Mail is flowing and dkim key is signing outgoing mail?
Get Outlook for Android On Thu, Oct 3, 2019 at 5:14 AM -0600, "Chandran Manikandan" <[email protected]> wrote: Hi Eric, I have done of your advise.the below list of files -rws--x--x 1 qmailq qmail 50K Apr 15 2014 qmail-dk -rws--x--x 1 qmailq qmail 27K Apr 15 2014 qmail-queue There is no link with qmail-queue and qmail-dk and there is no qmail-queue.orig file and tcp.smtp file is like below. 127.:allow,RELAYCLIENT="",RBLSMTPD="",NOP0FCHECK="1" :allow,BADMIMETYPE="",BADLOADERTYPE="M",CHKUSER_RCPTLIMIT="50",CHKUSER_WRONGRCPTLIMIT="10",NOP0FCHECK="1",QMAILQUEUE="/var/qmail/bin/simscan" Is it my setup is okay or did i miss anything. Thanks. On Mon, Sep 30, 2019 at 11:05 PM Eric Broch <[email protected]> wrote: I've removed DomainKeys (not DKIM) from qmail altogether in later versions and decided to use a wrapper for DKIM. So, If you have below list from /var/qmail/bin # ls -l /var/qmail/bin/qmail-queue /var/qmail/bin/qmail-queue.orig /var/qmail/bin/qmail-dk -rws--x--x 1 qmailq qmail 52096 Jan 21 2018 /var/qmail/bin/qmail-dk lrwxrwxrwx 1 root root 23 Jun 14 2018 /var/qmail/bin/qmail-queue -> /var/qmail/bin/qmail-dk -rws--x--x 1 qmailq qmail 27040 Jan 21 2018 /var/qmail/bin/qmail-queue.orig Stop qmail # qmailctl stop Remove symlink to qmail-dk # unlink /var/qmail/bin/qmail-queue Move qmail-queue.orig to qmail-queue # mv /var/qmail/bin/qmail-queue.orig /var/qmail/bin/qmail-queue Start qmail # qmailctl start Remove DKSIGN, DKVERIFY, DKQUEUE (DomainKeys) from tcp.smtp. # qmailctl cdb On 9/29/2019 10:56 PM, ChandranManikandan wrote: Hi Eric, Thanks for your help. I have successfully rectified the issue with the following your steps above and tested in Gmail account from squirrel webmail. It is working now. I have notified in /etc/tcprules.d/tcp.smtp file in below lines. Do i need amend the lines in this file. please let me know. DKSIGN="/var/qmail/control/domainkeys/%/private" On Sun, Sep 29, 2019 at 10:47 PM Eric Broch <[email protected]> wrote: Step 2) from http://www.qmailtoaster.com/dkim.html At the command line first create the key and txt record for the domain you want signed (replace otherdomain.com with the domain you want in every command below). So if your domain is mydomain.com the command would be, '# dknewkey /var/qmail/control/dkim/mydomain.com.key 1024 > /var/qmail/control/dkim/mydomain.com.txt' # dknewkey /var/qmail/control/dkim/otherdomain.com.key 1024 > /var/qmail/control/dkim/otherdomain.com.txt At command line change the selector in the txt record from 'otherdomain.com.key._domainkey' to 'dkim1._domainkey' # perl -pi -e 's/^.*\.key/dkim1/' /var/qmail/control/dkim/otherdomain.com.txt Check the file to see if substitution happened. # cat /var/qmail/control/dkim/otherdomain.com.txt dkim1._domainkey IN TXT "k=rsa; p=******************************" Create DNS TXT record for otherdomain.com using the output from the text file 'otherdomain.com.txt' where your DNS settings are managed, usually your ISP (mine are Godaddy). Host Text dkim1._domainkey IN TXT v=DKIM1; k=rsa; p=************************* Edit the signature file and add your domain. This is what the perl script 'qmail-remote' will read and then call the original qmail-remote now renamed to qmail-remote.orig. # vi /var/qmail/control/dkim/signconf.xml <otherdomain.com domain="otherdomain.com" keyfile="/var/qmail/control/dkim/otherdomain.com.key" selector="dkim1"> <types id="dkim" /> <types id="domainkey" method="nofws" /> </otherdomain.com> So file looks like this: <dkimsign> <!