[qmailtoaster] Re: Mails getting bounced
Hi Eric/Jake, I had removed Domain Key from my server but I'm still getting below error: : 202.46.201.27 failed after I sent the message. Remote host said: 550 Message does not pass DomainKeys requirements for domain vanaz.com [1] Any help since this is creating problem to me know. Regards, Amit At Monday, 29-03-2010 on 21:53 Eric Shubert wrote: Not at all. Amit Dalia wrote: Eric/Jake, Will re-installing qmail toaster package can solve the problem? Amit At Monday, 29-03-2010 on 21:18 Eric Shubert wrote: Amit, No way to repair qmail-dk, until someone steps up and fixes the code. Check out Jake's videos for a way to use DKIM. In order to disable DK entirely, do: # cd /var/qmail/bin # ln -sf qmail-queue.orig qmail-queue -- -Eric 'shubes' Amit Dalia wrote: Dear Eric, This was outgoing mail from server and occurred first time only. If qmail-dk is broken then is there any way to repair this? Is there any other way to use Domain Key or DKIM with my server? Else how to remove Domain Key from my server. Thanks and regards, Amit At Monday, 29-03-2010 on 20:50 Eric Shubert wrote: Amit Dalia wrote: Dear Team, I have been using Domain Key for one of my domain without any problem from long time. But today 1 server bounced it back mentioning the below error: [] The reason of the delivery failure was: 550 Message does not pass DomainKeys requirements for domain vanaz.com Is my domain key break? Thanks and regards, Amit Perhaps. The qmail-dk program included with QMT is broken in some areas, particularly inbound. While we've been under the impression that signing was working ok, it's entirely possible that there's a bug in there. The safest bet is to simply not use it at all. -- -Eric 'shubes' - Qmailtoaster is sponsored by Vickers Consulting Group (www.vickersconsulting.com) Vickers Consulting Group offers Qmailtoaster support and installations. If you need professional help with your setup, contact them today! - Please visit qmailtoaster.com for the latest news, updates, and packages. To unsubscribe, e-mail: qmailtoaster-list-unsubscr...@qmailtoaster.com For additional commands, e-mail: qmailtoaster-list-h...@qmailtoaster.com -- -Eric 'shubes' - Qmailtoaster is sponsored by Vickers Consulting Group (www.vickersconsulting.com) Vickers Consulting Group offers Qmailtoaster support and installations. If you need professional help with your setup, contact them today! - Please visit qmailtoaster.com for the latest news, updates, and packages. To unsubscribe, e-mail: qmailtoaster-list-unsubscr...@qmailtoaster.com For additional commands, e-mail: qmailtoaster-list-h...@qmailtoaster.com Links: -- [1] http://vanaz.com/
Re: [qmailtoaster] Re: Mails getting bounced
Is it your server rejecting mail or is it your domain got rejected? Let's check - http://domainkeys.sourceforge.net/policycheck.html Testing private._domainkey.vanaz.com New test http://domainkeys.sourceforge.net/policycheck.html No _domainkey TXT record found for private._domainkey.vanaz.com and Testing _domainkey.vanaz.com New test http://domainkeys.sourceforge.net/policycheck.html No _domainkey TXT record found for _domainkey.vanaz.com So there is no policy for vanaz.com, hence this domain would fail domainkey policy on other servers. You need to insert 2 TXT records in vanaz.com DNS. Regards Alex On 05/04/2010 07:21, Amit Dalia wrote: Hi Eric/Jake, I had removed Domain Key from my server but I'm still getting below error: pnq.fitd...@orbit-star.com mailto:pnq.fitd...@orbit-star.com: 202.46.201.27 failed after I sent the message. Remote host said: 550 Message does not pass DomainKeys requirements for domain vanaz.com http://vanaz.com/ Any help since this is creating problem to me know. Regards, Amit At Monday, 29-03-2010 on 21:53 Eric Shubert wrote: Not at all. Amit Dalia wrote: Eric/Jake, Will re-installing qmail toaster package can solve the problem? Amit At Monday, 29-03-2010 on 21:18 Eric Shubert wrote: Amit, No way to repair qmail-dk, until someone steps up and fixes the code. Check out Jake's videos for a way to use DKIM. In order to disable DK entirely, do: # cd /var/qmail/bin # ln -sf qmail-queue.orig qmail-queue -- -Eric 'shubes' Amit Dalia wrote: Dear Eric, This was outgoing mail from server and occurred first time only. If qmail-dk is broken then is there any way to repair this? Is there any other way to use Domain Key or DKIM with my server? Else how to remove Domain Key from my server. Thanks and regards, Amit At Monday, 29-03-2010 on 20:50 Eric Shubert wrote: Amit Dalia wrote: Dear Team, I have been using Domain Key for one of my domain without any problem from long time. But today 1 server bounced it back mentioning the below error: [02] The reason of the delivery failure was: 550 Message does not pass DomainKeys requirements for domain vanaz.com Is my domain key break? Thanks and regards, Amit Perhaps. The qmail-dk program included with QMT is broken in some areas, particularly inbound. While we've been under the impression that signing was working ok, it's entirely possible that there's a bug in there. The safest bet is to simply not use it at all. -- -Eric 'shubes' - Qmailtoaster is sponsored by Vickers Consulting Group (www.vickersconsulting.com) Vickers Consulting Group offers Qmailtoaster support and installations. If you need professional help with your setup, contact them today! - Please visit qmailtoaster.com for the latest news, updates, and packages. To unsubscribe, e-mail: qmailtoaster-list-unsubscr...@qmailtoaster.com For additional commands, e-mail: qmailtoaster-list-h...@qmailtoaster.com -- -Eric 'shubes' - Qmailtoaster is sponsored by Vickers Consulting Group (www.vickersconsulting.com) Vickers Consulting Group offers Qmailtoaster support and installations. If you need professional help with your setup, contact them today! - Please visit qmailtoaster.com for the latest news, updates, and packages. To unsubscribe, e-mail: qmailtoaster-list-unsubscr...@qmailtoaster.com For additional commands, e-mail: qmailtoaster-list-h...@qmailtoaster.com
Re: [qmailtoaster] Re: Mails getting bounced
It is my domain which got rejected. And I had now removed domain key for signing my out going emails. Also I had deleted domain key entries from my DNS Server. Amit At Monday, 05-04-2010 on 14:48 Postmaster wrote: Is it your server rejecting mail or is it your domain got rejected? Let's check - http://domainkeys.sourceforge.net/policycheck.html TESTING PRIVATE._DOMAINKEY.VANAZ.COM New test [1] No _domainkey TXT record found for private._domainkey.vanaz.com and TESTING _DOMAINKEY.VANAZ.COM New test [1] No _domainkey TXT record found for _domainkey.vanaz.com So there is no policy for vanaz.com, hence this domain would fail domainkey policy on other servers. You need to insert 2 TXT records in vanaz.com DNS. Regards Alex On 05/04/2010 07:21, Amit Dalia wrote: Hi Eric/Jake, I had removed Domain Key from my server but I'm still getting below error: : 202.46.201.27 failed after I sent the message. Remote host said: 550 Message does not pass DomainKeys requirements for domain vanaz.com [2] Any help since this is creating problem to me know. Regards, Amit At Monday, 29-03-2010 on 21:53 Eric Shubert wrote: Not at all. Amit Dalia wrote: Eric/Jake, Will re-installing qmail toaster package can solve the problem? Amit At Monday, 29-03-2010 on 21:18 Eric Shubert wrote: Amit, No way to repair qmail-dk, until someone steps up and fixes the code. Check out Jake's videos for a way to use DKIM. In order to disable DK entirely, do: # cd /var/qmail/bin # ln -sf qmail-queue.orig qmail-queue -- -Eric 'shubes' Amit Dalia wrote: Dear Eric, This was outgoing mail from server and occurred first time only. If qmail-dk is broken then is there any way to repair this? Is there any other way to use Domain Key or DKIM with my server? Else how to remove Domain Key from my server. Thanks and regards, Amit At Monday, 29-03-2010 on 20:50 Eric Shubert wrote: Amit Dalia wrote: Dear Team, I have been using Domain Key for one of my domain without any problem from long time. But today 1 server bounced it back mentioning the below error: [] The reason of the delivery failure was: 550 Message does not pass DomainKeys requirements for domain vanaz.com Is my domain key break? Thanks and regards, Amit Perhaps. The qmail-dk program included with QMT is broken in some areas, particularly inbound. While we've been under the impression that signing was working ok, it's entirely possible that there's a bug in there. The safest bet is to simply not use it at all. -- -Eric 'shubes' - Qmailtoaster is sponsored by Vickers Consulting Group (www.vickersconsulting.com [3]) Vickers Consulting Group offers Qmailtoaster support and installations. If you need professional help with your setup, contact them today! - Please visit qmailtoaster.com for the latest news, updates, and packages. To unsubscribe, e-mail: qmailtoaster-list-unsubscr...@qmailtoaster.com For additional commands, e-mail: qmailtoaster-list-h...@qmailtoaster.com -- -Eric 'shubes' - Qmailtoaster is sponsored by Vickers Consulting Group (www.vickersconsulting.com [3]) Vickers Consulting Group offers Qmailtoaster support and installations. If you need professional help with your setup, contact them today! - Please visit qmailtoaster.com for the latest news, updates, and packages. To unsubscribe, e-mail: qmailtoaster-list-unsubscr...@qmailtoaster.com For additional commands, e-mail: qmailtoaster-list-h...@qmailtoaster.com Links: -- [1] http://domainkeys.sourceforge.net/policycheck.html [2] http://vanaz.com/ [3] http://www.vickersconsulting.com
Re: [qmailtoaster] Re: Mails getting bounced
This may not help. You do not have control over the other server and your domain may be rejected if the other server has a strict Domainkey policy. I would recommend to keep qmail-dk and DNS entries unless you have serious problems (qmail-dk is completely broken). Personally, I have not had any issues with Domainkey. Regards Alex On 05/04/2010 10:21, Amit Dalia wrote: It is my domain which got rejected. And I had now removed domain key for signing my out going emails. Also I had deleted domain key entries from my DNS Server. Amit At Monday, 05-04-2010 on 14:48 Postmaster wrote: Is it your server rejecting mail or is it your domain got rejected? Let's check - http://domainkeys.sourceforge.net/policycheck.html Testing private._domainkey.vanaz.com New test http://domainkeys.sourceforge.net/policycheck.html No _domainkey TXT record found for private._domainkey.vanaz.com and Testing _domainkey.vanaz.com New test http://domainkeys.sourceforge.net/policycheck.html No _domainkey TXT record found for _domainkey.vanaz.com So there is no policy for vanaz.com, hence this domain would fail domainkey policy on other servers. You need to insert 2 TXT records in vanaz.com DNS. Regards Alex On 05/04/2010 07:21, Amit Dalia wrote: Hi Eric/Jake, I had removed Domain Key from my server but I'm still getting below error: pnq.fitd...@orbit-star.com mailto:pnq.fitd...@orbit-star.com: 202.46.201.27 failed after I sent the message. Remote host said: 550 Message does not pass DomainKeys requirements for domain vanaz.com http://vanaz.com/ Any help since this is creating problem to me know. Regards, Amit At Monday, 29-03-2010 on 21:53 Eric Shubert wrote: Not at all. Amit Dalia wrote: Eric/Jake, Will re-installing qmail toaster package can solve the problem? Amit At Monday, 29-03-2010 on 21:18 Eric Shubert wrote: Amit, No way to repair qmail-dk, until someone steps up and fixes the code. Check out Jake's videos for a way to use DKIM. In order to disable DK entirely, do: # cd /var/qmail/bin # ln -sf qmail-queue.orig qmail-queue -- -Eric 'shubes' Amit Dalia wrote: Dear Eric, This was outgoing mail from server and occurred first time only. If qmail-dk is broken then is there any way to repair this? Is there any other way to use Domain Key or DKIM with my server? Else how to remove Domain Key from my server. Thanks and regards, Amit At Monday, 29-03-2010 on 20:50 Eric Shubert wrote: Amit Dalia wrote: Dear Team, I have been using Domain Key for one of my domain without any problem from long time. But today 1 server bounced it back mentioning the below error: [02] The reason of the delivery failure was: 550 Message does not pass DomainKeys requirements for domain vanaz.com Is my domain key break? Thanks and regards, Amit Perhaps. The qmail-dk program included with QMT is broken in some areas, particularly inbound. While we've been under the impression that signing was working ok, it's entirely possible that there's a bug in there. The safest bet is to simply not use it at all. -- -Eric 'shubes' - Qmailtoaster is sponsored by Vickers Consulting Group (www.vickersconsulting.com) Vickers Consulting Group offers Qmailtoaster support and installations. If you need professional help with your setup, contact them today! - Please visit qmailtoaster.com for the latest news, updates, and packages. To unsubscribe, e-mail: qmailtoaster-list-unsubscr...@qmailtoaster.com For additional commands, e-mail: qmailtoaster-list-h...@qmailtoaster.com -- -Eric 'shubes' - Qmailtoaster is sponsored by Vickers Consulting Group (www.vickersconsulting.com) Vickers Consulting Group offers
RE: [qmailtoaster] Re: Mails getting bounced
Dear Amit, I think your DNS wasn’t configured properly for DKIM/DomainKeys that’s why you faced this problem. I am using both DKIM and DomainKeys my server and both are working perfectly. You can verify this by looking at the headers of this very mail. Public key text published in the DNS recods takes some time to update and reflect on the global dns servers and one should wait for atleast 3 days for them reflect all around the world. Servers like yahoo etc takes sometime to update their caching dns server and you have to patient till they start reading your public key from the dns records verify signature in the mails. You have not mentioned this in your mail that how long back you published your public in the dns before you checked for domainkey test. If you need any assistance please feel free to contact me on this mailing list. I would love to help. Regards, Anil Aliyan From: Amit Dalia [mailto:a...@ikf.co.in] Sent: Monday, April 05, 2010 2:52 PM To: qmailtoaster-list@qmailtoaster.com Subject: Re: [qmailtoaster] Re: Mails getting bounced It is my domain which got rejected. And I had now removed domain key for signing my out going emails. Also I had deleted domain key entries from my DNS Server. Amit At Monday, 05-04-2010 on 14:48 Postmaster wrote: Is it your server rejecting mail or is it your domain got rejected? Let's check - http://domainkeys.sourceforge.net/policycheck.html Testing private._domainkey.vanaz.com New test http://domainkeys.sourceforge.net/policycheck.html No _domainkey TXT record found for private._domainkey.vanaz.com and Testing _domainkey.vanaz.com New test http://domainkeys.sourceforge.net/policycheck.html No _domainkey TXT record found for _domainkey.vanaz.com So there is no policy for vanaz.com, hence this domain would fail domainkey policy on other servers. You need to insert 2 TXT records in vanaz.com DNS. Regards Alex On 05/04/2010 07:21, Amit Dalia wrote: Hi Eric/Jake, I had removed Domain Key from my server but I'm still getting below error: pnq.fitd...@orbit-star.com: 202.46.201.27 failed after I sent the message. Remote host said: 550 Message does not pass DomainKeys requirements for domain vanaz.com http://vanaz.com/ Any help since this is creating problem to me know. Regards, Amit At Monday, 29-03-2010 on 21:53 Eric Shubert wrote: Not at all. Amit Dalia wrote: Eric/Jake, Will re-installing qmail toaster package can solve the problem? Amit At Monday, 29-03-2010 on 21:18 Eric Shubert wrote: Amit, No way to repair qmail-dk, until someone steps up and fixes the code. Check out Jake's videos for a way to use DKIM. In order to disable DK entirely, do: # cd /var/qmail/bin # ln -sf qmail-queue.orig qmail-queue -- -Eric 'shubes' Amit Dalia wrote: Dear Eric, This was outgoing mail from server and occurred first time only. If qmail-dk is broken then is there any way to repair this? Is there any other way to use Domain Key or DKIM with my server? Else how to remove Domain Key from my server. Thanks and regards, Amit At Monday, 29-03-2010 on 20:50 Eric Shubert wrote: Amit Dalia wrote: Dear Team, I have been using Domain Key for one of my domain without any problem from long time. But today 1 server bounced it back mentioning the below error: [02] The reason of the delivery failure was: 550 Message does not pass DomainKeys requirements for domain vanaz.com Is my domain key break? Thanks and regards, Amit Perhaps. The qmail-dk program included with QMT is broken in some areas, particularly inbound. While we've been under the impression that signing was working ok, it's entirely possible that there's a bug in there. The safest bet is to simply not use it at all. -- -Eric 'shubes' - Qmailtoaster is sponsored by Vickers Consulting Group (www.vickersconsulting.com) Vickers Consulting Group offers Qmailtoaster support and installations. If you need professional help with your setup, contact them today! - Please visit qmailtoaster.com for the latest news, updates, and packages. To unsubscribe, e-mail: qmailtoaster-list-unsubscr...@qmailtoaster.com For additional commands, e-mail: qmailtoaster-list-h...@qmailtoaster.com -- -Eric 'shubes' - Qmailtoaster is sponsored by Vickers Consulting Group (www.vickersconsulting.com) Vickers Consulting Group offers Qmailtoaster support and installations. If you need professional help with your setup, contact them today! - Please visit qmailtoaster.com for the latest news, updates, and
