Mail is flowing and dkim key is signing outgoing mail? 



Get Outlook for Android







On Thu, Oct 3, 2019 at 5:14 AM -0600, "Chandran Manikandan" 
<tech2m...@gmail.com> wrote:










Hi Eric,
I have done of your advise.the below list of files
-rws--x--x 1 qmailq qmail  50K Apr 15  2014 qmail-dk
-rws--x--x 1 qmailq qmail  27K Apr 15  2014 qmail-queue

There is no link with qmail-queue and qmail-dk and there is no qmail-queue.orig 
file
and tcp.smtp file is like below.
127.:allow,RELAYCLIENT="",RBLSMTPD="",NOP0FCHECK="1"
:allow,BADMIMETYPE="",BADLOADERTYPE="M",CHKUSER_RCPTLIMIT="50",CHKUSER_WRONGRCPTLIMIT="10",NOP0FCHECK="1",QMAILQUEUE="/var/qmail/bin/simscan"

Is it my setup is okay or did i miss anything.
Thanks.
On Mon, Sep 30, 2019 at 11:05 PM Eric Broch <ebr...@whitehorsetc.com> wrote:

  
    
  
  
    

I've removed DomainKeys (not DKIM) from qmail altogether in later
      versions and decided to use a wrapper for DKIM.

    
    

So,
    

If you have below list from /var/qmail/bin 

    
    

# ls -l /var/qmail/bin/qmail-queue
      /var/qmail/bin/qmail-queue.orig /var/qmail/bin/qmail-dk

      -rws--x--x 1 qmailq qmail 52096 Jan 21  2018
      /var/qmail/bin/qmail-dk

      lrwxrwxrwx 1 root   root     23 Jun 14  2018
      /var/qmail/bin/qmail-queue -> /var/qmail/bin/qmail-dk

      -rws--x--x 1 qmailq qmail 27040 Jan 21  2018
      /var/qmail/bin/qmail-queue.orig
    

Stop qmail

    
    

# qmailctl stop

    
    

Remove symlink to qmail-dk 

    
    

# unlink /var/qmail/bin/qmail-queue
    

Move qmail-queue.orig to qmail-queue

    
    

# mv /var/qmail/bin/qmail-queue.orig /var/qmail/bin/qmail-queue
    

Start qmail

    
    

# qmailctl start

    
    

Remove DKSIGN, DKVERIFY, DKQUEUE (DomainKeys) from tcp.smtp.
    

# qmailctl cdb
    



    
    On 9/29/2019 10:56 PM,
      ChandranManikandan wrote:

    
    
      
      Hi Eric,
        

        
        Thanks for your help.
        I have successfully rectified the issue with the following
          your steps above and tested in Gmail account from squirrel
          webmail.
        It is working now.
        

        
        I have notified in /etc/tcprules.d/tcp.smtp file in below
          lines. Do i need amend the lines in this file. please let me
          know.
        

        
        DKSIGN="/var/qmail/control/domainkeys/%/private" 

        
      
      

      
        On Sun, Sep 29, 2019 at 10:47
          PM Eric Broch <ebroch.w...@gmail.com> wrote:

        
        
          
            
              
                
                  
                    
                      
                        Step 2) from http://www.qmailtoaster.com/dkim.html
                        

                        
                        At the command line first create the key
                          and txt record for the domain you want signed
                          (replace otherdomain.com
                          with the domain you want in every command
                          below).
                        So if your domain is mydomain.com the
                          command would be, '# dknewkey
                          /var/qmail/control/dkim/mydomain.com.key 1024
                          > /var/qmail/control/dkim/mydomain.com.txt'
                        
                          # dknewkey
                            /var/qmail/control/dkim/otherdomain.com.key
                            1024 >
                            /var/qmail/control/dkim/otherdomain.com.txt
                          

                          
                          At command line change the selector in
                            the txt record from
                            'otherdomain.com.key._domainkey'  to 
                            'dkim1._domainkey'
                          # perl -pi -e 's/^.*\.key/dkim1/'
                            /var/qmail/control/dkim/otherdomain.com.txt
                          

                          
                          Check the file to see if substitution
                            happened.
                          # cat
                            /var/qmail/control/dkim/otherdomain.com.txt
                             dkim1._domainkey       IN      TXT   
                             "k=rsa; p=******************************"
                          

                          
                          

                          
                          Create DNS TXT record for otherdomain.com
                            using the output from the text file
                            'otherdomain.com.txt' where your DNS
                            settings are managed, usually your ISP (mine
                            are Godaddy).
                             Host                               
                            Text
                             dkim1._domainkey       IN       TXT
                            v=DKIM1; k=rsa; p=*************************
                          