-- per default sign all mails using dkim --> <global algorithm="rsa-sha1" domain="/var/qmail/control/me" keyfile="/var/qmail/control/dkim/global.key" method="simple" selector="dkim1"> <types id="dkim" /> </global> <otherdomain.com domain="otherdomain.com" keyfile="/var/qmail/control/dkim/otherdomain.com.key" selector="dkim1"> <types id="dkim" /> <types id="domainkey" method="nofws" /> </otherdomain.com> </dkimsign> Notes Step 2) Test your DKIM signature (Remember, replace otherdomain.com with your domain). # yum install epel-release opendkim # opendkim-testkey -vvvv -d otherdomain.com -k /var/qmail/control/dkim/otherdomain.com.key -s dkim1 On Sun, Sep 29, 2019 at 7:19 AM ChandranManikandan <[email protected]> wrote: Hi Eric, How do i implement DKIM for my domain. Really need your help. I have followed your 1 step only. do i need to follow all the four steps and how do i configure in DNS server. why the gmail marked into spam folder of my domains emails. Appreciate discussions and help. On Fri, Sep 27, 2019 at 11:51 PM Eric Broch <[email protected]> wrote: DKIM is not DomainKeys On 9/27/2019 3:54 AM, ChandranManikandan wrote: Hi Eric, I have setup Global key (default for all domains)from your link and also configured in dns server then i checked in mxtoolbox and getting the result of the domain key. after that i tried to send an email to gmail it is showing the error. the email header is below. Do i need to follow the all 4 steps. I will wait one day for the dns propagation and will update you. Meanwhile could you look at the message header below. Delivered-To: [email protected] Received: by 2002:ac0:bf91:0:0:0:0:0 with SMTP id o17csp3358759imk; Fri, 27 Sep 2019 02:46:35 -0700 (PDT) X-Google-Smtp-Source: APXvYqxHJMofBlzODo5fRYA7j7xd5qZEt0t2DjgnfAXGA8ChxXq9w+4D0NB8ME1egn3uV3gOsfgn X-Received: by 2002:a65:5043:: with SMTP id k3mr8485146pgo.406.1569577595481; Fri, 27 Sep 2019 02:46:35 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1569577595; cv=none; d=google.com; s=arc-20160816; b=RFuQ52Ha1QndJ/rcALmW4+lfa1pnwK/ZJkH9jaupESEWm1/PtRA9kZyafMuPBecpAg YV9EeqVPixu33bKBCJejpSjM11/GACFlCwfR8pNZA43LWBNH+DhzvduVAFdrtUB0f8c7 +QQxKJQ/hX9Lfjk9AdGzMAUITK23naokgpUGdThCz1pfKgweBZW0TZWbvPdUZp+5FjlX KhldCT1Q76+5Ec5SuxOqmqDpqxsJ8KZRAAdQs6IFm5/wGzrVyH2V7f4aB/AsqKuEtiRd PpWDunYjYGQJwbfUfC5APHTV6OxkiTIhVFSphLJdHu7JHF8AKOo/M4CbzYQeJTqAzvgH zMzQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=importance:content-transfer-encoding:mime-version:user-agent:to :from:subject:date:message-id:dkim-signature; bh=g3zLYH4xKxcPrHOD18z9YfpQcnk/GaJedfustWU5uGs=; b=Q1EqIgKIoYX1ckvl46Hs88ezj8DlGnJ7/hOBQUaBEFimABh9utR16law3oLDNmvNcD O6LbpRcBYuwAimiplbgqWa8r7rQ0lYgbrJuZhJW1aGANQnoA9gZsNYBCIrbIlLtXNsGO xFDWArhAVHM7oAyTjF1gAejKmnmAFgWWWV5rj9LUg02LRwWenn++FOb/8ZkMfblJktag a/Vq/TWD9fx8pJz1b37D7AH2ymS8rdeD0mllY3mOMnRnPYslBxoUPdEny9UXsago21sg BHQKDodcmbNmXG9IqiKmePJxTLqxLM7/M9qajfPv0lP66kstcO15jF8wTwpSMjhYCHfZ zbSg== ARC-Authentication-Results: i=1; mx.google.com; dkim=temperror (no key for signature) [email protected] header.s=dkim1 header.b=ia7qahkm; spf=pass (google.com: domain of [email protected] designates 49.128.33.86 as permitted sender) [email protected]; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=reliancehrconsulting.com Return-Path: <[email protected]> Received: from mail.pan-asia.in ([49.128.33.86]) by mx.google.com with ESMTPS id 70si2236946plc.139.2019.09.27.02.46.34 for <[email protected]> (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Fri, 