Re: [qmailtoaster] Re: Mails getting bounced
I had removed qmail-dk from my server using ln -sf qmail-queue.orig qmail-queue Now how do re-enable qmail-dk for my server. Regards, Amit At Monday, 05-04-2010 on 15:08 Postmaster wrote: This may not help. You do not have control over the other server and your domain may be rejected if the other server has a strict Domainkey policy. I would recommend to keep qmail-dk and DNS entries unless you have serious problems (qmail-dk is completely broken). Personally, I have not had any issues with Domainkey. Regards Alex On 05/04/2010 10:21, Amit Dalia wrote: It is my domain which got rejected. And I had now removed domain key for signing my out going emails. Also I had deleted domain key entries from my DNS Server. Amit At Monday, 05-04-2010 on 14:48 Postmaster wrote: Is it your server rejecting mail or is it your domain got rejected? Let's check - http://domainkeys.sourceforge.net/policycheck.html TESTING PRIVATE._DOMAINKEY.VANAZ.COM New test [1] No _domainkey TXT record found for private._domainkey.vanaz.com and TESTING _DOMAINKEY.VANAZ.COM New test [1] No _domainkey TXT record found for _domainkey.vanaz.com So there is no policy for vanaz.com, hence this domain would fail domainkey policy on other servers. You need to insert 2 TXT records in vanaz.com DNS. Regards Alex On 05/04/2010 07:21, Amit Dalia wrote: Hi Eric/Jake, I had removed Domain Key from my server but I'm still getting below error: : 202.46.201.27 failed after I sent the message. Remote host said: 550 Message does not pass DomainKeys requirements for domain vanaz.com [2] Any help since this is creating problem to me know. Regards, Amit At Monday, 29-03-2010 on 21:53 Eric Shubert wrote: Not at all. Amit Dalia wrote: Eric/Jake, Will re-installing qmail toaster package can solve the problem? Amit At Monday, 29-03-2010 on 21:18 Eric Shubert wrote: Amit, No way to repair qmail-dk, until someone steps up and fixes the code. Check out Jake's videos for a way to use DKIM. In order to disable DK entirely, do: # cd /var/qmail/bin # ln -sf qmail-queue.orig qmail-queue -- -Eric 'shubes' Amit Dalia wrote: Dear Eric, This was outgoing mail from server and occurred first time only. If qmail-dk is broken then is there any way to repair this? Is there any other way to use Domain Key or DKIM with my server? Else how to remove Domain Key from my server. Thanks and regards, Amit At Monday, 29-03-2010 on 20:50 Eric Shubert wrote: Amit Dalia wrote: Dear Team, I have been using Domain Key for one of my domain without any problem from long time. But today 1 server bounced it back mentioning the below error: [] The reason of the delivery failure was: 550 Message does not pass DomainKeys requirements for domain vanaz.com Is my domain key break? Thanks and regards, Amit Perhaps. The qmail-dk program included with QMT is broken in some areas, particularly inbound. While we've been under the impression that signing was working ok, it's entirely possible that there's a bug in there. The safest bet is to simply not use it at all. -- -Eric 'shubes' - Qmailtoaster is sponsored by Vickers Consulting Group (www.vickersconsulting.com [3]) Vickers Consulting Group offers Qmailtoaster support and installations. If you need professional help with your setup, contact them today! - Please visit qmailtoaster.com for the latest news, updates, and packages. To unsubscribe, e-mail: qmailtoaster-list-unsubscr...@qmailtoaster.com For additional commands, e-mail: qmailtoaster-list-h...@qmailtoaster.com -- -Eric 'shubes' - Qmailtoaster is sponsored by Vickers Consulting Group (www.vickersconsulting.com [3]) Vickers Consulting Group offers Qmailtoaster support and installations. If you need professional help with your setup, contact them today! - Please visit qmailtoaster.com for the latest news, updates, and packages. To unsubscribe, e-mail: qmailtoaster-list-unsubscr...@qmailtoaster.com For additional commands, e-mail: qmailtoaster-list-h...@qmailtoaster.com Links: -- [1] http://domainkeys.sourceforge.net/policycheck.html [2] http://vanaz.com/ [3] http://www.vickersconsulting.com
Re: [qmailtoaster] Re: Mails getting bounced
Issue the following command: ln -sf qmail-dk qmail-queue Restart qmail and do not forget to insert two TXT records into your DNS and make sure you have done it in a right way. This would help you to test it: http://domainkeys.sourceforge.net/policycheck.html http://domainkeys.sourceforge.net Also refer to qmailtoaster wiki. Regards Alex On 05/04/2010 10:57, Amit Dalia wrote: I had removed qmail-dk from my server using ln -sf qmail-queue.orig qmail-queue Now how do re-enable qmail-dk for my server. Regards, Amit At Monday, 05-04-2010 on 15:08 Postmaster wrote: This may not help. You do not have control over the other server and your domain may be rejected if the other server has a strict Domainkey policy. I would recommend to keep qmail-dk and DNS entries unless you have serious problems (qmail-dk is completely broken). Personally, I have not had any issues with Domainkey. Regards Alex On 05/04/2010 10:21, Amit Dalia wrote: It is my domain which got rejected. And I had now removed domain key for signing my out going emails. Also I had deleted domain key entries from my DNS Server. Amit At Monday, 05-04-2010 on 14:48 Postmaster wrote: Is it your server rejecting mail or is it your domain got rejected? Let's check - http://domainkeys.sourceforge.net/policycheck.html Testing private._domainkey.vanaz.com New test http://domainkeys.sourceforge.net/policycheck.html No _domainkey TXT record found for private._domainkey.vanaz.com and Testing _domainkey.vanaz.com New test http://domainkeys.sourceforge.net/policycheck.html No _domainkey TXT record found for _domainkey.vanaz.com So there is no policy for vanaz.com, hence this domain would fail domainkey policy on other servers. You need to insert 2 TXT records in vanaz.com DNS. Regards Alex On 05/04/2010 07:21, Amit Dalia wrote: Hi Eric/Jake, I had removed Domain Key from my server but I'm still getting below error: pnq.fitd...@orbit-star.com mailto:pnq.fitd...@orbit-star.com: 202.46.201.27 failed after I sent the message. Remote host said: 550 Message does not pass DomainKeys requirements for domain vanaz.com http://vanaz.com/ Any help since this is creating problem to me know. Regards, Amit At Monday, 29-03-2010 on 21:53 Eric Shubert wrote: Not at all. Amit Dalia wrote: Eric/Jake, Will re-installing qmail toaster package can solve the problem? Amit At Monday, 29-03-2010 on 21:18 Eric Shubert wrote: Amit, No way to repair qmail-dk, until someone steps up and fixes the code. Check out Jake's videos for a way to use DKIM. In order to disable DK entirely, do: # cd /var/qmail/bin # ln -sf qmail-queue.orig qmail-queue -- -Eric 'shubes' Amit Dalia wrote: Dear Eric, This was outgoing mail from server and occurred first time only. If qmail-dk is broken then is there any way to repair this? Is there any other way to use Domain Key or DKIM with my server? Else how to remove Domain Key from my server. Thanks and regards, Amit At Monday, 29-03-2010 on 20:50 Eric Shubert wrote: Amit Dalia wrote: Dear Team, I have been using Domain Key for one of my domain without any problem from long time. But today 1 server bounced it back mentioning the below error: [02] The reason of the delivery failure was: 550 Message does not pass DomainKeys requirements for domain vanaz.com Is my domain key break? Thanks and regards, Amit Perhaps. The qmail-dk program included with QMT is broken in some areas, particularly inbound. While we've been under the impression that signing was working ok, it's entirely possible that there's a bug in there. The safest bet is to simply not use it at all.
RE: [qmailtoaster] Re: Mails getting bounced
Once you are done as Alex said below. Install the dkim package attached with this mail and then let me know how to configure DKIM and Domainkeys all together. Regards, Anil Aliyan From: Postmaster [mailto:postmas...@seawise-chartering.co.uk] Sent: Monday, April 05, 2010 3:34 PM To: qmailtoaster-list@qmailtoaster.com Subject: Re: [qmailtoaster] Re: Mails getting bounced Issue the following command: ln -sf qmail-dk qmail-queue Restart qmail and do not forget to insert two TXT records into your DNS and make sure you have done it in a right way. This would help you to test it: http://domainkeys.sourceforge.net/policycheck.html http://domainkeys.sourceforge.net http://domainkeys.sourceforge.net/policycheck.html Also refer to qmailtoaster wiki. Regards Alex On 05/04/2010 10:57, Amit Dalia wrote: I had removed qmail-dk from my server using ln -sf qmail-queue.orig qmail-queue Now how do re-enable qmail-dk for my server. Regards, Amit At Monday, 05-04-2010 on 15:08 Postmaster wrote: This may not help. You do not have control over the other server and your domain may be rejected if the other server has a strict Domainkey policy. I would recommend to keep qmail-dk and DNS entries unless you have serious problems (qmail-dk is completely broken). Personally, I have not had any issues with Domainkey. Regards Alex On 05/04/2010 10:21, Amit Dalia wrote: It is my domain which got rejected. And I had now removed domain key for signing my out going emails. Also I had deleted domain key entries from my DNS Server. Amit At Monday, 05-04-2010 on 14:48 Postmaster wrote: Is it your server rejecting mail or is it your domain got rejected? Let's check - http://domainkeys.sourceforge.net/policycheck.html Testing private._domainkey.vanaz.com New test http://domainkeys.sourceforge.net/policycheck.html No _domainkey TXT record found for private._domainkey.vanaz.com and Testing _domainkey.vanaz.com New test http://domainkeys.sourceforge.net/policycheck.html No _domainkey TXT record found for _domainkey.vanaz.com So there is no policy for vanaz.com, hence this domain would fail domainkey policy on other servers. You need to insert 2 TXT records in vanaz.com DNS. Regards Alex On 05/04/2010 07:21, Amit Dalia wrote: Hi Eric/Jake, I had removed Domain Key from my server but I'm still getting below error: pnq.fitd...@orbit-star.com: 202.46.201.27 failed after I sent the message. Remote host said: 550 Message does not pass DomainKeys requirements for domain vanaz.com http://vanaz.com/ Any help since this is creating problem to me know. Regards, Amit At Monday, 29-03-2010 on 21:53 Eric Shubert wrote: Not at all. Amit Dalia wrote: Eric/Jake, Will re-installing qmail toaster package can solve the problem? Amit At Monday, 29-03-2010 on 21:18 Eric Shubert wrote: Amit, No way to repair qmail-dk, until someone steps up and fixes the code. Check out Jake's videos for a way to use DKIM. In order to disable DK entirely, do: # cd /var/qmail/bin # ln -sf qmail-queue.orig qmail-queue -- -Eric 'shubes' Amit Dalia wrote: Dear Eric, This was outgoing mail from server and occurred first time only. If qmail-dk is broken then is there any way to repair this? Is there any other way to use Domain Key or DKIM with my server? Else how to remove Domain Key from my server. Thanks and regards, Amit At Monday, 29-03-2010 on 20:50 Eric Shubert wrote: Amit Dalia wrote: Dear Team, I have been using Domain Key for one of my domain without any problem from long time. But today 1 server bounced it back mentioning the below error: [02] The reason of the delivery failure was: 550 Message does not pass DomainKeys requirements for domain vanaz.com Is my domain key break? Thanks and regards, Amit Perhaps. The qmail-dk program included with QMT is broken in some areas, particularly inbound. While we've been under the impression that signing was working ok, it's entirely possible that there's a bug in there. The safest bet is to simply not use it at all. -- -Eric 'shubes' - Qmailtoaster is sponsored by Vickers Consulting Group (www.vickersconsulting.com) Vickers Consulting Group offers Qmailtoaster support and installations. If you need professional help with your setup, contact them today! - Please visit qmailtoaster.com for the latest news, updates, and packages. To unsubscribe, e-mail: qmailtoaster-list-unsubscr...@qmailtoaster.com For additional commands, e-mail: qmailtoaster-list-h...@qmailtoaster.com -- -Eric 'shubes' - Qmailtoaster is sponsored by Vickers Consulting Group
RE: [qmailtoaster] Re: Mails getting bounced
I am sorry I mean to say once you are done with as Alex said then let me know and I’ll tell you how to configure the DKIM and Domainkeys for ur domains. I have learnt all this from the qmailtoaster videos made by Jake. Regards, Anil Aliyan From: Anil Aliyan [mailto:acali...@gnvfc.net] Sent: Monday, April 05, 2010 3:43 PM To: qmailtoaster-list@qmailtoaster.com Subject: RE: [qmailtoaster] Re: Mails getting bounced Once you are done as Alex said below. Install the dkim package attached with this mail and then let me know how to configure DKIM and Domainkeys all together. Regards, Anil Aliyan From: Postmaster [mailto:postmas...@seawise-chartering.co.uk] Sent: Monday, April 05, 2010 3:34 PM To: qmailtoaster-list@qmailtoaster.com Subject: Re: [qmailtoaster] Re: Mails getting bounced Issue the following command: ln -sf qmail-dk qmail-queue Restart qmail and do not forget to insert two TXT records into your DNS and make sure you have done it in a right way. This would help you to test it: http://domainkeys.sourceforge.net/policycheck.html http://domainkeys.sourceforge.net http://domainkeys.sourceforge.net/policycheck.html Also refer to qmailtoaster wiki. Regards Alex On 05/04/2010 10:57, Amit Dalia wrote: I had removed qmail-dk from my server using ln -sf qmail-queue.orig qmail-queue Now how do re-enable qmail-dk for my server. Regards, Amit At Monday, 05-04-2010 on 15:08 Postmaster wrote: This may not help. You do not have control over the other server and your domain may be rejected if the other server has a strict Domainkey policy. I would recommend to keep qmail-dk and DNS entries unless you have serious problems (qmail-dk is completely broken). Personally, I have not had any issues with Domainkey. Regards Alex On 05/04/2010 10:21, Amit Dalia wrote: It is my domain which got rejected. And I had now removed domain key for signing my out going emails. Also I had deleted domain key entries from my DNS Server. Amit At Monday, 05-04-2010 on 14:48 Postmaster wrote: Is it your server rejecting mail or is it your domain got rejected? Let's check - http://domainkeys.sourceforge.net/policycheck.html Testing private._domainkey.vanaz.com New test http://domainkeys.sourceforge.net/policycheck.html No _domainkey TXT record found for private._domainkey.vanaz.com and Testing _domainkey.vanaz.com New test http://domainkeys.sourceforge.net/policycheck.html No _domainkey TXT record found for _domainkey.vanaz.com So there is no policy for vanaz.com, hence this domain would fail domainkey policy on other servers. You need to insert 2 TXT records in vanaz.com DNS. Regards Alex On 05/04/2010 07:21, Amit Dalia wrote: Hi Eric/Jake, I had removed Domain Key from my server but I'm still getting below error: pnq.fitd...@orbit-star.com: 202.46.201.27 failed after I sent the message. Remote host said: 550 Message does not pass DomainKeys requirements for domain vanaz.com http://vanaz.com/ Any help since this is creating problem to me know. Regards, Amit At Monday, 29-03-2010 on 21:53 Eric Shubert wrote: Not at all. Amit Dalia wrote: Eric/Jake, Will re-installing qmail toaster package can solve the problem? Amit At Monday, 29-03-2010 on 21:18 Eric Shubert wrote: Amit, No way to repair qmail-dk, until someone steps up and fixes the code. Check out Jake's videos for a way to use DKIM. In order to disable DK entirely, do: # cd /var/qmail/bin # ln -sf qmail-queue.orig qmail-queue -- -Eric 'shubes' Amit Dalia wrote: Dear Eric, This was outgoing mail from server and occurred first time only. If qmail-dk is broken then is there any way to repair this? Is there any other way to use Domain Key or DKIM with my server? Else how to remove Domain Key from my server. Thanks and regards, Amit At Monday, 29-03-2010 on 20:50 Eric Shubert wrote: Amit Dalia wrote: Dear Team, I have been using Domain Key for one of my domain without any problem from long time. But today 1 server bounced it back mentioning the below error: [02] The reason of the delivery failure was: 550 Message does not pass DomainKeys requirements for domain vanaz.com Is my domain key break? Thanks and regards, Amit Perhaps. The qmail-dk program included with QMT is broken in some areas, particularly inbound. While we've been under the impression that signing was working ok, it's entirely possible that there's a bug in there. The safest bet is to simply not use it at all. -- -Eric 'shubes' - Qmailtoaster is sponsored by Vickers Consulting Group (www.vickersconsulting.com) Vickers Consulting Group offers Qmailtoaster support and installations. If you need professional help with your setup, contact them today!