                          
                          Edit the signature file and add your
                            domain. This is what the perl script
                            'qmail-remote' will read and then call the
                            original qmail-remote now renamed to
                            qmail-remote.orig.
                          # vi
                            /var/qmail/control/dkim/signconf.xml 
                            <otherdomain.com
                            domain="otherdomain.com"
keyfile="/var/qmail/control/dkim/otherdomain.com.key"
                            selector="dkim1">
                              <types id="dkim" />
                              <types id="domainkey"
                            method="nofws" />
                            </otherdomain.com>
                          

                          
                          So file looks like this:
                          

                          
                          <dkimsign>
                            <!-- per default sign all mails
                            using dkim -->
                            <global algorithm="rsa-sha1"
                            domain="/var/qmail/control/me"
                            keyfile="/var/qmail/control/dkim/global.key"
                            method="simple" selector="dkim1">
                              <types id="dkim" />
                            </global>
                            <otherdomain.com
                            domain="otherdomain.com"
keyfile="/var/qmail/control/dkim/otherdomain.com.key"
                            selector="dkim1">
                              <types id="dkim" />
                              <types id="domainkey"
                            method="nofws" />
                            </otherdomain.com>
                          </dkimsign>
                        
                        

                        
                        

                        
                        Notes Step 2) Test your DKIM signature
                          (Remember, replace otherdomain.com
                          with your domain).
                        
                          # yum install epel-release opendkim
                          # opendkim-testkey -vvvv -d otherdomain.com 
                            -k
                            /var/qmail/control/dkim/otherdomain.com.key
                            -s dkim1
                        
                      
                    
                  
                
              
            
          
          

          
            On Sun, Sep 29, 2019 at
              7:19 AM ChandranManikandan <kand...@gmail.com> wrote:

            
            
              Hi Eric,
                

                
                How do i implement DKIM for my domain. Really need
                  your help.
                I have followed your 1 step only. do i need to
                  follow all the four steps and how do i configure in
                  DNS server.
                why the gmail marked into spam folder of my domains
                  emails.
                

                
                Appreciate discussions and help.
                

                
              
              

              
                On Fri, Sep 27, 2019
                  at 11:51 PM Eric Broch <ebr...@whitehorsetc.com>
                  wrote:

                
                
                  
                    

DKIM is not DomainKeys
                    



                    
                    On 9/27/2019 3:54 AM, ChandranManikandan wrote:

                    
                    
                      Hi Eric,
                        

                        
                        I have setup Global key (default for
                            all domains)from your link and also
                            configured in dns server then i checked in
                            mxtoolbox and getting the result of the
                            domain key. after that i tried to send an
                            email to gmail it is showing the error. the
                            email header is below.
                        

                          
                        Do i need to follow the all 4 steps.
                        

                        
                        I will wait one day for the
                            dns propagation and will update you.
                        Meanwhile could you look at
                            the message header below.
                        

                        
                        