27 Sep 2019 02:46:35 -0700 (PDT) Received-SPF: pass (google.com: domain of [email protected] designates 49.128.33.86 as permitted sender) client-ip=49.128.33.86; Authentication-Results: mx.google.com; dkim=temperror (no key for signature) [email protected] header.s=dkim1 header.b=ia7qahkm; spf=pass (google.com: domain of [email protected] designates 49.128.33.86 as permitted sender) [email protected]; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=reliancehrconsulting.com DKIM-Signature: v=1; a=rsa-sha1; c=simple; d=mail.pan-asia.in; h= message-id:date:subject:from:to:mime-version:content-type :content-transfer-encoding; s=dkim1; bh=/edzoYuyn17WXm8KeqcX/R+k hdQ=; b=ia7qahkmumkHx2g7FdiBdtJy5mkw5k/iesJrpNPz5Xswk5VIQ8KUGC0O UZPZEc+WCRME/xtYvU+JMG/86y96fy8NDbBZIOnBc9z7kp7EJxNFKt9WIowOGjpE RH6TgnTeFVW8IkRXb+eTZMO8D01wK27fdffYsp1FFf43v16WBak= Received: (qmail 27072 invoked by uid 89); 27 Sep 2019 09:46:33 -0000 Received: from unknown (HELO mail.reliancehrconsulting.com) ([email protected]@127.0.0.1) by mail.pan-asia.in with ESMTPA; 27 Sep 2019 09:46:33 -0000 Received: from 129.126.169.22 (SquirrelMail authenticated user [email protected]) by mail.reliancehrconsulting.com with HTTP; Fri, 27 Sep 2019 17:46:33 +0800 Message-ID: <21567bbff8eb0eb22d4c8b720f400d23.squir...@mail.reliancehrconsulting.com> Date: Fri, 27 Sep 2019 17:46:33 +0800 Subject: test From: [email protected] To: [email protected] User-Agent: SquirrelMail/1.4.22-0.qt.el6 MIME-Version: 1.0 Content-Type: text/plain;charset=iso-8859-1 Content-Transfer-Encoding: 8bit X-Priority: 3 (Normal) Importance: Normal test On Fri, Sep 27, 2019 at 2:53 PM Eric's mail <[email protected]> wrote: http://www.qmailtoaster.com/dkim.html Get Outlook for Android On Thu, Sep 26, 2019 at 10:41 PM -0600, "ChandranManikandan" <[email protected]> wrote: Hi Andy, I have installed DKIM in our server and there is private and public key on our server. I have added the public like below in our dns hosting provider (Godaddy) control panel TXT Host: rhc._domainkey.domainname TXT value: k=rsa; p=private key TTL 1 hour But it's not signed in the email. I have configured MX,SPF,DMARC and DKIM in DNS server settings. Did i made a mistake in DNS settings? Could you help me On Fri, Sep 27, 2019 at 11:50 AM Andrew Swartz <[email protected]> wrote: Your email does not contain a DKIM signature. The ARC* headers are signatures added by gmail after receipt. If you had a DKIM signature, it would be below this part of the header chain: Received: from mail.pan-asia.in ([49.128.33.86]) by mx.google.com with ESMTPS id t6si1129421pgt.557.2019.09.25.21.12.54 for <[email protected]> (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Wed, 25 Sep 2019 21:12:55 -0700 (PDT) Received-SPF: pass (google.com: domain of [email protected] designates 49.128.33.86 as permitted sender) client-ip=49.128.33.86; Authentication-Results: mx.google.com; spf=pass (google.com: domain of [email protected] designates 49.128.33.86 as permitted sender) [email protected]; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=reliancehrconsulting.com That and everything above it was added by gmail. You may have set up the DNS part of DKIM, but your server does not seem to be signing the emails. When you get it working, you can test by sending an email to a reflector, like this: [email protected] It will analyze the smtp session and the email and then email the results back to you. There are several other reflectors listed at the bottom of this page: https://www.cisco.com/c/en/us/support/docs/security/email-security-appliance/118571-technote-esa-00.html Hope this helps, -Andy On 9/25/2019 8:39 PM, ChandranManikandan wrote: Hi Friends, I have tried to send an test email from my domain to gmail. It is going the gmail spam folder and i have configured SPF and DMARC in dns. Could you look at the below message header in gmail and help me to solve this problem. Delivered-To: [email protected] Received: by 2002:ac0:bf91:0:0:0:0:0 with SMTP id o17csp1656435imk; Wed, 25 Sep 2019 21:12:55 -0700 (PDT) X-Google-Smtp-Source: APXvYqxiLedyv3u6JDrnZQHvyrvIcmrH9n2kSrdj3NOCigD3cs53Rm6tgsJPdMbI9UBNqbqOc1Hz X-Received: by 2002:a63:1720:: with SMTP id x32mr1332168pgl.289.1569471175444; Wed, 25 Sep 2019 21:12:55 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1569471175; cv=none; d=google.com; s=arc-20160816; b=JGxA7PMxFt1qrwUPb9SXj40SHUhyOOPo+pENSvAaYhLkzdijEWpCgu5KWAW3yEfvWA a2+Q9sPT9qJQZlwFvFmH4ZRi20KCLo9RMvbkRSW3L/L8Lzztic/OCfj2+o1HKmCKl4gk bPWD4Tv9a/0Zg+EqIFUgJD0QhpFnSXMHmw59RoD3EurAA7zex+55NNRdnS2o7aluru0U dYI9xixpZd276FwfDDy+FLSh5EYuYTmjkXEMEgmbNCMhGQ5WQ9AASzwVyDbXhFt9ixSN JB8MKPw3P8cDyX/+Db1WoflU82H2KbVV+ON4GFhrvDVYkpQiWHbASNVipQfPj2YSItPP g6Ng== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=importance:content-transfer-encoding:mime-version:user-agent:cc:to :from:subject:date:message-id; bh=g3zLYH4xKxcPrHOD18z9YfpQcnk/GaJedfustWU5uGs=; b=XDv2dnoYR6tpeltyJ8tD82IKUIGCs0888LAX5xt4MqpL8IPAcUqA8xYLJvNx+heJH/ 5xT0tBciuRolqjCA7jRI2BSSTGmO7wKoEuuL8uvaYfpxM+7eGTNpnIV0mLH3V9z7SUr0 /Wcr/O3KstHzBxoYgAc71UguXyLG6LarOFgjcxvpVh4k3FbMKXJy+7wDDJC5zCfAcSQr VrmJqYWJsc4VcgFrs0+O024BqMmlrLn5WycmtpLAZ0LP/tflbx4OzMMoL+K3AvpIdccB hHtkCIyNislpUv6EqxxZLvumM2ysFL4Dd7M06ZpBxm5gIA3HVOL33E7JY2YQefIHv/io vIpg== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: domain of [email protected] designates 49.128.33.86 as permitted sender) [email protected]; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=reliancehrconsulting.com Return-Path: <[email protected]> Received: from mail.pan-asia.in ([49.128.33.86]) by mx.google.com with ESMTPS id t6si1129421pgt.557.2019.09.25.21.12.54 for <[email protected]> (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Wed, 25 Sep 2019 21:12:55 -0700 (PDT) Received-SPF: pass (google.com: domain of [email protected] designates 49.128.33.86 as permitted sender) client-ip=49.128.33.86; Authentication-Results: mx.google.com; spf=pass (google.com: domain of [email protected] designates 49.128.33.86 as permitted sender) [email protected]; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=reliancehrconsulting.com Received: (qmail 11583 invoked by uid 89); 26 Sep 2019 04:12:53 -0000 Received: from unknown (HELO mail.reliancehrconsulting.com) ([email protected]@127.0.0.1) by mail.pan-asia.in with ESMTPA; 26 Sep 2019 04:12:53 -0000 Received: from 129.126.169.22 (SquirrelMail authenticated user [email protected]) by mail.reliancehrconsulting.com with HTTP; Thu, 26 Sep 2019 12:12:53 +0800 Message-ID: <afd61f84dae4a2d7454e332d9f725c75.squir...@mail.reliancehrconsulting.com> Date: Thu, 26 Sep 2019 12:12:53 +0800 Subject: test From: [email protected] To: [email protected] Cc: [email protected] User-Agent: SquirrelMail/1.4.22-0.qt.el6 MIME-Version: 1.0 Content-Type: text/plain;charset=iso-8859-1 Content-Transfer-Encoding: 8bit X-Priority: 3 (Normal) Importance: Normal test -- Regards, Manikandan.C -- Regards, Manikandan.C -- Regards, Manikandan.C -- Regards, Manikandan.C -- Regards, Manikandan.C -- Thanks,Manikandan.CSystem Administrator