Re: [qmailtoaster] Re: Mails getting bounced
Dear Anil/Alex, Please check the link below: http://domainkeys.sourceforge.net/cgi-bin/check_policy?domain=vanaz.comSubmit=Submit http://domainkeys.sourceforge.net/cgi-bin/check_selector?selector=private._domainkey.vanaz.comSubmit=Submit Anyway I will proceed for DKIM installation now. Thanks and regards, Amit At Monday, 05-04-2010 on 15:34 Postmaster wrote: Issue the following command: ln -sf qmail-dk qmail-queue Restart qmail and do not forget to insert two TXT records into your DNS and make sure you have done it in a right way. This would help you to test it: http://domainkeys.sourceforge.net/policycheck.html http://domainkeys.sourceforge.net [1] Also refer to qmailtoaster wiki. Regards Alex On 05/04/2010 10:57, Amit Dalia wrote: I had removed qmail-dk from my server using ln -sf qmail-queue.orig qmail-queue Now how do re-enable qmail-dk for my server. Regards, Amit At Monday, 05-04-2010 on 15:08 Postmaster wrote: This may not help. You do not have control over the other server and your domain may be rejected if the other server has a strict Domainkey policy. I would recommend to keep qmail-dk and DNS entries unless you have serious problems (qmail-dk is completely broken). Personally, I have not had any issues with Domainkey. Regards Alex On 05/04/2010 10:21, Amit Dalia wrote: It is my domain which got rejected. And I had now removed domain key for signing my out going emails. Also I had deleted domain key entries from my DNS Server. Amit At Monday, 05-04-2010 on 14:48 Postmaster wrote: Is it your server rejecting mail or is it your domain got rejected? Let's check - http://domainkeys.sourceforge.net/policycheck.html TESTING PRIVATE._DOMAINKEY.VANAZ.COM New test [1] No _domainkey TXT record found for private._domainkey.vanaz.com and TESTING _DOMAINKEY.VANAZ.COM New test [1] No _domainkey TXT record found for _domainkey.vanaz.com So there is no policy for vanaz.com, hence this domain would fail domainkey policy on other servers. You need to insert 2 TXT records in vanaz.com DNS. Regards Alex On 05/04/2010 07:21, Amit Dalia wrote: Hi Eric/Jake, I had removed Domain Key from my server but I'm still getting below error: : 202.46.201.27 failed after I sent the message. Remote host said: 550 Message does not pass DomainKeys requirements for domain vanaz.com [2] Any help since this is creating problem to me know. Regards, Amit At Monday, 29-03-2010 on 21:53 Eric Shubert wrote: Not at all. Amit Dalia wrote: Eric/Jake, Will re-installing qmail toaster package can solve the problem? Amit At Monday, 29-03-2010 on 21:18 Eric Shubert wrote: Amit, No way to repair qmail-dk, until someone steps up and fixes the code. Check out Jake's videos for a way to use DKIM. In order to disable DK entirely, do: # cd /var/qmail/bin # ln -sf qmail-queue.orig qmail-queue -- -Eric 'shubes' Amit Dalia wrote: Dear Eric, This was outgoing mail from server and occurred first time only. If qmail-dk is broken then is there any way to repair this? Is there any other way to use Domain Key or DKIM with my server? Else how to remove Domain Key from my server. Thanks and regards, Amit At Monday, 29-03-2010 on 20:50 Eric Shubert wrote: Amit Dalia wrote: Dear Team, I have been using Domain Key for one of my domain without any problem from long time. But today 1 server bounced it back mentioning the below error: [] The reason of the delivery failure was: 550 Message does not pass DomainKeys requirements for domain vanaz.com Is my domain key break? Thanks and regards, Amit Perhaps. The qmail-dk program included with QMT is broken in some areas, particularly inbound. While we've been under the impression that signing was working ok, it's entirely possible that there's a bug in there. The safest bet is to simply not use it at all. -- -Eric 'shubes' - Qmailtoaster is sponsored by Vickers Consulting Group (www.vickersconsulting.com [3]) Vickers Consulting Group offers Qmailtoaster support and installations. If you need professional help with your setup, contact them today! - Please visit qmailtoaster.com for the latest news, updates, and packages. To unsubscribe, e-mail: qmailtoaster-list-unsubscr...@qmailtoaster.com For additional commands, e-mail: qmailtoaster-list-h...@qmailtoaster.com -- -Eric 'shubes' - Qmailtoaster is sponsored by Vickers Consulting Group (www.vickersconsulting.com [3]) Vickers Consulting Group offers Qmailtoaster support and installations. If you need professional help with your setup, contact them today!
RE: [qmailtoaster] Re: Mails getting bounced
Dear Amit, Your DNS entry has one problem. You have k=rsa; twice in you DNS entry please remove one k=rsa; from the DNS entry. private._domainkey.vanaz.com New test http://domainkeys.sourceforge.net/selectorcheck.html TXT Record length = 120 k=rsa; k=rsa; p=MEwwDQYJKoZIhvcNAQEBBQADOwAwOAIxAMOyyYU7C8EPAq5QMKFXWuaEbtS/uCSB ...aKlCU8bNlpTcIyVZxDvoQJra6um3v9mc5QIDAQAB This selector is in error: TagValue# 2, Tag 'k': Duplicate token at position 1 Regards, Anil Aliyan From: Amit Dalia [mailto:a...@ikf.co.in] Sent: Monday, April 05, 2010 4:20 PM To: qmailtoaster-list@qmailtoaster.com Subject: Re: [qmailtoaster] Re: Mails getting bounced Dear Anil/Alex, Please check the link below: http://domainkeys.sourceforge.net/cgi-bin/check_policy?domain=vanaz.comSubmit=Submit http://domainkeys.sourceforge.net/cgi-bin/check_selector?selector=private._domainkey.vanaz.comSubmit=Submit Anyway I will proceed for DKIM installation now. Thanks and regards, Amit At Monday, 05-04-2010 on 15:34 Postmaster wrote: Issue the following command: ln -sf qmail-dk qmail-queue Restart qmail and do not forget to insert two TXT records into your DNS and make sure you have done it in a right way. This would help you to test it: http://domainkeys.sourceforge.net/policycheck.html http://domainkeys.sourceforge.net http://domainkeys.sourceforge.net/policycheck.html Also refer to qmailtoaster wiki. Regards Alex On 05/04/2010 10:57, Amit Dalia wrote: I had removed qmail-dk from my server using ln -sf qmail-queue.orig qmail-queue Now how do re-enable qmail-dk for my server. Regards, Amit At Monday, 05-04-2010 on 15:08 Postmaster wrote: This may not help. You do not have control over the other server and your domain may be rejected if the other server has a strict Domainkey policy. I would recommend to keep qmail-dk and DNS entries unless you have serious problems (qmail-dk is completely broken). Personally, I have not had any issues with Domainkey. Regards Alex On 05/04/2010 10:21, Amit Dalia wrote: It is my domain which got rejected. And I had now removed domain key for signing my out going emails. Also I had deleted domain key entries from my DNS Server. Amit At Monday, 05-04-2010 on 14:48 Postmaster wrote: Is it your server rejecting mail or is it your domain got rejected? Let's check - http://domainkeys.sourceforge.net/policycheck.html Testing private._domainkey.vanaz.com New test http://domainkeys.sourceforge.net/policycheck.html No _domainkey TXT record found for private._domainkey.vanaz.com and Testing _domainkey.vanaz.com New test http://domainkeys.sourceforge.net/policycheck.html No _domainkey TXT record found for _domainkey.vanaz.com So there is no policy for vanaz.com, hence this domain would fail domainkey policy on other servers. You need to insert 2 TXT records in vanaz.com DNS. Regards Alex On 05/04/2010 07:21, Amit Dalia wrote: Hi Eric/Jake, I had removed Domain Key from my server but I'm still getting below error: pnq.fitd...@orbit-star.com: 202.46.201.27 failed after I sent the message. Remote host said: 550 Message does not pass DomainKeys requirements for domain vanaz.com http://vanaz.com/ Any help since this is creating problem to me know. Regards, Amit At Monday, 29-03-2010 on 21:53 Eric Shubert wrote: Not at all. Amit Dalia wrote: Eric/Jake, Will re-installing qmail toaster package can solve the problem? Amit At Monday, 29-03-2010 on 21:18 Eric Shubert wrote: Amit, No way to repair qmail-dk, until someone steps up and fixes the code. Check out Jake's videos for a way to use DKIM. In order to disable DK entirely, do: # cd /var/qmail/bin # ln -sf qmail-queue.orig qmail-queue -- -Eric 'shubes' Amit Dalia wrote: Dear Eric, This was outgoing mail from server and occurred first time only. If qmail-dk is broken then is there any way to repair this? Is there any other way to use Domain Key or DKIM with my server? Else how to remove Domain Key from my server. Thanks and regards, Amit At Monday, 29-03-2010 on 20:50 Eric Shubert wrote: Amit Dalia wrote: Dear Team, I have been using Domain Key for one of my domain without any problem from long time. But today 1 server bounced it back mentioning the below error: [02] The reason of the delivery failure was: 550 Message does not pass DomainKeys requirements for domain vanaz.com Is my domain key break? Thanks and regards, Amit Perhaps. The qmail-dk program included with QMT is broken in some areas, particularly inbound. While we've been under the impression that signing was working ok, it's entirely possible that there's a bug in there. The safest bet is to simply not use it at all. -- -Eric 'shubes' - Qmailtoaster is sponsored by Vickers
RE: [qmailtoaster] Re: Mails getting bounced
Dear Anil, Yes I saw that and modified it on my DNS server. Also I had setup DKIM for my server as per Jake Video on settuping up DKIM. I think, I have to check it know whether its working or not, so how can I check it? Regards, Amit At Monday, 05-04-2010 on 17:04 Anil Aliyan wrote: Dear Amit, Your DNS entry has one problem. You have k=rsa; twice in you DNS entry please remove one k=rsa; from the DNS entry. PRIVATE._DOMAINKEY.VANAZ.COM New test [1] TXT Record length = 120 K=RSA; K=RSA; p=MEwwDQYJKoZIhvcNAQEBBQADOwAwOAIxAMOyyYU7C8EPAq5QMKFXWuaEbtS/uCSB ...aKlCU8bNlpTcIyVZxDvoQJra6um3v9mc5QIDAQAB THIS SELECTOR IS IN ERROR: TAGVALUE# 2, TAG \'K\': DUPLICATE TOKEN AT POSITION 1 Regards, Anil Aliyan FROM: Amit Dalia [mailto:a...@ikf.co.in] SENT: Monday, April 05, 2010 4:20 PM TO: qmailtoaster-list@qmailtoaster.com SUBJECT: Re: [qmailtoaster] Re: Mails getting bounced Dear Anil/Alex, Please check the link below: http://domainkeys.sourceforge.net/cgi-bin/check_policy?domain=vanaz.comSubmit=Submit http://domainkeys.sourceforge.net/cgi-bin/check_selector?selector=private._domainkey.vanaz.comSubmit=Submit Anyway I will proceed for DKIM installation now. Thanks and regards, Amit At Monday, 05-04-2010 on 15:34 Postmaster wrote: Issue the following command: ln -sf qmail-dk qmail-queue Restart qmail and do not forget to insert two TXT records into your DNS and make sure you have done it in a right way. This would help you to test it: http://domainkeys.sourceforge.net/policycheck.html http://domainkeys.sourceforge.net [2] Also refer to qmailtoaster wiki. Regards Alex On 05/04/2010 10:57, Amit Dalia wrote: I had removed qmail-dk from my server using ln -sf qmail-queue.orig qmail-queue Now how do re-enable qmail-dk for my server. Regards, Amit At Monday, 05-04-2010 on 15:08 Postmaster wrote: This may not help. You do not have control over the other server and your domain may be rejected if the other server has a strict Domainkey policy. I would recommend to keep qmail-dk and DNS entries unless you have serious problems (qmail-dk is completely broken). Personally, I have not had any issues with Domainkey. Regards Alex On 05/04/2010 10:21, Amit Dalia wrote: It is my domain which got rejected. And I had now removed domain key for signing my out going emails. Also I had deleted domain key entries from my DNS Server. Amit At Monday, 05-04-2010 on 14:48 Postmaster wrote: Is it your server rejecting mail or is it your domain got rejected? Let's check - http://domainkeys.sourceforge.net/policycheck.html TESTING PRIVATE._DOMAINKEY.VANAZ.COM New test [2] No _domainkey TXT record found for private._domainkey.vanaz.com and TESTING _DOMAINKEY.VANAZ.COM New test [2] No _domainkey TXT record found for _domainkey.vanaz.com So there is no policy for vanaz.com, hence this domain would fail domainkey policy on other servers. You need to insert 2 TXT records in vanaz.com DNS. Regards Alex On 05/04/2010 07:21, Amit Dalia wrote: Hi Eric/Jake, I had removed Domain Key from my server but I'm still getting below error: : 202.46.201.27 failed after I sent the message. Remote host said: 550 Message does not pass DomainKeys requirements for domain vanaz.com [3] Any help since this is creating problem to me know. Regards, Amit At Monday, 29-03-2010 on 21:53 Eric Shubert wrote: Not at all. Amit Dalia wrote: Eric/Jake, Will re-installing qmail toaster package can solve the problem? Amit At Monday, 29-03-2010 on 21:18 Eric Shubert wrote: Amit, No way to repair qmail-dk, until someone steps up and fixes the code. Check out Jake's videos for a way to use DKIM. In order to disable DK entirely, do: # cd /var/qmail/bin # ln -sf qmail-queue.orig qmail-queue -- -Eric 'shubes' Amit Dalia wrote: Dear Eric, This was outgoing mail from server and occurred first time only. If qmail-dk is broken then is there any way to repair this? Is there any other way to use Domain Key or DKIM with my server? Else how to remove Domain Key from my server. Thanks and regards, Amit At Monday, 29-03-2010 on 20:50 Eric Shubert wrote: Amit Dalia wrote: Dear Team, I have been using Domain Key for one of my domain without any problem from long time. But today 1 server bounced it back mentioning the below error: [] The reason of the delivery failure was: 550 Message does not pass DomainKeys requirements for domain vanaz.com Is my domain key break? Thanks and regards, Amit Perhaps. The qmail-dk program included with QMT is broken in some areas, particularly inbound. While we've been under the impression that signing was working ok, it's entirely possible that there's a bug in there. The safest bet is to simply not use it at all. -- -Eric 'shubes' - Qmailtoaster is sponsored
Re: [qmailtoaster] Re: Mails getting bounced
There is another problem. You should have two entries for Domainkeys and one entry for DKIM: Domainkey: - _domainkey.vanaz.com - private._domainkey.vanaz.com Please refer to http://wiki.qmailtoaster.com/index.php/Domainkeys DKIM: - dkim1._domainkey.vanaz.com Please refer to video.qmailtoaster.com One of your TXT records is for vanaz.com rather than _domainkey.vanaz.com - please correct it. Once again see the above link about Domiankeys on how to setup your DNS. Regards Alex On 05/04/2010 12:34, Anil Aliyan wrote: Dear Amit, Your DNS entry has one problem. You have k=rsa; twice in you DNS entry please remove one k=rsa; from the DNS entry. private._domainkey.vanaz.com New test http://domainkeys.sourceforge.net/selectorcheck.html TXT Record length = 120 *k=rsa; k=rsa;* p=MEwwDQYJKoZIhvcNAQEBBQADOwAwOAIxAMOyyYU7C8EPAq5QMKFXWuaEbtS/uCSB ...aKlCU8bNlpTcIyVZxDvoQJra6um3v9mc5QIDAQAB *This selector is in error: TagValue# 2, Tag 'k': Duplicate token at position 1* Regards, Anil Aliyan *From:* Amit Dalia [mailto:a...@ikf.co.in] *Sent:* Monday, April 05, 2010 4:20 PM *To:* qmailtoaster-list@qmailtoaster.com *Subject:* Re: [qmailtoaster] Re: Mails getting bounced Dear Anil/Alex, Please check the link below: http://domainkeys.sourceforge.net/cgi-bin/check_policy?domain=vanaz.comSubmit=Submit http://domainkeys.sourceforge.net/cgi-bin/check_selector?selector=private._domainkey.vanaz.comSubmit=Submit Anyway I will proceed for DKIM installation now. Thanks and regards, Amit At Monday, 05-04-2010 on 15:34 Postmaster wrote: Issue the following command: ln -sf qmail-dk qmail-queue Restart qmail and do not forget to insert two TXT records into your DNS and make sure you have done it in a right way. This would help you to test it: http://domainkeys.sourceforge.net/policycheck.html http://domainkeys.sourceforge.net http://domainkeys.sourceforge.net/policycheck.html Also refer to qmailtoaster wiki. Regards Alex On 05/04/2010 10:57, Amit Dalia wrote: I had removed qmail-dk from my server using ln -sf qmail-queue.orig qmail-queue Now how do re-enable qmail-dk for my server. Regards, Amit At Monday, 05-04-2010 on 15:08 Postmaster wrote: This may not help. You do not have control over the other server and your domain may be rejected if the other server has a strict Domainkey policy. I would recommend to keep qmail-dk and DNS entries unless you have serious problems (qmail-dk is completely broken). Personally, I have not had any issues with Domainkey. Regards Alex On 05/04/2010 10:21, Amit Dalia wrote: It is my domain which got rejected. And I had now removed domain key for signing my out going emails. Also I had deleted domain key entries from my DNS Server. Amit At Monday, 05-04-2010 on 14:48 Postmaster wrote: Is it your server rejecting mail or is it your domain got rejected? Let's check - http://domainkeys.sourceforge.net/policycheck.html Testing private._domainkey.vanaz.com New test http://domainkeys.sourceforge.net/policycheck.html No _domainkey TXT record found for private._domainkey.vanaz.com and Testing _domainkey.vanaz.com New test http://domainkeys.sourceforge.net/policycheck.html No _domainkey TXT record found for _domainkey.vanaz.com So there is no policy for vanaz.com, hence this domain would fail domainkey policy on other servers. You need to insert 2 TXT records in vanaz.com DNS. Regards Alex On 05/04/2010 07:21, Amit Dalia wrote: Hi Eric/Jake, I had removed Domain Key from my server but I'm still getting below error: pnq.fitd...@orbit-star.com mailto:pnq.fitd...@orbit-star.com: 202.46.201.27 failed after I sent the message. Remote host said: 550 Message does not pass DomainKeys requirements for domain vanaz.com http://vanaz.com/ Any help since this is creating problem to me know. Regards, Amit At Monday, 29-03-2010 on 21:53 Eric Shubert wrote: Not at all. Amit Dalia wrote: Eric/Jake, Will re-installing qmail toaster package can solve the problem? Amit At Monday, 29-03-2010 on 21:18 Eric Shubert wrote: Amit, No way to repair qmail-dk, until someone steps up and fixes the code. Check out Jake's videos for a way to use DKIM. In order to disable DK entirely, do: # cd /var/qmail/bin # ln -sf qmail-queue.orig qmail-queue -- -Eric 'shubes' Amit Dalia wrote: Dear Eric, This was outgoing mail from server and occurred first time only. If qmail-dk is broken then is there any way to repair this? Is there any other way to use Domain Key or DKIM with my server? Else how to remove Domain Key from my server. Thanks and regards, Amit At Monday, 29-03-2010 on 20:50 Eric Shubert wrote: Amit Dalia wrote: Dear Team, I have been using Domain Key for one of my domain without any problem from long time. But today 1 server bounced it back mentioning the below error: [02] The reason of the delivery failure was:
RE: [qmailtoaster] Re: Mails getting bounced
Sorry but 1 important thing which I forgot to mention is I'm using Smarthost on server for sending emails. Can this be the reason for fail of Domain Key and DKIM? Regards, Amit At Monday, 05-04-2010 on 17:04 Anil Aliyan wrote: Dear Amit, Your DNS entry has one problem. You have k=rsa; twice in you DNS entry please remove one k=rsa; from the DNS entry. PRIVATE._DOMAINKEY.VANAZ.COM New test [1] TXT Record length = 120 K=RSA; K=RSA; p=MEwwDQYJKoZIhvcNAQEBBQADOwAwOAIxAMOyyYU7C8EPAq5QMKFXWuaEbtS/uCSB ...aKlCU8bNlpTcIyVZxDvoQJra6um3v9mc5QIDAQAB THIS SELECTOR IS IN ERROR: TAGVALUE# 2, TAG \'K\': DUPLICATE TOKEN AT POSITION 1 Regards, Anil Aliyan FROM: Amit Dalia [mailto:a...@ikf.co.in] SENT: Monday, April 05, 2010 4:20 PM TO: qmailtoaster-list@qmailtoaster.com SUBJECT: Re: [qmailtoaster] Re: Mails getting bounced Dear Anil/Alex, Please check the link below: http://domainkeys.sourceforge.net/cgi-bin/check_policy?domain=vanaz.comSubmit=Submit http://domainkeys.sourceforge.net/cgi-bin/check_selector?selector=private._domainkey.vanaz.comSubmit=Submit Anyway I will proceed for DKIM installation now. Thanks and regards, Amit At Monday, 05-04-2010 on 15:34 Postmaster wrote: Issue the following command: ln -sf qmail-dk qmail-queue Restart qmail and do not forget to insert two TXT records into your DNS and make sure you have done it in a right way. This would help you to test it: http://domainkeys.sourceforge.net/policycheck.html http://domainkeys.sourceforge.net [2] Also refer to qmailtoaster wiki. Regards Alex On 05/04/2010 10:57, Amit Dalia wrote: I had removed qmail-dk from my server using ln -sf qmail-queue.orig qmail-queue Now how do re-enable qmail-dk for my server. Regards, Amit At Monday, 05-04-2010 on 15:08 Postmaster wrote: This may not help. You do not have control over the other server and your domain may be rejected if the other server has a strict Domainkey policy. I would recommend to keep qmail-dk and DNS entries unless you have serious problems (qmail-dk is completely broken). Personally, I have not had any issues with Domainkey. Regards Alex On 05/04/2010 10:21, Amit Dalia wrote: It is my domain which got rejected. And I had now removed domain key for signing my out going emails. Also I had deleted domain key entries from my DNS Server. Amit At Monday, 05-04-2010 on 14:48 Postmaster wrote: Is it your server rejecting mail or is it your domain got rejected? Let's check - http://domainkeys.sourceforge.net/policycheck.html TESTING PRIVATE._DOMAINKEY.VANAZ.COM New test [2] No _domainkey TXT record found for private._domainkey.vanaz.com and TESTING _DOMAINKEY.VANAZ.COM New test [2] No _domainkey TXT record found for _domainkey.vanaz.com So there is no policy for vanaz.com, hence this domain would fail domainkey policy on other servers. You need to insert 2 TXT records in vanaz.com DNS. Regards Alex On 05/04/2010 07:21, Amit Dalia wrote: Hi Eric/Jake, I had removed Domain Key from my server but I'm still getting below error: : 202.46.201.27 failed after I sent the message. Remote host said: 550 Message does not pass DomainKeys requirements for domain vanaz.com [3] Any help since this is creating problem to me know. Regards, Amit At Monday, 29-03-2010 on 21:53 Eric Shubert wrote: Not at all. Amit Dalia wrote: Eric/Jake, Will re-installing qmail toaster package can solve the problem? Amit At Monday, 29-03-2010 on 21:18 Eric Shubert wrote: Amit, No way to repair qmail-dk, until someone steps up and fixes the code. Check out Jake's videos for a way to use DKIM. In order to disable DK entirely, do: # cd /var/qmail/bin # ln -sf qmail-queue.orig qmail-queue -- -Eric 'shubes' Amit Dalia wrote: Dear Eric, This was outgoing mail from server and occurred first time only. If qmail-dk is broken then is there any way to repair this? Is there any other way to use Domain Key or DKIM with my server? Else how to remove Domain Key from my server. Thanks and regards, Amit At Monday, 29-03-2010 on 20:50 Eric Shubert wrote: Amit Dalia wrote: Dear Team, I have been using Domain Key for one of my domain without any problem from long time. But today 1 server bounced it back mentioning the below error: [] The reason of the delivery failure was: 550 Message does not pass DomainKeys requirements for domain vanaz.com Is my domain key break? Thanks and regards, Amit Perhaps. The qmail-dk program included with QMT is broken in some areas, particularly inbound. While we've been under the impression that signing was working ok, it's entirely possible that there's a bug in there. The safest bet is to simply not use it at all. -- -Eric 'shubes' - Qmailtoaster is sponsored by Vickers Consulting Group (www.vickersconsulting.com
RE: [qmailtoaster] Re: Mails getting bounced
I have checked you DNS and its perfect now. But your new key is not populated on the external DNS server worldwide yet so you will have to wait untill rest of the server start reading your new public key. Can you send me a test message from your mailserver to my email address acali...@gnvfc.net ??? Regards, Anil Aliyan From: Amit Dalia [mailto:a...@ikf.co.in] Sent: Monday, April 05, 2010 5:16 PM To: qmailtoaster-list@qmailtoaster.com Subject: RE: [qmailtoaster] Re: Mails getting bounced Dear Anil, Yes I saw that and modified it on my DNS server. Also I had setup DKIM for my server as per Jake Video on settuping up DKIM. I think, I have to check it know whether its working or not, so how can I check it? Regards, Amit At Monday, 05-04-2010 on 17:04 Anil Aliyan wrote: Dear Amit, Your DNS entry has one problem. You have k=rsa; twice in you DNS entry please remove one k=rsa; from the DNS entry. private._domainkey.vanaz.com New test http://domainkeys.sourceforge.net/selectorcheck.html TXT Record length = 120 k=rsa; k=rsa; p=MEwwDQYJKoZIhvcNAQEBBQADOwAwOAIxAMOyyYU7C8EPAq5QMKFXWuaEbtS/uCSB ...aKlCU8bNlpTcIyVZxDvoQJra6um3v9mc5QIDAQAB This selector is in error: TagValue# 2, Tag 'k': Duplicate token at position 1 Regards, Anil Aliyan From: Amit Dalia [mailto:a...@ikf.co.in] Sent: Monday, April 05, 2010 4:20 PM To: qmailtoaster-list@qmailtoaster.com Subject: Re: [qmailtoaster] Re: Mails getting bounced Dear Anil/Alex, Please check the link below: http://domainkeys.sourceforge.net/cgi-bin/check_policy?domain=vanaz.comSubmit=Submit http://domainkeys.sourceforge.net/cgi-bin/check_selector?selector=private._domainkey.vanaz.comSubmit=Submit Anyway I will proceed for DKIM installation now. Thanks and regards, Amit At Monday, 05-04-2010 on 15:34 Postmaster wrote: Issue the following command: ln -sf qmail-dk qmail-queue Restart qmail and do not forget to insert two TXT records into your DNS and make sure you have done it in a right way. This would help you to test it: http://domainkeys.sourceforge.net/policycheck.html http://domainkeys.sourceforge.net http://domainkeys.sourceforge.net/policycheck.html Also refer to qmailtoaster wiki. Regards Alex On 05/04/2010 10:57, Amit Dalia wrote: I had removed qmail-dk from my server using ln -sf qmail-queue.orig qmail-queue Now how do re-enable qmail-dk for my server. Regards, Amit At Monday, 05-04-2010 on 15:08 Postmaster wrote: This may not help. You do not have control over the other server and your domain may be rejected if the other server has a strict Domainkey policy. I would recommend to keep qmail-dk and DNS entries unless you have serious problems (qmail-dk is completely broken). Personally, I have not had any issues with Domainkey. Regards Alex On 05/04/2010 10:21, Amit Dalia wrote: It is my domain which got rejected. And I had now removed domain key for signing my out going emails. Also I had deleted domain key entries from my DNS Server. Amit At Monday, 05-04-2010 on 14:48 Postmaster wrote: Is it your server rejecting mail or is it your domain got rejected? Let's check - http://domainkeys.sourceforge.net/policycheck.html Testing private._domainkey.vanaz.com New test http://domainkeys.sourceforge.net/policycheck.html No _domainkey TXT record found for private._domainkey.vanaz.com and Testing _domainkey.vanaz.com New test http://domainkeys.sourceforge.net/policycheck.html No _domainkey TXT record found for _domainkey.vanaz.com So there is no policy for vanaz.com, hence this domain would fail domainkey policy on other servers. You need to insert 2 TXT records in vanaz.com DNS. Regards Alex On 05/04/2010 07:21, Amit Dalia wrote: Hi Eric/Jake, I had removed Domain Key from my server but I'm still getting below error: pnq.fitd...@orbit-star.com: 202.46.201.27 failed after I sent the message. Remote host said: 550 Message does not pass DomainKeys requirements for domain vanaz.com http://vanaz.com/ Any help since this is creating problem to me know. Regards, Amit At Monday, 29-03-2010 on 21:53 Eric Shubert wrote: Not at all. Amit Dalia wrote: Eric/Jake, Will re-installing qmail toaster package can solve the problem? Amit At Monday, 29-03-2010 on 21:18 Eric Shubert wrote: Amit, No way to repair qmail-dk, until someone steps up and fixes the code. Check out Jake's videos for a way to use DKIM. In order to disable DK entirely, do: # cd /var/qmail/bin # ln -sf qmail-queue.orig qmail-queue -- -Eric 'shubes' Amit Dalia wrote: Dear Eric, This was outgoing mail from server and occurred first time only. If qmail-dk is broken then is there any way to repair this? Is there any other way to use Domain Key or DKIM with my server? Else how to remove Domain Key from my server. Thanks and regards, Amit At Monday, 29-03-2010 on 20:50 Eric Shubert wrote: Amit Dalia wrote: Dear
Re: [qmailtoaster] Re: Mails getting bounced
It may take a while for the DNS entries to propagate. Send an e-mail with test in the subject line to sa-t...@sendmail.net and you should have a reply with output like this shortly: sendmail.net Sender Authentication Auto-Responder $Revision: 1.19 $ This service runs atsa-t...@sendmail.net and allows remote users to perform a simple, automated test to see if different Sender Authentication schemes are working. Mail sent to this service is checked by our Sender Authentication filters for any valid credentials or signatures. A script receives the message, checks for a special header with the results of the tests, and composes this response message based on what it finds. This response is also signed with DomainKeys and DomainKeys Identified Mail (DKIM). Please note that the DKIM filter signing this reply message conforms to the latest IETF draft version, and thus may not be successfully verified by older implementations. If you are using dkim-filter from Sendmail, Inc., upgrade to at least version 1.0.0 to be compatible with the most recent version of DKIM. We hope this service has been helpful to you. Authentication System: DomainKeys Identified Mail Result: DKIM signature confirmed GOOD Description: Signature verified, message arrived intact Reporting host: sendmail.net More information:http://mipassoc.org/dkim/ Sendmail milter:https://sourceforge.net/projects/dkim-milter/ Authentication System: Domain Keys Result: DK signature confirmed GOOD Description: Signature verified, message arrived intact Reporting host: sendmail.net More information:http://antispam.yahoo.com/domainkeys Sendmail milter:https://sourceforge.net/projects/domainkeys-milter/ Authentication System: Sender ID Result: SID data confirmed GOOD Description: Sending host is authorized for sending domain Reporting host: sendmail.net More information:http://www.microsoft.com/senderid Sendmail milter:https://sourceforge.net/projects/sid-milter/ Authentication System: Sender Permitted From (SPF) Result: SPF data confirmed GOOD Description: Sending host is authorized for sending domain Reporting host: sendmail.net More information:http://spf.pobox.com/ Regards Alex On 05/04/2010 12:46, Amit Dalia wrote: Dear Anil, Yes I saw that and modified it on my DNS server. Also I had setup DKIM for my server as per Jake Video on settuping up DKIM. I think, I have to check it know whether its working or not, so how can I check it? Regards, Amit At Monday, 05-04-2010 on 17:04 Anil Aliyan wrote: Dear Amit, Your DNS entry has one problem. You have k=rsa; twice in you DNS entry please remove one k=rsa; from the DNS entry. private._domainkey.vanaz.com New test http://domainkeys.sourceforge.net/selectorcheck.html TXT Record length = 120 *k=rsa; k=rsa;* p=MEwwDQYJKoZIhvcNAQEBBQADOwAwOAIxAMOyyYU7C8EPAq5QMKFXWuaEbtS/uCSB ...aKlCU8bNlpTcIyVZxDvoQJra6um3v9mc5QIDAQAB *This selector is in error: TagValue# 2, Tag 'k': Duplicate token at position 1* Regards, Anil Aliyan *From:* Amit Dalia [mailto:a...@ikf.co.in] *Sent:* Monday, April 05, 2010 4:20 PM *To:* qmailtoaster-list@qmailtoaster.com *Subject:* Re: [qmailtoaster] Re: Mails getting bounced Dear Anil/Alex, Please check the link below: http://domainkeys.sourceforge.net/cgi-bin/check_policy?domain=vanaz.comSubmit=Submit http://domainkeys.sourceforge.net/cgi-bin/check_selector?selector=private._domainkey.vanaz.comSubmit=Submit Anyway I will proceed for DKIM installation now. Thanks and regards, Amit At Monday, 05-04-2010 on 15:34 Postmaster wrote: Issue the following command: ln -sf qmail-dk qmail-queue Restart qmail and do not forget to insert two TXT records into your DNS and make sure you have done it in a right way. This would help you to test it: http://domainkeys.sourceforge.net/policycheck.html http://domainkeys.sourceforge.net http://domainkeys.sourceforge.net/policycheck.html Also refer to qmailtoaster wiki. Regards Alex On 05/04/2010 10:57, Amit Dalia wrote: I had removed qmail-dk from my server using ln -sf qmail-queue.orig qmail-queue Now how do re-enable qmail-dk for my server. Regards, Amit At Monday, 05-04-2010 on 15:08 Postmaster wrote: This may not help. You do not have control over the other server and your domain may be rejected if the other server has a strict Domainkey policy. I would recommend to keep qmail-dk and DNS entries unless you have serious problems (qmail-dk is completely broken). Personally, I have not had any issues with Domainkey. Regards Alex On
Re: [qmailtoaster] Re: Mails getting bounced
Dear Alex, I had make the same. please find link below: http://domainkeys.sourceforge.net/cgi-bin/check_selector?selector=dkim1._domainkey.vanaz.comSubmit=Submit Regards, Amit At Monday, 05-04-2010 on 17:22 Postmaster wrote: There is another problem. You should have two entries for Domainkeys and one entry for DKIM: Domainkey: - _domainkey.vanaz.com - private._domainkey.vanaz.com Please refer to http://wiki.qmailtoaster.com/index.php/Domainkeys DKIM: - dkim1._domainkey.vanaz.com Please refer to video.qmailtoaster.com One of your TXT records is for vanaz.com rather than _domainkey.vanaz.com - please correct it. Once again see the above link about Domiankeys on how to setup your DNS. Regards Alex On 05/04/2010 12:34, Anil Aliyan wrote: Dear Amit, Your DNS entry has one problem. You have k=rsa; twice in you DNS entry please remove one k=rsa; from the DNS entry. PRIVATE._DOMAINKEY.VANAZ.COM New test [1] TXT Record length = 120 K=RSA; K=RSA; p=MEwwDQYJKoZIhvcNAQEBBQADOwAwOAIxAMOyyYU7C8EPAq5QMKFXWuaEbtS/uCSB ...aKlCU8bNlpTcIyVZxDvoQJra6um3v9mc5QIDAQAB THIS SELECTOR IS IN ERROR: TAGVALUE# 2, TAG \'K\': DUPLICATE TOKEN AT POSITION 1 Regards, Anil Aliyan FROM: Amit Dalia [mailto:a...@ikf.co.in] SENT: Monday, April 05, 2010 4:20 PM TO: qmailtoaster-list@qmailtoaster.com SUBJECT: Re: [qmailtoaster] Re: Mails getting bounced Dear Anil/Alex, Please check the link below: http://domainkeys.sourceforge.net/cgi-bin/check_policy?domain=vanaz.comSubmit=Submit http://domainkeys.sourceforge.net/cgi-bin/check_selector?selector=private._domainkey.vanaz.comSubmit=Submit Anyway I will proceed for DKIM installation now. Thanks and regards, Amit At Monday, 05-04-2010 on 15:34 Postmaster wrote: Issue the following command: ln -sf qmail-dk qmail-queue Restart qmail and do not forget to insert two TXT records into your DNS and make sure you have done it in a right way. This would help you to test it: http://domainkeys.sourceforge.net/policycheck.html http://domainkeys.sourceforge.net [2] Also refer to qmailtoaster wiki. Regards Alex On 05/04/2010 10:57, Amit Dalia wrote: I had removed qmail-dk from my server using ln -sf qmail-queue.orig qmail-queue Now how do re-enable qmail-dk for my server. Regards, Amit At Monday, 05-04-2010 on 15:08 Postmaster wrote: This may not help. You do not have control over the other server and your domain may be rejected if the other server has a strict Domainkey policy. I would recommend to keep qmail-dk and DNS entries unless you have serious problems (qmail-dk is completely broken). Personally, I have not had any issues with Domainkey. Regards Alex On 05/04/2010 10:21, Amit Dalia wrote: It is my domain which got rejected. And I had now removed domain key for signing my out going emails. Also I had deleted domain key entries from my DNS Server. Amit At Monday, 05-04-2010 on 14:48 Postmaster wrote: Is it your server rejecting mail or is it your domain got rejected? Let's check - http://domainkeys.sourceforge.net/policycheck.html TESTING PRIVATE._DOMAINKEY.VANAZ.COM New test [2] No _domainkey TXT record found for private._domainkey.vanaz.com and TESTING _DOMAINKEY.VANAZ.COM New test [2] No _domainkey TXT record found for _domainkey.vanaz.com So there is no policy for vanaz.com, hence this domain would fail domainkey policy on other servers. You need to insert 2 TXT records in vanaz.com DNS. Regards Alex On 05/04/2010 07:21, Amit Dalia wrote: Hi Eric/Jake, I had removed Domain Key from my server but I'm still getting below error: : 202.46.201.27 failed after I sent the message. Remote host said: 550 Message does not pass DomainKeys requirements for domain vanaz.com [3] Any help since this is creating problem to me know. Regards, Amit At Monday, 29-03-2010 on 21:53 Eric Shubert wrote: Not at all. Amit Dalia wrote: Eric/Jake, Will re-installing qmail toaster package can solve the problem? Amit At Monday, 29-03-2010 on 21:18 Eric Shubert wrote: Amit, No way to repair qmail-dk, until someone steps up and fixes the code. Check out Jake's videos for a way to use DKIM. In order to disable DK entirely, do: # cd /var/qmail/bin # ln -sf qmail-queue.orig qmail-queue -- -Eric 'shubes' Amit Dalia wrote: Dear Eric, This was outgoing mail from server and occurred first time only. If qmail-dk is broken then is there any way to repair this? Is there any other way to use Domain Key or DKIM with my server? Else how to remove Domain Key from my server. Thanks and regards, Amit At Monday, 29-03-2010 on 20:50 Eric Shubert wrote: Amit Dalia wrote: Dear Team, I have been using Domain Key for one of my domain without any problem from long time. But today 1 server bounced it back mentioning the below error: [] The reason of the delivery failure was: 550 Message does not pass DomainKeys requirements for domain vanaz.com Is my