                          Delivered-To: kand...@gmail.com
Received: by 2002:ac0:bf91:0:0:0:0:0 with SMTP id o17csp3358759imk;
        Fri, 27 Sep 2019 02:46:35 -0700 (PDT)
X-Google-Smtp-Source: 
APXvYqxHJMofBlzODo5fRYA7j7xd5qZEt0t2DjgnfAXGA8ChxXq9w+4D0NB8ME1egn3uV3gOsfgn
X-Received: by 2002:a65:5043:: with SMTP id k3mr8485146pgo.406.1569577595481;
        Fri, 27 Sep 2019 02:46:35 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; t=1569577595; cv=none;
        d=google.com; s=arc-20160816;
        b=RFuQ52Ha1QndJ/rcALmW4+lfa1pnwK/ZJkH9jaupESEWm1/PtRA9kZyafMuPBecpAg
         YV9EeqVPixu33bKBCJejpSjM11/GACFlCwfR8pNZA43LWBNH+DhzvduVAFdrtUB0f8c7
         +QQxKJQ/hX9Lfjk9AdGzMAUITK23naokgpUGdThCz1pfKgweBZW0TZWbvPdUZp+5FjlX
         KhldCT1Q76+5Ec5SuxOqmqDpqxsJ8KZRAAdQs6IFm5/wGzrVyH2V7f4aB/AsqKuEtiRd
         PpWDunYjYGQJwbfUfC5APHTV6OxkiTIhVFSphLJdHu7JHF8AKOo/M4CbzYQeJTqAzvgH
         zMzQ==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; 
s=arc-20160816;
        h=importance:content-transfer-encoding:mime-version:user-agent:to
         :from:subject:date:message-id:dkim-signature;
        bh=g3zLYH4xKxcPrHOD18z9YfpQcnk/GaJedfustWU5uGs=;
        b=Q1EqIgKIoYX1ckvl46Hs88ezj8DlGnJ7/hOBQUaBEFimABh9utR16law3oLDNmvNcD
         O6LbpRcBYuwAimiplbgqWa8r7rQ0lYgbrJuZhJW1aGANQnoA9gZsNYBCIrbIlLtXNsGO
         xFDWArhAVHM7oAyTjF1gAejKmnmAFgWWWV5rj9LUg02LRwWenn++FOb/8ZkMfblJktag
         a/Vq/TWD9fx8pJz1b37D7AH2ymS8rdeD0mllY3mOMnRnPYslBxoUPdEny9UXsago21sg
         BHQKDodcmbNmXG9IqiKmePJxTLqxLM7/M9qajfPv0lP66kstcO15jF8wTwpSMjhYCHfZ
         zbSg==
ARC-Authentication-Results: i=1; mx.google.com;
       dkim=temperror (no key for signature) header.i=@mail.pan-asia.in 
header.s=dkim1 header.b=ia7qahkm;
       spf=pass (google.com: domain of m...@reliancehrconsulting.com designates 
49.128.33.86 as permitted sender) smtp.mailfrom=m...@reliancehrconsulting.com;
       dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=reliancehrconsulting.com
Return-Path: <m...@reliancehrconsulting.com>
Received: from mail.pan-asia.in ([49.128.33.86])
        by mx.google.com with ESMTPS id 70si2236946plc.139.2019.09.27.02.46.34
        for <kand...@gmail.com>
        (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128);
        Fri, 27 Sep 2019 02:46:35 -0700 (PDT)
Received-SPF: pass (google.com: domain of m...@reliancehrconsulting.com 
designates 49.128.33.86 as permitted sender) client-ip=49.128.33.86;
Authentication-Results: mx.google.com;
       dkim=temperror (no key for signature) header.i=@mail.pan-asia.in 
header.s=dkim1 header.b=ia7qahkm;
       spf=pass (google.com: domain of m...@reliancehrconsulting.com designates 
49.128.33.86 as permitted sender) smtp.mailfrom=m...@reliancehrconsulting.com;
       dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=reliancehrconsulting.com
DKIM-Signature: v=1; a=rsa-sha1; c=simple; d=mail.pan-asia.in; h= 
message-id:date:subject:from:to:mime-version:content-type 
:content-transfer-encoding; s=dkim1; bh=/edzoYuyn17WXm8KeqcX/R+k hdQ=; 
b=ia7qahkmumkHx2g7FdiBdtJy5mkw5k/iesJrpNPz5Xswk5VIQ8KUGC0O 
UZPZEc+WCRME/xtYvU+JMG/86y96fy8NDbBZIOnBc9z7kp7EJxNFKt9WIowOGjpE 
RH6TgnTeFVW8IkRXb+eTZMO8D01wK27fdffYsp1FFf43v16WBak=
Received: (qmail 27072 invoked by uid 89); 27 Sep 2019 09:46:33 -0000
Received: from unknown (HELO mail.reliancehrconsulting.com) 
(m...@reliancehrconsulting.com@127.0.0.1)
  by mail.pan-asia.in with ESMTPA; 27 Sep 2019 09:46:33 -0000
Received: from 129.126.169.22
        (SquirrelMail authenticated user m...@reliancehrconsulting.com)
        by mail.reliancehrconsulting.com with HTTP;
        Fri, 27 Sep 2019 17:46:33 +0800
Message-ID: 
<21567bbff8eb0eb22d4c8b720f400d23.squir...@mail.reliancehrconsulting.com>
Date: Fri, 27 Sep 2019 17:46:33 +0800
Subject: test
From: m...@reliancehrconsulting.com
To: kand...@gmail.com
User-Agent: SquirrelMail/1.4.22-0.qt.el6
MIME-Version: 1.0
Content-Type: text/plain;charset=iso-8859-1
Content-Transfer-Encoding: 8bit
X-Priority: 3 (Normal)
Importance: Normal

test

                          

                        
                        

                          
                      
                      

                      
                        On Fri, Sep
                          27, 2019 at 2:53 PM Eric's mail 
<ebr...@whitehorsetc.com>
                          wrote:

                        
                        
                          
                            http://www.qmailtoaster.com/dkim.html

                              

                            
                            
