; t=1569471175; cv=none; >>>>>>> d=google.com; s=arc-20160816; >>>>>>> >>>>>>> b=JGxA7PMxFt1qrwUPb9SXj40SHUhyOOPo+pENSvAaYhLkzdijEWpCgu5KWAW3yEfvWA >>>>>>> >>>>>>> a2+Q9sPT9qJQZlwFvFmH4ZRi20KCLo9RMvbkRSW3L/L8Lzztic/OCfj2+o1HKmCKl4gk >>>>>>> >>>>>>> bPWD4Tv9a/0Zg+EqIFUgJD0QhpFnSXMHmw59RoD3EurAA7zex+55NNRdnS2o7aluru0U >>>>>>> >>>>>>> dYI9xixpZd276FwfDDy+FLSh5EYuYTmjkXEMEgmbNCMhGQ5WQ9AASzwVyDbXhFt9ixSN >>>>>>> >>>>>>> JB8MKPw3P8cDyX/+Db1WoflU82H2KbVV+ON4GFhrvDVYkpQiWHbASNVipQfPj2YSItPP >>>>>>> g6Ng== >>>>>>> ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; >>>>>>> d=google.com; s=arc-20160816; >>>>>>> >>>>>>> h=importance:content-transfer-encoding:mime-version:user-agent:cc:to >>>>>>> :from:subject:date:message-id; >>>>>>> bh=g3zLYH4xKxcPrHOD18z9YfpQcnk/GaJedfustWU5uGs=; >>>>>>> >>>>>>> b=XDv2dnoYR6tpeltyJ8tD82IKUIGCs0888LAX5xt4MqpL8IPAcUqA8xYLJvNx+heJH/ >>>>>>> >>>>>>> 5xT0tBciuRolqjCA7jRI2BSSTGmO7wKoEuuL8uvaYfpxM+7eGTNpnIV0mLH3V9z7SUr0 >>>>>>> >>>>>>> /Wcr/O3KstHzBxoYgAc71UguXyLG6LarOFgjcxvpVh4k3FbMKXJy+7wDDJC5zCfAcSQr >>>>>>> >>>>>>> VrmJqYWJsc4VcgFrs0+O024BqMmlrLn5WycmtpLAZ0LP/tflbx4OzMMoL+K3AvpIdccB >>>>>>> >>>>>>> hHtkCIyNislpUv6EqxxZLvumM2ysFL4Dd7M06ZpBxm5gIA3HVOL33E7JY2YQefIHv/io >>>>>>> vIpg== >>>>>>> ARC-Authentication-Results: i=1; mx.google.com; >>>>>>> spf=pass (google.com: domain of [email protected] >>>>>>> designates 49.128.33.86 as permitted sender) >>>>>>> [email protected]; >>>>>>> dmarc=pass (p=NONE sp=NONE dis=NONE) >>>>>>> header.from=reliancehrconsulting.com >>>>>>> Return-Path: <[email protected]> >>>>>>> Received: from mail.pan-asia.in ([49.128.33.86]) >>>>>>> by mx.google.com with ESMTPS id >>>>>>> t6si1129421pgt.557.2019.09.25.21.12.54 >>>>>>> for <[email protected]> >>>>>>> (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 >>>>>>> bits=128/128); >>>>>>> Wed, 25 Sep 2019 21:12:55 -0700 (PDT) >>>>>>> Received-SPF: pass (google.com: domain of [email protected] >>>>>>> designates 49.128.33.86 as permitted sender) client-ip=49.128.33.86; >>>>>>> Authentication-Results: mx.google.com; >>>>>>> spf=pass (google.com: domain of [email protected] >>>>>>> designates 49.128.33.86 as permitted sender) >>>>>>> [email protected]; >>>>>>> dmarc=pass (p=NONE sp=NONE dis=NONE) >>>>>>> header.from=reliancehrconsulting.com >>>>>>> Received: (qmail 11583 invoked by uid 89); 26 Sep 2019 04:12:53 -0000 >>>>>>> Received: from unknown (HELO mail.reliancehrconsulting.com) >>>>>>> ([email protected]@127.0.0.1) >>>>>>> by mail.pan-asia.in with ESMTPA; 26 Sep 2019 04:12:53 -0000 >>>>>>> Received: from 129.126.169.22 >>>>>>> (SquirrelMail authenticated user [email protected]) >>>>>>> by mail.reliancehrconsulting.com with HTTP; >>>>>>> Thu, 26 Sep 2019 12:12:53 +0800 >>>>>>> Message-ID: >>>>>>> <afd61f84dae4a2d7454e332d9f725c75.squir...@mail.reliancehrconsulting.com> >>>>>>> Date: Thu, 26 Sep 2019 12:12:53 +0800 >>>>>>> Subject: test >>>>>>> From: [email protected] >>>>>>> To: [email protected] >>>>>>> Cc: [email protected] >>>>>>> User-Agent: SquirrelMail/1.4.22-0.qt.el6 >>>>>>> MIME-Version: 1.0 >>>>>>> Content-Type: text/plain;charset=iso-8859-1 >>>>>>> Content-Transfer-Encoding: 8bit >>>>>>> X-Priority: 3 (Normal) >>>>>>> Importance: Normal >>>>>>> >>>>>>> test >>>>>>> >>>>>>> >>>>>>> >>>>>>> >>>>>>> -- >>>>>>> >>>>>>> >>>>>>> *Regards, Manikandan.C * >>>>>>> >>>>>>> >>>>>> >>>>>> -- >>>>>> >>>>>> >>>>>> *Regards, Manikandan.C * >>>>>> >>>>> >>>> >>>> -- >>>> >>>> >>>> *Regards, Manikandan.C * >>>> >>>> >>> >>> -- >>> >>> >>> *Regards, Manikandan.C * >>> >> > > -- > > > *Regards, Manikandan.C * > > -- *Thanks,* *Manikandan.C* *System Administrator*