Re: [qmailtoaster] Re: Mails getting bounced
Dear Anil, Please check I had send test mail on your email id. Regards, Amit At Monday, 05-04-2010 on 17:26 Postmaster wrote: It may take a while for the DNS entries to propagate. Send an e-mail with test in the subject line to sa-t...@sendmail.net and you should have a reply with output like this shortly: sendmail.net Sender Authentication Auto-Responder $Revision: 1.19 $ This service runs at [1] and allows remote users to perform a simple, automated test to see if different Sender Authentication schemes are working. Mail sent to this service is checked by our Sender Authentication filters for any valid credentials or signatures. A script receives the message, checks for a special header with the results of the tests, and composes this response message based on what it finds. This response is also signed with DomainKeys and DomainKeys Identified Mail (DKIM). Please note that the DKIM filter signing this reply message conforms to the latest IETF draft version, and thus may not be successfully verified by older implementations. If you are using dkim-filter from Sendmail, Inc., upgrade to at least version 1.0.0 to be compatible with the most recent version of DKIM. We hope this service has been helpful to you. Authentication System: DomainKeys Identified Mail Result: DKIM signature confirmed GOOD Description: Signature verified, message arrived intact Reporting host: sendmail.net More information: http://mipassoc.org/dkim/ Sendmail milter: https://sourceforge.net/projects/dkim-milter/ Authentication System: Domain Keys Result: DK signature confirmed GOOD Description: Signature verified, message arrived intact Reporting host: sendmail.net More information: http://antispam.yahoo.com/domainkeys Sendmail milter: https://sourceforge.net/projects/domainkeys-milter/ Authentication System: Sender ID Result: SID data confirmed GOOD Description: Sending host is authorized for sending domain Reporting host: sendmail.net More information: http://www.microsoft.com/senderid Sendmail milter: https://sourceforge.net/projects/sid-milter/ Authentication System: Sender Permitted From (SPF) Result: SPF data confirmed GOOD Description: Sending host is authorized for sending domain Reporting host: sendmail.net More information: http://spf.pobox.com/ Regards Alex On 05/04/2010 12:46, Amit Dalia wrote: Dear Anil, Yes I saw that and modified it on my DNS server. Also I had setup DKIM for my server as per Jake Video on settuping up DKIM. I think, I have to check it know whether its working or not, so how can I check it? Regards, Amit At Monday, 05-04-2010 on 17:04 Anil Aliyan wrote: Dear Amit, Your DNS entry has one problem. You have k=rsa; twice in you DNS entry please remove one k=rsa; from the DNS entry. PRIVATE._DOMAINKEY.VANAZ.COM New test [2] TXT Record length = 120 K=RSA; K=RSA; p=MEwwDQYJKoZIhvcNAQEBBQADOwAwOAIxAMOyyYU7C8EPAq5QMKFXWuaEbtS/uCSB ...aKlCU8bNlpTcIyVZxDvoQJra6um3v9mc5QIDAQAB THIS SELECTOR IS IN ERROR: TAGVALUE# 2, TAG \'K\': DUPLICATE TOKEN AT POSITION 1 Regards, Anil Aliyan FROM: Amit Dalia [mailto:a...@ikf.co.in] SENT: Monday, April 05, 2010 4:20 PM TO: qmailtoaster-list@qmailtoaster.com SUBJECT: Re: [qmailtoaster] Re: Mails getting bounced Dear Anil/Alex, Please check the link below: http://domainkeys.sourceforge.net/cgi-bin/check_policy?domain=vanaz.comSubmit=Submit http://domainkeys.sourceforge.net/cgi-bin/check_selector?selector=private._domainkey.vanaz.comSubmit=Submit Anyway I will proceed for DKIM installation now. Thanks and regards, Amit At Monday, 05-04-2010 on 15:34 Postmaster wrote: Issue the following command: ln -sf qmail-dk qmail-queue Restart qmail and do not forget to insert two TXT records into your DNS and make sure you have done it in a right way. This would help you to test it: http://domainkeys.sourceforge.net/policycheck.html http://domainkeys.sourceforge.net [3] Also refer to qmailtoaster wiki. Regards Alex On 05/04/2010 10:57, Amit Dalia wrote: I had removed qmail-dk from my server using ln -sf qmail-queue.orig qmail-queue Now how do re-enable qmail-dk for my server. Regards, Amit At Monday, 05-04-2010 on 15:08 Postmaster wrote: This may not help. You do not have control over the other server and your domain may be rejected if the other server has a strict Domainkey policy. I would recommend to keep qmail-dk and DNS entries unless you have serious problems (qmail-dk is completely broken). Personally, I have not had any issues with Domainkey. Regards Alex On 05/04/2010 10:21, Amit Dalia wrote: It is my domain which got rejected. And I had now removed domain key for signing my out going emails. Also I had deleted domain key entries from my DNS Server. Amit At Monday, 05-04-2010 on 14:48 Postmaster wrote: Is it your server rejecting mail or is it your domain got rejected? Let's check - http://domainkeys.sourceforge.net/policycheck.html TESTING PRIVATE._DOMAINKEY.VANAZ.COM New test [3]
RE: [qmailtoaster] Re: Mails getting bounced
I have checked both the entries exists but not updated globally yet. BUT BOTH KEYS ARE DIFFERENT, please use one single key for both DKIM and DomainKeys If you run dig command from your server you can see these records: dig txt _domainkey.vanza.com(Answers as Below) [r...@ncode-imss ~]# dig txt dkim1._domainkey.vanaz.com ; DiG 9.3.6-P1-RedHat-9.3.6-4.P1.el5 txt dkim1._domainkey.vanaz.com ;; global options: printcmd ;; Got answer: ;; -HEADER- opcode: QUERY, status: NOERROR, id: 27481 ;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 2, ADDITIONAL: 0 ;; QUESTION SECTION: ;dkim1._domainkey.vanaz.com.IN TXT ;; ANSWER SECTION: dkim1._domainkey.vanaz.com. 3600 IN TXT k=rsa\; p=MEwwDQYJKoZIhvcNAQEBBQADOwAwOAIxAMr0cG1KMKOsR3sNt69ZuqdCPts+mUfBappgKc0qvB+6+X1cXYln9Eq6sikdiIzV4QIDAQAB ;; AUTHORITY SECTION: vanaz.com. 172368 IN NS ns2.iknowledgefactory.com. vanaz.com. 172368 IN NS ns.iknowledgefactory.com. [r...@ncode-imss ~]# dig txt private._domainkey.vanaz.com ; DiG 9.3.6-P1-RedHat-9.3.6-4.P1.el5 txt private._domainkey.vanaz.com ;; global options: printcmd ;; Got answer: ;; -HEADER- opcode: QUERY, status: NOERROR, id: 54065 ;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 0 ;; QUESTION SECTION: ;private._domainkey.vanaz.com. IN TXT ;; ANSWER SECTION: private._domainkey.vanaz.com. 2753 IN TXT k=rsa\; p=MEwwDQYJKoZIhvcNAQEBBQADOwAwOAIxAMOyyYU7C8EPAq5QMKFXWuaEbtS/uCSBaKlCU8bNlpTcIyVZxDvoQJra6um3v9mc5QIDAQAB Regards, Anil Aliyan From: Postmaster [mailto:postmas...@seawise-chartering.co.uk] Sent: Monday, April 05, 2010 5:23 PM To: qmailtoaster-list@qmailtoaster.com Subject: Re: [qmailtoaster] Re: Mails getting bounced There is another problem. You should have two entries for Domainkeys and one entry for DKIM: Domainkey: - _domainkey.vanaz.com - private._domainkey.vanaz.com Please refer to http://wiki.qmailtoaster.com/index.php/Domainkeys DKIM: - dkim1._domainkey.vanaz.com Please refer to video.qmailtoaster.com One of your TXT records is for vanaz.com rather than _domainkey.vanaz.com - please correct it. Once again see the above link about Domiankeys on how to setup your DNS. Regards Alex On 05/04/2010 12:34, Anil Aliyan wrote: Dear Amit, Your DNS entry has one problem. You have k=rsa; twice in you DNS entry please remove one k=rsa; from the DNS entry. private._domainkey.vanaz.com New test http://domainkeys.sourceforge.net/selectorcheck.html TXT Record length = 120 k=rsa; k=rsa; p=MEwwDQYJKoZIhvcNAQEBBQADOwAwOAIxAMOyyYU7C8EPAq5QMKFXWuaEbtS/uCSB ...aKlCU8bNlpTcIyVZxDvoQJra6um3v9mc5QIDAQAB This selector is in error: TagValue# 2, Tag 'k': Duplicate token at position 1 Regards, Anil Aliyan From: Amit Dalia [mailto:a...@ikf.co.in] Sent: Monday, April 05, 2010 4:20 PM To: qmailtoaster-list@qmailtoaster.com Subject: Re: [qmailtoaster] Re: Mails getting bounced Dear Anil/Alex, Please check the link below: http://domainkeys.sourceforge.net/cgi-bin/check_policy?domain=vanaz.com http://domainkeys.sourceforge.net/cgi-bin/check_policy?domain=vanaz.comSubmit=Submit Submit=Submit http://domainkeys.sourceforge.net/cgi-bin/check_selector?selector=private._domainkey.vanaz.com http://domainkeys.sourceforge.net/cgi-bin/check_selector?selector=private._domainkey.vanaz.comSubmit=Submit Submit=Submit Anyway I will proceed for DKIM installation now. Thanks and regards, Amit At Monday, 05-04-2010 on 15:34 Postmaster wrote: Issue the following command: ln -sf qmail-dk qmail-queue Restart qmail and do not forget to insert two TXT records into your DNS and make sure you have done it in a right way. This would help you to test it: http://domainkeys.sourceforge.net/policycheck.html http://domainkeys.sourceforge.net http://domainkeys.sourceforge.net/policycheck.html Also refer to qmailtoaster wiki. Regards Alex On 05/04/2010 10:57, Amit Dalia wrote: I had removed qmail-dk from my server using ln -sf qmail-queue.orig qmail-queue Now how do re-enable qmail-dk for my server. Regards, Amit At Monday, 05-04-2010 on 15:08 Postmaster wrote: This may not help. You do not have control over the other server and your domain may be rejected if the other server has a strict Domainkey policy. I would recommend to keep qmail-dk and DNS entries unless you have serious problems (qmail-dk is completely broken). Personally, I have not had any issues with Domainkey. Regards Alex On 05/04/2010 10:21, Amit Dalia wrote: It is my domain which got rejected. And I had now removed domain key for signing my out going emails. Also I had deleted domain key entries from my DNS Server. Amit At Monday, 05-04-2010 on 14:48 Postmaster wrote: Is it your server rejecting mail or is it your domain got rejected? Let's check - http://domainkeys.sourceforge.net/policycheck.html Testing
RE: [qmailtoaster] Re: Mails getting bounced
Yes, if you are using a smarhost then all outgoing mails will be signed by your smarthost server and you’ll have to configure these keys on that server. Regards, Anil Aliyan From: Amit Dalia [mailto:a...@ikf.co.in] Sent: Monday, April 05, 2010 5:22 PM To: qmailtoaster-list@qmailtoaster.com Subject: RE: [qmailtoaster] Re: Mails getting bounced Sorry but 1 important thing which I forgot to mention is I'm using Smarthost on server for sending emails. Can this be the reason for fail of Domain Key and DKIM? Regards, Amit At Monday, 05-04-2010 on 17:04 Anil Aliyan wrote: Dear Amit, Your DNS entry has one problem. You have k=rsa; twice in you DNS entry please remove one k=rsa; from the DNS entry. private._domainkey.vanaz.com New test http://domainkeys.sourceforge.net/selectorcheck.html TXT Record length = 120 k=rsa; k=rsa; p=MEwwDQYJKoZIhvcNAQEBBQADOwAwOAIxAMOyyYU7C8EPAq5QMKFXWuaEbtS/uCSB ...aKlCU8bNlpTcIyVZxDvoQJra6um3v9mc5QIDAQAB This selector is in error: TagValue# 2, Tag 'k': Duplicate token at position 1 Regards, Anil Aliyan From: Amit Dalia [mailto:a...@ikf.co.in] Sent: Monday, April 05, 2010 4:20 PM To: qmailtoaster-list@qmailtoaster.com Subject: Re: [qmailtoaster] Re: Mails getting bounced Dear Anil/Alex, Please check the link below: http://domainkeys.sourceforge.net/cgi-bin/check_policy?domain=vanaz.comSubmit=Submit http://domainkeys.sourceforge.net/cgi-bin/check_selector?selector=private._domainkey.vanaz.comSubmit=Submit Anyway I will proceed for DKIM installation now. Thanks and regards, Amit At Monday, 05-04-2010 on 15:34 Postmaster wrote: Issue the following command: ln -sf qmail-dk qmail-queue Restart qmail and do not forget to insert two TXT records into your DNS and make sure you have done it in a right way. This would help you to test it: http://domainkeys.sourceforge.net/policycheck.html http://domainkeys.sourceforge.net http://domainkeys.sourceforge.net/policycheck.html Also refer to qmailtoaster wiki. Regards Alex On 05/04/2010 10:57, Amit Dalia wrote: I had removed qmail-dk from my server using ln -sf qmail-queue.orig qmail-queue Now how do re-enable qmail-dk for my server. Regards, Amit At Monday, 05-04-2010 on 15:08 Postmaster wrote: This may not help. You do not have control over the other server and your domain may be rejected if the other server has a strict Domainkey policy. I would recommend to keep qmail-dk and DNS entries unless you have serious problems (qmail-dk is completely broken). Personally, I have not had any issues with Domainkey. Regards Alex On 05/04/2010 10:21, Amit Dalia wrote: It is my domain which got rejected. And I had now removed domain key for signing my out going emails. Also I had deleted domain key entries from my DNS Server. Amit At Monday, 05-04-2010 on 14:48 Postmaster wrote: Is it your server rejecting mail or is it your domain got rejected? Let's check - http://domainkeys.sourceforge.net/policycheck.html Testing private._domainkey.vanaz.com New test http://domainkeys.sourceforge.net/policycheck.html No _domainkey TXT record found for private._domainkey.vanaz.com and Testing _domainkey.vanaz.com New test http://domainkeys.sourceforge.net/policycheck.html No _domainkey TXT record found for _domainkey.vanaz.com So there is no policy for vanaz.com, hence this domain would fail domainkey policy on other servers. You need to insert 2 TXT records in vanaz.com DNS. Regards Alex On 05/04/2010 07:21, Amit Dalia wrote: Hi Eric/Jake, I had removed Domain Key from my server but I'm still getting below error: pnq.fitd...@orbit-star.com: 202.46.201.27 failed after I sent the message. Remote host said: 550 Message does not pass DomainKeys requirements for domain vanaz.com http://vanaz.com/ Any help since this is creating problem to me know. Regards, Amit At Monday, 29-03-2010 on 21:53 Eric Shubert wrote: Not at all. Amit Dalia wrote: Eric/Jake, Will re-installing qmail toaster package can solve the problem? Amit At Monday, 29-03-2010 on 21:18 Eric Shubert wrote: Amit, No way to repair qmail-dk, until someone steps up and fixes the code. Check out Jake's videos for a way to use DKIM. In order to disable DK entirely, do: # cd /var/qmail/bin # ln -sf qmail-queue.orig qmail-queue -- -Eric 'shubes' Amit Dalia wrote: Dear Eric, This was outgoing mail from server and occurred first time only. If qmail-dk is broken then is there any way to repair this? Is there any other way to use Domain Key or DKIM with my server? Else how to remove Domain Key from my server. Thanks and regards, Amit At Monday, 29-03-2010 on 20:50 Eric Shubert wrote: Amit Dalia wrote: Dear Team, I have been using Domain Key for one of my domain without any problem from long time. But today 1 server bounced it back mentioning the below error: [02] The reason of the delivery
Re: [qmailtoaster] Re: Mails getting bounced
No, you should not have any problems with Domainkey/DKIM using a smart host. However, you need to redefine your SPF in your DNS to allow relay from the smart host. Regards Alex On 05/04/2010 12:52, Amit Dalia wrote: Sorry but 1 important thing which I forgot to mention is I'm using Smarthost on server for sending emails. Can this be the reason for fail of Domain Key and DKIM? Regards, Amit At Monday, 05-04-2010 on 17:04 Anil Aliyan wrote: Dear Amit, Your DNS entry has one problem. You have k=rsa; twice in you DNS entry please remove one k=rsa; from the DNS entry. private._domainkey.vanaz.com New test http://domainkeys.sourceforge.net/selectorcheck.html TXT Record length = 120 *k=rsa; k=rsa;* p=MEwwDQYJKoZIhvcNAQEBBQADOwAwOAIxAMOyyYU7C8EPAq5QMKFXWuaEbtS/uCSB ...aKlCU8bNlpTcIyVZxDvoQJra6um3v9mc5QIDAQAB *This selector is in error: TagValue# 2, Tag 'k': Duplicate token at position 1* Regards, Anil Aliyan *From:* Amit Dalia [mailto:a...@ikf.co.in] *Sent:* Monday, April 05, 2010 4:20 PM *To:* qmailtoaster-list@qmailtoaster.com *Subject:* Re: [qmailtoaster] Re: Mails getting bounced Dear Anil/Alex, Please check the link below: http://domainkeys.sourceforge.net/cgi-bin/check_policy?domain=vanaz.comSubmit=Submit http://domainkeys.sourceforge.net/cgi-bin/check_selector?selector=private._domainkey.vanaz.comSubmit=Submit Anyway I will proceed for DKIM installation now. Thanks and regards, Amit At Monday, 05-04-2010 on 15:34 Postmaster wrote: Issue the following command: ln -sf qmail-dk qmail-queue Restart qmail and do not forget to insert two TXT records into your DNS and make sure you have done it in a right way. This would help you to test it: http://domainkeys.sourceforge.net/policycheck.html http://domainkeys.sourceforge.net http://domainkeys.sourceforge.net/policycheck.html Also refer to qmailtoaster wiki. Regards Alex On 05/04/2010 10:57, Amit Dalia wrote: I had removed qmail-dk from my server using ln -sf qmail-queue.orig qmail-queue Now how do re-enable qmail-dk for my server. Regards, Amit At Monday, 05-04-2010 on 15:08 Postmaster wrote: This may not help. You do not have control over the other server and your domain may be rejected if the other server has a strict Domainkey policy. I would recommend to keep qmail-dk and DNS entries unless you have serious problems (qmail-dk is completely broken). Personally, I have not had any issues with Domainkey. Regards Alex On 05/04/2010 10:21, Amit Dalia wrote: It is my domain which got rejected. And I had now removed domain key for signing my out going emails. Also I had deleted domain key entries from my DNS Server. Amit At Monday, 05-04-2010 on 14:48 Postmaster wrote: Is it your server rejecting mail or is it your domain got rejected? Let's check - http://domainkeys.sourceforge.net/policycheck.html Testing private._domainkey.vanaz.com New test http://domainkeys.sourceforge.net/policycheck.html No _domainkey TXT record found for private._domainkey.vanaz.com and Testing _domainkey.vanaz.com New test http://domainkeys.sourceforge.net/policycheck.html No _domainkey TXT record found for _domainkey.vanaz.com So there is no policy for vanaz.com, hence this domain would fail domainkey policy on other servers. You need to insert 2 TXT records in vanaz.com DNS. Regards Alex On 05/04/2010 07:21, Amit Dalia wrote: Hi Eric/Jake, I had removed Domain Key from my server but I'm still getting below error: pnq.fitd...@orbit-star.com mailto:pnq.fitd...@orbit-star.com: 202.46.201.27 failed after I sent the message. Remote host said: 550 Message does not pass DomainKeys requirements for domain vanaz.com http://vanaz.com/ Any help since this is creating problem to me know. Regards, Amit At Monday, 29-03-2010 on 21:53 Eric Shubert wrote: Not at all. Amit Dalia wrote: Eric/Jake, Will re-installing qmail toaster package can solve the problem? Amit At Monday, 29-03-2010 on 21:18 Eric Shubert wrote: Amit, No way to repair qmail-dk, until someone steps up and fixes the code. Check out Jake's videos for a way to use DKIM. In order to disable DK entirely, do: # cd /var/qmail/bin # ln -sf qmail-queue.orig qmail-queue -- -Eric 'shubes' Amit Dalia wrote: Dear Eric, This was outgoing mail from server and occurred first time only. If qmail-dk is broken then is there any way to repair this? Is there any other way to use Domain Key or DKIM with my server? Else how to remove