                                Get
                                  Outlook for
                                    Android
                              

                            
                            

                            

                            

                            On Thu, Sep 26,
                              2019 at 10:41 PM -0600,
                              "ChandranManikandan" <kand...@gmail.com>
                              wrote:

                              

                              
                                
                                  Hi Andy,
                                    

                                    
                                    I have installed DKIM in our
                                      server and there is private and
                                      public key on our server.
                                    I have added the public like
                                      below in our dns hosting provider
                                      (Godaddy) control panel
                                    

                                    
                                    TXT
                                    Host: rhc._domainkey.domainname
                                    TXT value:  k=rsa; p=private
                                      key
                                    TTL 1 hour
                                    

                                    
                                    But it's not signed in the
                                      email.
                                    

                                    
                                    I have configured MX,SPF,DMARC
                                      and DKIM in DNS server settings.
                                    

                                    
                                    Did i made a mistake in DNS
                                      settings?
                                    

                                    
                                    Could you help me
                                  
                                  

                                  
                                    On
                                      Fri, Sep 27, 2019 at 11:50 AM
                                      Andrew Swartz <awswa...@acsalaska.net>
                                      wrote:

                                    
                                    
                                      
                                        

Your email does not contain a
                                          DKIM signature.
                                        

The ARC* headers are
                                          signatures added by gmail
                                          after receipt.
                                        

If you had a DKIM signature,
                                          it would be below this part of
                                          the header chain:
                                        Received: from mail.pan-asia.in 
([49.128.33.86])
        by mx.google.com with ESMTPS id t6si1129421pgt.557.2019.09.25.21.12.54
        for <kand...@gmail.com>
        (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128);
        Wed, 25 Sep 2019 21:12:55 -0700 (PDT)
Received-SPF: pass (google.com: domain of m...@reliancehrconsulting.com 
designates 49.128.33.86 as permitted sender) client-ip=49.128.33.86;
Authentication-Results: mx.google.com;
       spf=pass (google.com: domain of m...@reliancehrconsulting.com designates 
49.128.33.86 as permitted sender) smtp.mailfrom=m...@reliancehrconsulting.com;
       dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=reliancehrconsulting.com
                                        



                                        
                                        

That and everything above it
                                          was added by gmail.
                                        

You may have set up the DNS
                                          part of DKIM, but your server
                                          does not seem to be signing
                                          the emails.
                                        

When you get it working, you
                                          can test by sending an email
                                          to a reflector, like this:
                                        

sa-t...@sendmail.net
                                        

It will analyze the smtp
                                          session and the email and then
                                          email the results back to
                                          you.  

                                        
                                        

There are several other
                                          reflectors listed at the
                                          bottom of this page:  

                                        
                                        

https://www.cisco.com/c/en/us/support/docs/security/email-security-appliance/118571-technote-esa-00.html
                                        



                                        
                                        

Hope this helps,
                                        

-Andy
                                        



                                        
                                        



                                        
                                        On 9/25/2019 8:39 PM,
                                          ChandranManikandan wrote:

                                        
                                        
                                          Hi Friends,
                                            

                                            
                                            I have tried to send an
                                              test email from my domain
                                              to gmail.
                                            It is going the gmail
                                              spam folder and i have
                                              configured SPF and DMARC
                                              in dns.
                                            

                                            
                                            Could you look at the
                                              below message header in
                                              gmail and help me to solve
                                              this problem.
                                            
                                              Delivered-To: kand...@gmail.com
Received: by 2002:ac0:bf91:0:0:0:0:0 with SMTP id o17csp1656435imk;
        Wed, 25 Sep 2019 21:12:55 -0700 (PDT)
X-Google-Smtp-Source: 
APXvYqxiLedyv3u6JDrnZQHvyrvIcmrH9n2kSrdj3NOCigD3cs53Rm6tgsJPdMbI9UBNqbqOc1Hz
X-Received: by 2002:a63:1720:: with SMTP id x32mr1332168pgl.289.1569471175444;
        Wed, 25 Sep 2019 21:12:55 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; t=1569471175; cv=none;
        d=google.com; s=arc-20160816;
        b=JGxA7PMxFt1qrwUPb9SXj40SHUhyOOPo+pENSvAaYhLkzdijEWpCgu5KWAW3yEfvWA
         a2+Q9sPT9qJQZlwFvFmH4ZRi20KCLo9RMvbkRSW3L/L8Lzztic/OCfj2+o1HKmCKl4gk
         bPWD4Tv9a/0Zg+EqIFUgJD0QhpFnSXMHmw59RoD3EurAA7zex+55NNRdnS2o7aluru0U
         dYI9xixpZd276FwfDDy+FLSh5EYuYTmjkXEMEgmbNCMhGQ5WQ9AASzwVyDbXhFt9ixSN
         JB8MKPw3P8cDyX/+Db1WoflU82H2KbVV+ON4GFhrvDVYkpQiWHbASNVipQfPj2YSItPP
         g6Ng==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; 
s=arc-20160816;
        h=importance:content-transfer-encoding:mime-version:user-agent:cc:to
         :from:subject:date:message-id;
        bh=g3zLYH4xKxcPrHOD18z9YfpQcnk/GaJedfustWU5uGs=;
        b=XDv2dnoYR6tpeltyJ8tD82IKUIGCs0888LAX5xt4MqpL8IPAcUqA8xYLJvNx+heJH/
         5xT0tBciuRolqjCA7jRI2BSSTGmO7wKoEuuL8uvaYfpxM+7eGTNpnIV0mLH3V9z7SUr0
         /Wcr/O3KstHzBxoYgAc71UguXyLG6LarOFgjcxvpVh4k3FbMKXJy+7wDDJC5zCfAcSQr
         VrmJqYWJsc4VcgFrs0+O024BqMmlrLn5WycmtpLAZ0LP/tflbx4OzMMoL+K3AvpIdccB
         hHtkCIyNislpUv6EqxxZLvumM2ysFL4Dd7M06ZpBxm5gIA3HVOL33E7JY2YQefIHv/io
         vIpg==
ARC-Authentication-Results: i=1; mx.google.com;
       spf=pass (google.com: domain of m...@reliancehrconsulting.com designates 
49.128.33.86 as permitted sender) smtp.mailfrom=m...@reliancehrconsulting.com;
       dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=reliancehrconsulting.com
Return-Path: <m...@reliancehrconsulting.com>
Received: from mail.pan-asia.in ([49.128.33.86])
        by mx.google.com with ESMTPS id t6si1129421pgt.557.2019.09.25.21.12.54
        for <kand...@gmail.com>
        (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128);
        Wed, 25 Sep 2019 21:12:55 -0700 (PDT)
Received-SPF: pass (google.com: domain of m...@reliancehrconsulting.com 
designates 49.128.33.86 as permitted sender) client-ip=49.128.33.86;
Authentication-Results: mx.google.com;
       spf=pass (google.com: domain of m...@reliancehrconsulting.com designates 
49.128.33.86 as permitted sender) smtp.mailfrom=m...@reliancehrconsulting.com;
       dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=reliancehrconsulting.com
Received: (qmail 11583 invoked by uid 89); 26 Sep 2019 04:12:53 -0000
Received: from unknown (HELO mail.reliancehrconsulting.com) 
(m...@reliancehrconsulting.com@127.0.0.1)
  by mail.pan-asia.in with ESMTPA; 26 Sep 2019 04:12:53 -0000
Received: from 129.126.169.22
        (SquirrelMail authenticated user m...@reliancehrconsulting.com)
        by mail.reliancehrconsulting.com with HTTP;
        Thu, 26 Sep 2019 12:12:53 +0800
Message-ID: 
<afd61f84dae4a2d7454e332d9f725c75.squir...@mail.reliancehrconsulting.com>
Date: Thu, 26 Sep 2019 12:12:53 +0800
Subject: test
From: m...@reliancehrconsulting.com
To: kand...@gmail.com
Cc: m...@reliancehrconsulting.com
User-Agent: SquirrelMail/1.4.22-0.qt.el6
MIME-Version: 1.0
Content-Type: text/plain;charset=iso-8859-1
Content-Transfer-Encoding: 8bit
X-Priority: 3 (Normal)
Importance: Normal

test

                                              

                                            
                                            

                                              

                                              
                                              -- 

                                              
                                                
                                                  Regards,

                                                          Manikandan.C

                                                        
                                                
                                              
                                            
                                          
                                        
                                      
                                    
                                  
                                  

                                  

                                  
                                  -- 

                                  
                                    
                                      Regards,

                                              Manikandan.C

                                            
                                    
                                  
                                
                              
                            
                          
                        
                      
                      

                      

                      
                      -- 

                      
                        
                          Regards,

                                  Manikandan.C

                                
                        
                      
                    
                  
                
              
              

              

              
              -- 

              
                
                  Regards,

                          Manikandan.C

                        
                
              
            
          
        
      
      

      

      
      -- 

      
        
          Regards,

                  Manikandan.C

                
        
      
    
  



-- 
Thanks,Manikandan.CSystem Administrator





Reply via email to