RE: [qmailtoaster] Re: Mails getting bounced
So which key should I use? Key generated by DKIM or key generated by Domain Key. Regards, Amit At Monday, 05-04-2010 on 17:31 Anil Aliyan wrote: I have checked both the entries exists but not updated globally yet. BUT BOTH KEYS ARE DIFFERENT, please use one single key for both DKIM and DomainKeys If you run dig command from your server you can see these records: DIG TXT _DOMAINKEY.VANZA.COM (ANSWERS AS BELOW) [r...@ncode-imss ~]# dig txt dkim1._domainkey.vanaz.com ; DiG 9.3.6-P1-RedHat-9.3.6-4.P1.el5 txt dkim1._domainkey.vanaz.com ;; global options: printcmd ;; Got answer: ;; -HEADERHEADER Eric/Jake, Will re-installing qmail toaster package can solve the problem? Amit At Monday, 29-03-2010 on 21:18 Eric Shubert wrote: Amit, No way to repair qmail-dk, until someone steps up and fixes the code. Check out Jake's videos for a way to use DKIM. In order to disable DK entirely, do: # cd /var/qmail/bin # ln -sf qmail-queue.orig qmail-queue -- -Eric 'shubes' Amit Dalia wrote: Dear Eric, This was outgoing mail from server and occurred first time only. If qmail-dk is broken then is there any way to repair this? Is there any other way to use Domain Key or DKIM with my server? Else how to remove Domain Key from my server. Thanks and regards, Amit At Monday, 29-03-2010 on 20:50 Eric Shubert wrote: Amit Dalia wrote: Dear Team, I have been using Domain Key for one of my domain without any problem from long time. But today 1 server bounced it back mentioning the below error: [] The reason of the delivery failure was: 550 Message does not pass DomainKeys requirements for domain vanaz.com Is my domain key break? Thanks and regards, Amit Perhaps. The qmail-dk program included with QMT is broken in some areas, particularly inbound. While we've been under the impression that signing was working ok, it's entirely possible that there's a bug in there. The safest bet is to simply not use it at all. -- -Eric 'shubes' - Qmailtoaster is sponsored by Vickers Consulting Group (www.vickersconsulting.com [4]) Vickers Consulting Group offers Qmailtoaster support and installations. If you need professional help with your setup, contact them today! - Please visit qmailtoaster.com for the latest news, updates, and packages. To unsubscribe, e-mail: qmailtoaster-list-unsubscr...@qmailtoaster.com For additional commands, e-mail: qmailtoaster-list-h...@qmailtoaster.com -- -Eric 'shubes' - Qmailtoaster is sponsored by Vickers Consulting Group (www.vickersconsulting.com [4]) Vickers Consulting Group offers Qmailtoaster support and installations. If you need professional help with your setup, contact them today! - Please visit qmailtoaster.com for the latest news, updates, and packages. To unsubscribe, e-mail: qmailtoaster-list-unsubscr...@qmailtoaster.com For additional commands, e-mail: qmailtoaster-list-h...@qmailtoaster.com Links: -- [1] http://domainkeys.sourceforge.net/selectorcheck.html [2] http://domainkeys.sourceforge.net/policycheck.html [3] http://vanaz.com/ [4] http://www.vickersconsulting.com
Re: [qmailtoaster] Re: Mails getting bounced
Dear Alex, I had done this for SPF part. Regards, Amit At Monday, 05-04-2010 on 17:37 Postmaster wrote: No, you should not have any problems with Domainkey/DKIM using a smart host. However, you need to redefine your SPF in your DNS to allow relay from the smart host. Regards Alex On 05/04/2010 12:52, Amit Dalia wrote: Sorry but 1 important thing which I forgot to mention is I'm using Smarthost on server for sending emails. Can this be the reason for fail of Domain Key and DKIM? Regards, Amit At Monday, 05-04-2010 on 17:04 Anil Aliyan wrote: Dear Amit, Your DNS entry has one problem. You have k=rsa; twice in you DNS entry please remove one k=rsa; from the DNS entry. PRIVATE._DOMAINKEY.VANAZ.COM New test [1] TXT Record length = 120 K=RSA; K=RSA; p=MEwwDQYJKoZIhvcNAQEBBQADOwAwOAIxAMOyyYU7C8EPAq5QMKFXWuaEbtS/uCSB ...aKlCU8bNlpTcIyVZxDvoQJra6um3v9mc5QIDAQAB THIS SELECTOR IS IN ERROR: TAGVALUE# 2, TAG \'K\': DUPLICATE TOKEN AT POSITION 1 Regards, Anil Aliyan FROM: Amit Dalia [mailto:a...@ikf.co.in] SENT: Monday, April 05, 2010 4:20 PM TO: qmailtoaster-list@qmailtoaster.com SUBJECT: Re: [qmailtoaster] Re: Mails getting bounced Dear Anil/Alex, Please check the link below: http://domainkeys.sourceforge.net/cgi-bin/check_policy?domain=vanaz.comSubmit=Submit http://domainkeys.sourceforge.net/cgi-bin/check_selector?selector=private._domainkey.vanaz.comSubmit=Submit Anyway I will proceed for DKIM installation now. Thanks and regards, Amit At Monday, 05-04-2010 on 15:34 Postmaster wrote: Issue the following command: ln -sf qmail-dk qmail-queue Restart qmail and do not forget to insert two TXT records into your DNS and make sure you have done it in a right way. This would help you to test it: http://domainkeys.sourceforge.net/policycheck.html http://domainkeys.sourceforge.net [2] Also refer to qmailtoaster wiki. Regards Alex On 05/04/2010 10:57, Amit Dalia wrote: I had removed qmail-dk from my server using ln -sf qmail-queue.orig qmail-queue Now how do re-enable qmail-dk for my server. Regards, Amit At Monday, 05-04-2010 on 15:08 Postmaster wrote: This may not help. You do not have control over the other server and your domain may be rejected if the other server has a strict Domainkey policy. I would recommend to keep qmail-dk and DNS entries unless you have serious problems (qmail-dk is completely broken). Personally, I have not had any issues with Domainkey. Regards Alex On 05/04/2010 10:21, Amit Dalia wrote: It is my domain which got rejected. And I had now removed domain key for signing my out going emails. Also I had deleted domain key entries from my DNS Server. Amit At Monday, 05-04-2010 on 14:48 Postmaster wrote: Is it your server rejecting mail or is it your domain got rejected? Let's check - http://domainkeys.sourceforge.net/policycheck.html TESTING PRIVATE._DOMAINKEY.VANAZ.COM New test [2] No _domainkey TXT record found for private._domainkey.vanaz.com and TESTING _DOMAINKEY.VANAZ.COM New test [2] No _domainkey TXT record found for _domainkey.vanaz.com So there is no policy for vanaz.com, hence this domain would fail domainkey policy on other servers. You need to insert 2 TXT records in vanaz.com DNS. Regards Alex On 05/04/2010 07:21, Amit Dalia wrote: Hi Eric/Jake, I had removed Domain Key from my server but I'm still getting below error: : 202.46.201.27 failed after I sent the message. Remote host said: 550 Message does not pass DomainKeys requirements for domain vanaz.com [3] Any help since this is creating problem to me know. Regards, Amit At Monday, 29-03-2010 on 21:53 Eric Shubert wrote: Not at all. Amit Dalia wrote: Eric/Jake, Will re-installing qmail toaster package can solve the problem? Amit At Monday, 29-03-2010 on 21:18 Eric Shubert wrote: Amit, No way to repair qmail-dk, until someone steps up and fixes the code. Check out Jake's videos for a way to use DKIM. In order to disable DK entirely, do: # cd /var/qmail/bin # ln -sf qmail-queue.orig qmail-queue -- -Eric 'shubes' Amit Dalia wrote: Dear Eric, This was outgoing mail from server and occurred first time only. If qmail-dk is broken then is there any way to repair this? Is there any other way to use Domain Key or DKIM with my server? Else how to remove Domain Key from my server. Thanks and regards, Amit At Monday, 29-03-2010 on 20:50 Eric Shubert wrote: Amit Dalia wrote: Dear Team, I have been using Domain Key for one of my domain without any problem from long time. But today 1 server bounced it back mentioning the below error: [] The reason of the delivery failure was: 550 Message does not pass DomainKeys requirements for domain vanaz.com Is my domain key break? Thanks and regards, Amit Perhaps. The qmail-dk program included with QMT is broken in some areas, particularly inbound. While we've been under the impression
RE: [qmailtoaster] Re: Mails getting bounced
Dear Amit, Please ignore my last mail about smarthost. Your mail signed by you main mail server should work actually. I have checked your test message and it is signed by DKIM but doesn’t singed for Domainkeys. You need to entry for both in your signconf.xml file: Your file should look like below mentioned example: dkimsign !-- per default sign all mails using dkim -- global algorithm=rsa-sha1 query=dns keyfile=/var/qmail/control/dkim/global.key method=simple selector=dkim1 types id=dkim / /global vanza.com selector=dkim1 types id=dkim / types id=domainkey method=nofws / /vanza.com /dkimsign From: Amit Dalia [mailto:a...@ikf.co.in] Sent: Monday, April 05, 2010 5:30 PM To: qmailtoaster-list@qmailtoaster.com Subject: Re: [qmailtoaster] Re: Mails getting bounced Dear Anil, Please check I had send test mail on your email id. Regards, Amit At Monday, 05-04-2010 on 17:26 Postmaster wrote: It may take a while for the DNS entries to propagate. Send an e-mail with test in the subject line to sa-t...@sendmail.net and you should have a reply with output like this shortly: sendmail.net Sender Authentication Auto-Responder $Revision: 1.19 $ This service runs at mailto:sa-t...@sendmail.net sa-t...@sendmail.net and allows remote users to perform a simple, automated test to see if different Sender Authentication schemes are working. Mail sent to this service is checked by our Sender Authentication filters for any valid credentials or signatures. A script receives the message, checks for a special header with the results of the tests, and composes this response message based on what it finds. This response is also signed with DomainKeys and DomainKeys Identified Mail (DKIM). Please note that the DKIM filter signing this reply message conforms to the latest IETF draft version, and thus may not be successfully verified by older implementations. If you are using dkim-filter from Sendmail, Inc., upgrade to at least version 1.0.0 to be compatible with the most recent version of DKIM. We hope this service has been helpful to you. Authentication System: DomainKeys Identified Mail Result: DKIM signature confirmed GOOD Description: Signature verified, message arrived intact Reporting host: sendmail.net More information: http://mipassoc.org/dkim/ Sendmail milter: https://sourceforge.net/projects/dkim-milter/ Authentication System: Domain Keys Result: DK signature confirmed GOOD Description: Signature verified, message arrived intact Reporting host: sendmail.net More information: http://antispam.yahoo.com/domainkeys Sendmail milter: https://sourceforge.net/projects/domainkeys-milter/ Authentication System: Sender ID Result: SID data confirmed GOOD Description: Sending host is authorized for sending domain Reporting host: sendmail.net More information: http://www.microsoft.com/senderid Sendmail milter: https://sourceforge.net/projects/sid-milter/ Authentication System: Sender Permitted From (SPF) Result: SPF data confirmed GOOD Description: Sending host is authorized for sending domain Reporting host: sendmail.net More information: http://spf.pobox.com/ Regards Alex On 05/04/2010 12:46, Amit Dalia wrote: Dear Anil, Yes I saw that and modified it on my DNS server. Also I had setup DKIM for my server as per Jake Video on settuping up DKIM. I think, I have to check it know whether its working or not, so how can I check it? Regards, Amit At Monday, 05-04-2010 on 17:04 Anil Aliyan wrote: Dear Amit, Your DNS entry has one problem. You have k=rsa; twice in you DNS entry please remove one k=rsa; from the DNS entry. private._domainkey.vanaz.com New test http://domainkeys.sourceforge.net/selectorcheck.html TXT Record length = 120 k=rsa; k=rsa; p=MEwwDQYJKoZIhvcNAQEBBQADOwAwOAIxAMOyyYU7C8EPAq5QMKFXWuaEbtS/uCSB ...aKlCU8bNlpTcIyVZxDvoQJra6um3v9mc5QIDAQAB This selector is in error: TagValue# 2, Tag 'k': Duplicate token at position 1 Regards, Anil Aliyan From: Amit Dalia [mailto:a...@ikf.co.in] Sent: Monday, April 05, 2010 4:20 PM To: qmailtoaster-list@qmailtoaster.com Subject: Re: [qmailtoaster] Re: Mails getting bounced Dear Anil/Alex, Please check the link below: http://domainkeys.sourceforge.net/cgi-bin/check_policy?domain=vanaz.com http://domainkeys.sourceforge.net/cgi-bin/check_policy?domain=vanaz.comSubmit=Submit Submit=Submit http://domainkeys.sourceforge.net/cgi-bin/check_selector?selector=private._domainkey.vanaz.com
Re: [qmailtoaster] Re: Mails getting bounced
There is no reason why different keys cannot be used for Domainkey and DKIM. I am using different keys and have had no problems so far. Regards Alex On 05/04/2010 13:01, Anil Aliyan wrote: I have checked both the entries exists but not updated globally yet. BUT BOTH KEYS ARE DIFFERENT, please use one single key for both DKIM and DomainKeys If you run dig command from your server you can see these records: *dig txt _domainkey.vanza.com(Answers as Below)* [r...@ncode-imss ~]# dig txt dkim1._domainkey.vanaz.com ; DiG 9.3.6-P1-RedHat-9.3.6-4.P1.el5 txt dkim1._domainkey.vanaz.com ;; global options: printcmd ;; Got answer: ;; -HEADER- opcode: QUERY, status: NOERROR, id: 27481 ;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 2, ADDITIONAL: 0 ;; QUESTION SECTION: ;dkim1._domainkey.vanaz.com.IN TXT ;; ANSWER SECTION: dkim1._domainkey.vanaz.com. 3600 IN TXT k=rsa\; p=MEwwDQYJKoZIhvcNAQEBBQADOwAwOAIxAMr0cG1KMKOsR3sNt69ZuqdCPts+mUfBappgKc0qvB+6+X1cXYln9Eq6sikdiIzV4QIDAQAB ;; AUTHORITY SECTION: vanaz.com. 172368 IN NS ns2.iknowledgefactory.com. vanaz.com. 172368 IN NS ns.iknowledgefactory.com. [r...@ncode-imss ~]# dig txt private._domainkey.vanaz.com ; DiG 9.3.6-P1-RedHat-9.3.6-4.P1.el5 txt private._domainkey.vanaz.com ;; global options: printcmd ;; Got answer: ;; -HEADER- opcode: QUERY, status: NOERROR, id: 54065 ;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 0 ;; QUESTION SECTION: ;private._domainkey.vanaz.com. IN TXT ;; ANSWER SECTION: private._domainkey.vanaz.com. 2753 IN TXT k=rsa\; p=MEwwDQYJKoZIhvcNAQEBBQADOwAwOAIxAMOyyYU7C8EPAq5QMKFXWuaEbtS/uCSBaKlCU8bNlpTcIyVZxDvoQJra6um3v9mc5QIDAQAB Regards, Anil Aliyan *From:* Postmaster [mailto:postmas...@seawise-chartering.co.uk] *Sent:* Monday, April 05, 2010 5:23 PM *To:* qmailtoaster-list@qmailtoaster.com *Subject:* Re: [qmailtoaster] Re: Mails getting bounced There is another problem. You should have two entries for Domainkeys and one entry for DKIM: Domainkey: - _domainkey.vanaz.com - private._domainkey.vanaz.com Please refer to http://wiki.qmailtoaster.com/index.php/Domainkeys DKIM: - dkim1._domainkey.vanaz.com Please refer to video.qmailtoaster.com One of your TXT records is for vanaz.com rather than _domainkey.vanaz.com - please correct it. Once again see the above link about Domiankeys on how to setup your DNS. Regards Alex On 05/04/2010 12:34, Anil Aliyan wrote: Dear Amit, Your DNS entry has one problem. You have k=rsa; twice in you DNS entry please remove one k=rsa; from the DNS entry. private._domainkey.vanaz.com New test http://domainkeys.sourceforge.net/selectorcheck.html TXT Record length = 120 *k=rsa; k=rsa;* p=MEwwDQYJKoZIhvcNAQEBBQADOwAwOAIxAMOyyYU7C8EPAq5QMKFXWuaEbtS/uCSB ...aKlCU8bNlpTcIyVZxDvoQJra6um3v9mc5QIDAQAB *This selector is in error: TagValue# 2, Tag 'k': Duplicate token at position 1* Regards, Anil Aliyan *From:* Amit Dalia [mailto:a...@ikf.co.in] *Sent:* Monday, April 05, 2010 4:20 PM *To:* qmailtoaster-list@qmailtoaster.com mailto:qmailtoaster-list@qmailtoaster.com *Subject:* Re: [qmailtoaster] Re: Mails getting bounced Dear Anil/Alex, Please check the link below: http://domainkeys.sourceforge.net/cgi-bin/check_policy?domain=vanaz.comSubmit=Submit http://domainkeys.sourceforge.net/cgi-bin/check_policy?domain=vanaz.comSubmit=Submit http://domainkeys.sourceforge.net/cgi-bin/check_selector?selector=private._domainkey.vanaz.comSubmit=Submit http://domainkeys.sourceforge.net/cgi-bin/check_selector?selector=private._domainkey.vanaz.comSubmit=Submit Anyway I will proceed for DKIM installation now. Thanks and regards, Amit At Monday, 05-04-2010 on 15:34 Postmaster wrote: Issue the following command: ln -sf qmail-dk qmail-queue Restart qmail and do not forget to insert two TXT records into your DNS and make sure you have done it in a right way. This would help you to test it: http://domainkeys.sourceforge.net/policycheck.html http://domainkeys.sourceforge.net http://domainkeys.sourceforge.net/policycheck.html Also refer to qmailtoaster wiki. Regards Alex On 05/04/2010 10:57, Amit Dalia wrote: I had removed qmail-dk from my server using ln -sf qmail-queue.orig qmail-queue Now how do re-enable qmail-dk for my server. Regards, Amit At Monday, 05-04-2010 on 15:08 Postmaster wrote: This may not help. You do not have control over the other server and your domain may be rejected if the other server has a strict Domainkey policy. I would recommend to keep qmail-dk and DNS entries unless you have serious problems (qmail-dk is completely broken). Personally, I have not had any issues with Domainkey. Regards Alex On 05/04/2010 10:21, Amit Dalia wrote: It is my domain which got rejected. And I had now removed domain key for signing my out going emails. Also I had deleted domain key entries from my DNS Server.
RE: [qmailtoaster] Re: Mails getting bounced
Key generated by DKIM is used for both by default. From: Amit Dalia [mailto:a...@ikf.co.in] Sent: Monday, April 05, 2010 5:38 PM To: qmailtoaster-list@qmailtoaster.com Subject: RE: [qmailtoaster] Re: Mails getting bounced So which key should I use? Key generated by DKIM or key generated by Domain Key. Regards, Amit At Monday, 05-04-2010 on 17:31 Anil Aliyan wrote: I have checked both the entries exists but not updated globally yet. BUT BOTH KEYS ARE DIFFERENT, please use one single key for both DKIM and DomainKeys If you run dig command from your server you can see these records: dig txt _domainkey.vanza.com(Answers as Below) [r...@ncode-imss ~]# dig txt dkim1._domainkey.vanaz.com ; DiG 9.3.6-P1-RedHat-9.3.6-4.P1.el5 txt dkim1._domainkey.vanaz.com ;; global options: printcmd ;; Got answer: ;; -HEADER- opcode: QUERY, status: NOERROR, id: 27481 ;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 2, ADDITIONAL: 0 ;; QUESTION SECTION: ;dkim1._domainkey.vanaz.com.IN TXT ;; ANSWER SECTION: dkim1._domainkey.vanaz.com. 3600 IN TXT k=rsa\; p=MEwwDQYJKoZIhvcNAQEBBQADOwAwOAIxAMr0cG1KMKOsR3sNt69ZuqdCPts+mUfBappgKc0qvB+6+X1cXYln9Eq6sikdiIzV4QIDAQAB ;; AUTHORITY SECTION: vanaz.com. 172368 IN NS ns2.iknowledgefactory.com. vanaz.com. 172368 IN NS ns.iknowledgefactory.com. [r...@ncode-imss ~]# dig txt private._domainkey.vanaz.com ; DiG 9.3.6-P1-RedHat-9.3.6-4.P1.el5 txt private._domainkey.vanaz.com ;; global options: printcmd ;; Got answer: ;; -HEADER- opcode: QUERY, status: NOERROR, id: 54065 ;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 0 ;; QUESTION SECTION: ;private._domainkey.vanaz.com. IN TXT ;; ANSWER SECTION: private._domainkey.vanaz.com. 2753 IN TXT k=rsa\; p=MEwwDQYJKoZIhvcNAQEBBQADOwAwOAIxAMOyyYU7C8EPAq5QMKFXWuaEbtS/uCSBaKlCU8bNlpTcIyVZxDvoQJra6um3v9mc5QIDAQAB Regards, Anil Aliyan From: Postmaster [mailto:postmas...@seawise-chartering.co.uk] Sent: Monday, April 05, 2010 5:23 PM To: qmailtoaster-list@qmailtoaster.com Subject: Re: [qmailtoaster] Re: Mails getting bounced There is another problem. You should have two entries for Domainkeys and one entry for DKIM: Domainkey: - _domainkey.vanaz.com - private._domainkey.vanaz.com Please refer to http://wiki.qmailtoaster.com/index.php/Domainkeys DKIM: - dkim1._domainkey.vanaz.com Please refer to video.qmailtoaster.com One of your TXT records is for vanaz.com rather than _domainkey.vanaz.com - please correct it. Once again see the above link about Domiankeys on how to setup your DNS. Regards Alex On 05/04/2010 12:34, Anil Aliyan wrote: Dear Amit, Your DNS entry has one problem. You have k=rsa; twice in you DNS entry please remove one k=rsa; from the DNS entry. private._domainkey.vanaz.com New test http://domainkeys.sourceforge.net/selectorcheck.html TXT Record length = 120 k=rsa; k=rsa; p=MEwwDQYJKoZIhvcNAQEBBQADOwAwOAIxAMOyyYU7C8EPAq5QMKFXWuaEbtS/uCSB ...aKlCU8bNlpTcIyVZxDvoQJra6um3v9mc5QIDAQAB This selector is in error: TagValue# 2, Tag 'k': Duplicate token at position 1 Regards, Anil Aliyan From: Amit Dalia [mailto:a...@ikf.co.in] Sent: Monday, April 05, 2010 4:20 PM To: qmailtoaster-list@qmailtoaster.com Subject: Re: [qmailtoaster] Re: Mails getting bounced Dear Anil/Alex, Please check the link below: http://domainkeys.sourceforge.net/cgi-bin/check_policy?domain=vanaz.com http://domainkeys.sourceforge.net/cgi-bin/check_policy?domain=vanaz.comSubmit=Submit Submit=Submit http://domainkeys.sourceforge.net/cgi-bin/check_selector?selector=private._domainkey.vanaz.com http://domainkeys.sourceforge.net/cgi-bin/check_selector?selector=private._domainkey.vanaz.comSubmit=Submit Submit=Submit Anyway I will proceed for DKIM installation now. Thanks and regards, Amit At Monday, 05-04-2010 on 15:34 Postmaster wrote: Issue the following command: ln -sf qmail-dk qmail-queue Restart qmail and do not forget to insert two TXT records into your DNS and make sure you have done it in a right way. This would help you to test it: http://domainkeys.sourceforge.net/policycheck.html http://domainkeys.sourceforge.net http://domainkeys.sourceforge.net/policycheck.html Also refer to qmailtoaster wiki. Regards Alex On 05/04/2010 10:57, Amit Dalia wrote: I had removed qmail-dk from my server using ln -sf qmail-queue.orig qmail-queue Now how do re-enable qmail-dk for my server. Regards, Amit At Monday, 05-04-2010 on 15:08 Postmaster wrote: This may not help. You do not have control over the other server and your domain may be rejected if the other server has a strict Domainkey policy. I would recommend to keep qmail-dk and DNS entries unless you have serious problems (qmail-dk is completely broken). Personally, I have not had any issues with Domainkey. Regards Alex On 05/04/2010 10:21, Amit
RE: [qmailtoaster] Re: Mails getting bounced
If you are using DKIM then you don’t require a separate domainkey signature file, same DKIM signature file is used for both. Moreover you don’t even require domainkeys folder in your /var/qmai/control directory. From: Amit Dalia [mailto:a...@ikf.co.in] Sent: Monday, April 05, 2010 5:39 PM To: qmailtoaster-list@qmailtoaster.com Subject: Re: [qmailtoaster] Re: Mails getting bounced Dear Alex, I had done this for SPF part. Regards, Amit At Monday, 05-04-2010 on 17:37 Postmaster wrote: No, you should not have any problems with Domainkey/DKIM using a smart host. However, you need to redefine your SPF in your DNS to allow relay from the smart host. Regards Alex On 05/04/2010 12:52, Amit Dalia wrote: Sorry but 1 important thing which I forgot to mention is I'm using Smarthost on server for sending emails. Can this be the reason for fail of Domain Key and DKIM? Regards, Amit At Monday, 05-04-2010 on 17:04 Anil Aliyan wrote: Dear Amit, Your DNS entry has one problem. You have k=rsa; twice in you DNS entry please remove one k=rsa; from the DNS entry. private._domainkey.vanaz.com New test http://domainkeys.sourceforge.net/selectorcheck.html TXT Record length = 120 k=rsa; k=rsa; p=MEwwDQYJKoZIhvcNAQEBBQADOwAwOAIxAMOyyYU7C8EPAq5QMKFXWuaEbtS/uCSB ...aKlCU8bNlpTcIyVZxDvoQJra6um3v9mc5QIDAQAB This selector is in error: TagValue# 2, Tag 'k': Duplicate token at position 1 Regards, Anil Aliyan From: Amit Dalia [mailto:a...@ikf.co.in] Sent: Monday, April 05, 2010 4:20 PM To: qmailtoaster-list@qmailtoaster.com Subject: Re: [qmailtoaster] Re: Mails getting bounced Dear Anil/Alex, Please check the link below: http://domainkeys.sourceforge.net/cgi-bin/check_policy?domain=vanaz.com http://domainkeys.sourceforge.net/cgi-bin/check_policy?domain=vanaz.comSubmit=Submit Submit=Submit http://domainkeys.sourceforge.net/cgi-bin/check_selector?selector=private._domainkey.vanaz.com http://domainkeys.sourceforge.net/cgi-bin/check_selector?selector=private._domainkey.vanaz.comSubmit=Submit Submit=Submit Anyway I will proceed for DKIM installation now. Thanks and regards, Amit At Monday, 05-04-2010 on 15:34 Postmaster wrote: Issue the following command: ln -sf qmail-dk qmail-queue Restart qmail and do not forget to insert two TXT records into your DNS and make sure you have done it in a right way. This would help you to test it: http://domainkeys.sourceforge.net/policycheck.html http://domainkeys.sourceforge.net http://domainkeys.sourceforge.net/policycheck.html Also refer to qmailtoaster wiki. Regards Alex On 05/04/2010 10:57, Amit Dalia wrote: I had removed qmail-dk from my server using ln -sf qmail-queue.orig qmail-queue Now how do re-enable qmail-dk for my server. Regards, Amit At Monday, 05-04-2010 on 15:08 Postmaster wrote: This may not help. You do not have control over the other server and your domain may be rejected if the other server has a strict Domainkey policy. I would recommend to keep qmail-dk and DNS entries unless you have serious problems (qmail-dk is completely broken). Personally, I have not had any issues with Domainkey. Regards Alex On 05/04/2010 10:21, Amit Dalia wrote: It is my domain which got rejected. And I had now removed domain key for signing my out going emails. Also I had deleted domain key entries from my DNS Server. Amit At Monday, 05-04-2010 on 14:48 Postmaster wrote: Is it your server rejecting mail or is it your domain got rejected? Let's check - http://domainkeys.sourceforge.net/policycheck.html Testing private._domainkey.vanaz.com New test http://domainkeys.sourceforge.net/policycheck.html No _domainkey TXT record found for private._domainkey.vanaz.com and Testing _domainkey.vanaz.com New test http://domainkeys.sourceforge.net/policycheck.html No _domainkey TXT record found for _domainkey.vanaz.com So there is no policy for vanaz.com, hence this domain would fail domainkey policy on other servers. You need to insert 2 TXT records in vanaz.com DNS. Regards Alex On 05/04/2010 07:21, Amit Dalia wrote: Hi Eric/Jake, I had removed Domain Key from my server but I'm still getting below error: pnq.fitd...@orbit-star.com: 202.46.201.27 failed after I sent the message. Remote host said: 550 Message does not pass DomainKeys requirements for domain vanaz.com http://vanaz.com/ Any help since this is creating problem to me know. Regards, Amit At Monday, 29-03-2010 on 21:53 Eric Shubert wrote: Not at all. Amit Dalia wrote: Eric/Jake, Will re-installing qmail toaster package can solve the problem? Amit At Monday, 29-03-2010 on 21:18 Eric Shubert wrote: Amit, No way to repair qmail-dk, until someone steps up and fixes the code. Check out Jake's videos for a way to use DKIM. In order to disable DK entirely, do: # cd /var/qmail/bin # ln -sf qmail-queue.orig qmail-queue -- -Eric 'shubes' Amit Dalia wrote: Dear Eric, This
Re: [qmailtoaster] Re: Mails getting bounced
Anil The file below you are referring is for DKIM and not for Domainkey. For Domainkey tcp.smtp should have the following in order for the outgoing email to be signed: DKSIGN=/var/qmail/control/domainkeys/%//private/ and DKVERIFY= if you have to accept incoming e-mail failing Domainkey Regards Alex On 05/04/2010 13:09, Anil Aliyan wrote: Dear Amit, Please ignore my last mail about smarthost. Your mail signed by you main mail server should work actually. I have checked your test message and it is signed by DKIM but doesn’t singed for Domainkeys. You need to entry for both in your signconf.xml file: Your file should look like below mentioned example: *dkimsign* * !-- per default sign all mails using dkim --* * global algorithm=rsa-sha1 query=dns keyfile=/var/qmail/control/dkim/global.key method=simple selector=dkim1* * types id=dkim /* * /global* * * * vanza.com selector=dkim1* * types id=dkim /* * types id=domainkey method=nofws /* * /vanza.com* * * */dkimsign* *From:* Amit Dalia [mailto:a...@ikf.co.in] *Sent:* Monday, April 05, 2010 5:30 PM *To:* qmailtoaster-list@qmailtoaster.com *Subject:* Re: [qmailtoaster] Re: Mails getting bounced Dear Anil, Please check I had send test mail on your email id. Regards, Amit At Monday, 05-04-2010 on 17:26 Postmaster wrote: It may take a while for the DNS entries to propagate. Send an e-mail with test in the subject line to sa-t...@sendmail.net mailto:sa-t...@sendmail.net and you should have a reply with output like this shortly: sendmail.net Sender Authentication Auto-Responder $Revision: 1.19 $ This service runs atsa-t...@sendmail.net mailto:sa-t...@sendmail.net and allows remote users to perform a simple, automated test to see if different Sender Authentication schemes are working. Mail sent to this service is checked by our Sender Authentication filters for any valid credentials or signatures. A script receives the message, checks for a special header with the results of the tests, and composes this response message based on what it finds. This response is also signed with DomainKeys and DomainKeys Identified Mail (DKIM). Please note that the DKIM filter signing this reply message conforms to the latest IETF draft version, and thus may not be successfully verified by older implementations. If you are using dkim-filter from Sendmail, Inc., upgrade to at least version 1.0.0 to be compatible with the most recent version of DKIM. We hope this service has been helpful to you. Authentication System: DomainKeys Identified Mail Result: DKIM signature confirmed GOOD Description: Signature verified, message arrived intact Reporting host: sendmail.net More information:http://mipassoc.org/dkim/ Sendmail milter:https://sourceforge.net/projects/dkim-milter/ Authentication System: Domain Keys Result: DK signature confirmed GOOD Description: Signature verified, message arrived intact Reporting host: sendmail.net More information:http://antispam.yahoo.com/domainkeys Sendmail milter:https://sourceforge.net/projects/domainkeys-milter/ Authentication System: Sender ID Result: SID data confirmed GOOD Description: Sending host is authorized for sending domain Reporting host: sendmail.net More information:http://www.microsoft.com/senderid Sendmail milter:https://sourceforge.net/projects/sid-milter/ Authentication System: Sender Permitted From (SPF) Result: SPF data confirmed GOOD Description: Sending host is authorized for sending domain Reporting host: sendmail.net More information:http://spf.pobox.com/ Regards Alex On 05/04/2010 12:46, Amit Dalia wrote: Dear Anil, Yes I saw that and modified it on my DNS server. Also I had setup DKIM for my server as per Jake Video on settuping up DKIM. I think, I have to check it know whether its working or not, so how can I check it? Regards, Amit At Monday, 05-04-2010 on 17:04 Anil Aliyan wrote: Dear Amit, Your DNS entry has one problem. You have k=rsa; twice in you DNS entry please remove one k=rsa; from the DNS entry. private._domainkey.vanaz.com New test http://domainkeys.sourceforge.net/selectorcheck.html TXT Record length = 120 *k=rsa; k=rsa;* p=MEwwDQYJKoZIhvcNAQEBBQADOwAwOAIxAMOyyYU7C8EPAq5QMKFXWuaEbtS/uCSB ...aKlCU8bNlpTcIyVZxDvoQJra6um3v9mc5QIDAQAB *This selector is in error: TagValue# 2, Tag 'k': Duplicate token at position 1* Regards, Anil Aliyan *From:* Amit Dalia [mailto:a...@ikf.co.in] *Sent:* Monday, April 05, 2010 4:20 PM *To:* qmailtoaster-list@qmailtoaster.com mailto:qmailtoaster-list@qmailtoaster.com *Subject:* Re: [qmailtoaster] Re: Mails getting bounced Dear
Re: [qmailtoaster] Re: Mails getting bounced
I have not looked into possibility of have Domainkey and DKIM signed by DKIM as I installed qmailtoaster with Domainkey first and then added DKIM functionality and for this reason I'd keep them separate. Regards Alex On 05/04/2010 13:15, Anil Aliyan wrote: Dear Alex, I do agree with you and we can use two different keys but them you will have to use both DKIM and Domainkeys separately and need to configure them separately. But when DKIM alone can handle both DKIM and Domainkeys with single key its not required to configure serparately. Regards, Anil Aliyan *From:* Postmaster [mailto:postmas...@seawise-chartering.co.uk] *Sent:* Monday, April 05, 2010 5:41 PM *To:* qmailtoaster-list@qmailtoaster.com *Subject:* Re: [qmailtoaster] Re: Mails getting bounced There is no reason why different keys cannot be used for Domainkey and DKIM. I am using different keys and have had no problems so far. Regards Alex On 05/04/2010 13:01, Anil Aliyan wrote: I have checked both the entries exists but not updated globally yet. BUT BOTH KEYS ARE DIFFERENT, please use one single key for both DKIM and DomainKeys If you run dig command from your server you can see these records: *dig txt _domainkey.vanza.com(Answers as Below)* [r...@ncode-imss ~]# dig txt dkim1._domainkey.vanaz.com ; DiG 9.3.6-P1-RedHat-9.3.6-4.P1.el5 txt dkim1._domainkey.vanaz.com ;; global options: printcmd ;; Got answer: ;; -HEADER- opcode: QUERY, status: NOERROR, id: 27481 ;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 2, ADDITIONAL: 0 ;; QUESTION SECTION: ;dkim1._domainkey.vanaz.com.IN TXT ;; ANSWER SECTION: dkim1._domainkey.vanaz.com. 3600 IN TXT k=rsa\; p=MEwwDQYJKoZIhvcNAQEBBQADOwAwOAIxAMr0cG1KMKOsR3sNt69ZuqdCPts+mUfBappgKc0qvB+6+X1cXYln9Eq6sikdiIzV4QIDAQAB ;; AUTHORITY SECTION: vanaz.com. 172368 IN NS ns2.iknowledgefactory.com. vanaz.com. 172368 IN NS ns.iknowledgefactory.com. [r...@ncode-imss ~]# dig txt private._domainkey.vanaz.com ; DiG 9.3.6-P1-RedHat-9.3.6-4.P1.el5 txt private._domainkey.vanaz.com ;; global options: printcmd ;; Got answer: ;; -HEADER- opcode: QUERY, status: NOERROR, id: 54065 ;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 0 ;; QUESTION SECTION: ;private._domainkey.vanaz.com. IN TXT ;; ANSWER SECTION: private._domainkey.vanaz.com. 2753 IN TXT k=rsa\; p=MEwwDQYJKoZIhvcNAQEBBQADOwAwOAIxAMOyyYU7C8EPAq5QMKFXWuaEbtS/uCSBaKlCU8bNlpTcIyVZxDvoQJra6um3v9mc5QIDAQAB Regards, Anil Aliyan *From:* Postmaster [mailto:postmas...@seawise-chartering.co.uk] *Sent:* Monday, April 05, 2010 5:23 PM *To:* qmailtoaster-list@qmailtoaster.com mailto:qmailtoaster-list@qmailtoaster.com *Subject:* Re: [qmailtoaster] Re: Mails getting bounced There is another problem. You should have two entries for Domainkeys and one entry for DKIM: Domainkey: - _domainkey.vanaz.com - private._domainkey.vanaz.com Please refer to http://wiki.qmailtoaster.com/index.php/Domainkeys DKIM: - dkim1._domainkey.vanaz.com Please refer to video.qmailtoaster.com One of your TXT records is for vanaz.com rather than _domainkey.vanaz.com - please correct it. Once again see the above link about Domiankeys on how to setup your DNS. Regards Alex On 05/04/2010 12:34, Anil Aliyan wrote: Dear Amit, Your DNS entry has one problem. You have k=rsa; twice in you DNS entry please remove one k=rsa; from the DNS entry. private._domainkey.vanaz.com New test http://domainkeys.sourceforge.net/selectorcheck.html TXT Record length = 120 *k=rsa; k=rsa;* p=MEwwDQYJKoZIhvcNAQEBBQADOwAwOAIxAMOyyYU7C8EPAq5QMKFXWuaEbtS/uCSB ...aKlCU8bNlpTcIyVZxDvoQJra6um3v9mc5QIDAQAB *This selector is in error: TagValue# 2, Tag 'k': Duplicate token at position 1* Regards, Anil Aliyan *From:* Amit Dalia [mailto:a...@ikf.co.in] *Sent:* Monday, April 05, 2010 4:20 PM *To:* qmailtoaster-list@qmailtoaster.com mailto:qmailtoaster-list@qmailtoaster.com *Subject:* Re: [qmailtoaster] Re: Mails getting bounced Dear Anil/Alex, Please check the link below: http://domainkeys.sourceforge.net/cgi-bin/check_policy?domain=vanaz.comSubmit=Submit http://domainkeys.sourceforge.net/cgi-bin/check_policy?domain=vanaz.comSubmit=Submit http://domainkeys.sourceforge.net/cgi-bin/check_selector?selector=private._domainkey.vanaz.comSubmit=Submit http://domainkeys.sourceforge.net/cgi-bin/check_selector?selector=private._domainkey.vanaz.comSubmit=Submit Anyway I will proceed for DKIM installation now. Thanks and regards, Amit At Monday, 05-04-2010 on 15:34 Postmaster wrote: Issue the following command: ln -sf qmail-dk qmail-queue Restart qmail and do not forget to insert two TXT records into your DNS and make sure you have done it in a right way. This would help you to test it: http://domainkeys.sourceforge.net/policycheck.html http://domainkeys.sourceforge.net http://domainkeys.sourceforge.net/policycheck.html Also
Re: [qmailtoaster] Re: Mails getting bounced
I have not looked into possibility of having Domainkey and DKIM signed by DKIM as I installed qmailtoaster with Domainkey first and then added DKIM functionality and for this reason I'd keep them separate. Regards Alex On 05/04/2010 13:15, Anil Aliyan wrote: Dear Alex, I do agree with you and we can use two different keys but them you will have to use both DKIM and Domainkeys separately and need to configure them separately. But when DKIM alone can handle both DKIM and Domainkeys with single key its not required to configure serparately. Regards, Anil Aliyan *From:* Postmaster [mailto:postmas...@seawise-chartering.co.uk] *Sent:* Monday, April 05, 2010 5:41 PM *To:* qmailtoaster-list@qmailtoaster.com *Subject:* Re: [qmailtoaster] Re: Mails getting bounced There is no reason why different keys cannot be used for Domainkey and DKIM. I am using different keys and have had no problems so far. Regards Alex On 05/04/2010 13:01, Anil Aliyan wrote: I have checked both the entries exists but not updated globally yet. BUT BOTH KEYS ARE DIFFERENT, please use one single key for both DKIM and DomainKeys If you run dig command from your server you can see these records: *dig txt _domainkey.vanza.com(Answers as Below)* [r...@ncode-imss ~]# dig txt dkim1._domainkey.vanaz.com ; DiG 9.3.6-P1-RedHat-9.3.6-4.P1.el5 txt dkim1._domainkey.vanaz.com ;; global options: printcmd ;; Got answer: ;; -HEADER- opcode: QUERY, status: NOERROR, id: 27481 ;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 2, ADDITIONAL: 0 ;; QUESTION SECTION: ;dkim1._domainkey.vanaz.com.IN TXT ;; ANSWER SECTION: dkim1._domainkey.vanaz.com. 3600 IN TXT k=rsa\; p=MEwwDQYJKoZIhvcNAQEBBQADOwAwOAIxAMr0cG1KMKOsR3sNt69ZuqdCPts+mUfBappgKc0qvB+6+X1cXYln9Eq6sikdiIzV4QIDAQAB ;; AUTHORITY SECTION: vanaz.com. 172368 IN NS ns2.iknowledgefactory.com. vanaz.com. 172368 IN NS ns.iknowledgefactory.com. [r...@ncode-imss ~]# dig txt private._domainkey.vanaz.com ; DiG 9.3.6-P1-RedHat-9.3.6-4.P1.el5 txt private._domainkey.vanaz.com ;; global options: printcmd ;; Got answer: ;; -HEADER- opcode: QUERY, status: NOERROR, id: 54065 ;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 0 ;; QUESTION SECTION: ;private._domainkey.vanaz.com. IN TXT ;; ANSWER SECTION: private._domainkey.vanaz.com. 2753 IN TXT k=rsa\; p=MEwwDQYJKoZIhvcNAQEBBQADOwAwOAIxAMOyyYU7C8EPAq5QMKFXWuaEbtS/uCSBaKlCU8bNlpTcIyVZxDvoQJra6um3v9mc5QIDAQAB Regards, Anil Aliyan *From:* Postmaster [mailto:postmas...@seawise-chartering.co.uk] *Sent:* Monday, April 05, 2010 5:23 PM *To:* qmailtoaster-list@qmailtoaster.com mailto:qmailtoaster-list@qmailtoaster.com *Subject:* Re: [qmailtoaster] Re: Mails getting bounced There is another problem. You should have two entries for Domainkeys and one entry for DKIM: Domainkey: - _domainkey.vanaz.com - private._domainkey.vanaz.com Please refer to http://wiki.qmailtoaster.com/index.php/Domainkeys DKIM: - dkim1._domainkey.vanaz.com Please refer to video.qmailtoaster.com One of your TXT records is for vanaz.com rather than _domainkey.vanaz.com - please correct it. Once again see the above link about Domiankeys on how to setup your DNS. Regards Alex On 05/04/2010 12:34, Anil Aliyan wrote: Dear Amit, Your DNS entry has one problem. You have k=rsa; twice in you DNS entry please remove one k=rsa; from the DNS entry. private._domainkey.vanaz.com New test http://domainkeys.sourceforge.net/selectorcheck.html TXT Record length = 120 *k=rsa; k=rsa;* p=MEwwDQYJKoZIhvcNAQEBBQADOwAwOAIxAMOyyYU7C8EPAq5QMKFXWuaEbtS/uCSB ...aKlCU8bNlpTcIyVZxDvoQJra6um3v9mc5QIDAQAB *This selector is in error: TagValue# 2, Tag 'k': Duplicate token at position 1* Regards, Anil Aliyan *From:* Amit Dalia [mailto:a...@ikf.co.in] *Sent:* Monday, April 05, 2010 4:20 PM *To:* qmailtoaster-list@qmailtoaster.com mailto:qmailtoaster-list@qmailtoaster.com *Subject:* Re: [qmailtoaster] Re: Mails getting bounced Dear Anil/Alex, Please check the link below: http://domainkeys.sourceforge.net/cgi-bin/check_policy?domain=vanaz.comSubmit=Submit http://domainkeys.sourceforge.net/cgi-bin/check_policy?domain=vanaz.comSubmit=Submit http://domainkeys.sourceforge.net/cgi-bin/check_selector?selector=private._domainkey.vanaz.comSubmit=Submit http://domainkeys.sourceforge.net/cgi-bin/check_selector?selector=private._domainkey.vanaz.comSubmit=Submit Anyway I will proceed for DKIM installation now. Thanks and regards, Amit At Monday, 05-04-2010 on 15:34 Postmaster wrote: Issue the following command: ln -sf qmail-dk qmail-queue Restart qmail and do not forget to insert two TXT records into your DNS and make sure you have done it in a right way. This would help you to test it: http://domainkeys.sourceforge.net/policycheck.html http://domainkeys.sourceforge.net http://domainkeys.sourceforge.net/policycheck.html
RE: [qmailtoaster] Re: Mails getting bounced
Dear Alex, That’s what I am saying that with DKIM you can sign your mail for both DKIM as well as for DomainKeys. I am using dkim and I don’t have any folder like /var/qmail/control/domainkey instead I have /var/qmail/control/dkim Please look at the last section of the qmail-remote file which replaced by the DKIM installation. It also signs mails for Domainkeys as well: # generate signatures my $sigdone = 0; foreach my $type (keys(%{$conf-{'types'}})) { my $sigconf = $conf-{'types'}-{$type}; if ($type eq 'dkim') { $signer-add_signature( new Mail::DKIM::Signature( Algorithm = $sigconf-{'algorithm'} || $conf-{'algorithm'} || $signer-algorithm, Method = $sigconf-{'method'} || $conf-{'method'}|| $signer-method, Headers= $sigconf-{'headers'}|| $conf-{'headers'} || $signer-headers, Domain = $sigconf-{'domain'} || $conf-{'domain'}|| $signer-domain, Selector = $sigconf-{'selector'} || $conf-{'selector'} || $signer-selector, Query = $sigconf-{'query'} || $conf-{'query'}, Identity = $sigconf-{'identity'} || $conf-{'identity'}, Expiration = $sigconf-{'expiration'} || $conf-{'expiration'} ) ); $sigdone = 1; } elsif ($type eq 'domainkey') { $signer-add_signature( new Mail::DKIM::DkSignature( Algorithm = 'rsa-sha1', # only rsa-sha1 supported Method = $sigconf-{'method'} || $conf-{'method'} || $signer-method, Headers= $sigconf-{'selector'} || $conf-{'headers'} || $signer-headers, Domain = $sigconf-{'domain'} || $conf-{'domain'} || $signer-domain, Selector = $sigconf-{'selector'} || $conf-{'selector'} || $signer-selector, Query = $sigconf-{'query'}|| $conf-{'query'} ) ); $sigdone = 1; } } return $sigdone; } Regards, Anil Aliyan From: Postmaster [mailto:postmas...@seawise-chartering.co.uk] Sent: Monday, April 05, 2010 5:48 PM To: qmailtoaster-list@qmailtoaster.com Subject: Re: [qmailtoaster] Re: Mails getting bounced Anil The file below you are referring is for DKIM and not for Domainkey. For Domainkey tcp.smtp should have the following in order for the outgoing email to be signed: DKSIGN=/var/qmail/control/domainkeys/%/private and DKVERIFY= if you have to accept incoming e-mail failing Domainkey Regards Alex On 05/04/2010 13:09, Anil Aliyan wrote: Dear Amit, Please ignore my last mail about smarthost. Your mail signed by you main mail server should work actually. I have checked your test message and it is signed by DKIM but doesn’t singed for Domainkeys. You need to entry for both in your signconf.xml file: Your file should look like below mentioned example: dkimsign !-- per default sign all mails using dkim -- global algorithm=rsa-sha1 query=dns keyfile=/var/qmail/control/dkim/global.key method=simple selector=dkim1 types id=dkim / /global vanza.com selector=dkim1 types id=dkim / types id=domainkey method=nofws / /vanza.com /dkimsign From: Amit Dalia [mailto:a...@ikf.co.in] Sent: Monday, April 05, 2010 5:30 PM To: qmailtoaster-list@qmailtoaster.com Subject: Re: [qmailtoaster] Re: Mails getting bounced Dear Anil, Please check I had send test mail on your email id. Regards, Amit At Monday, 05-04-2010 on 17:26 Postmaster wrote: It may take a while for the DNS entries to propagate. Send an e-mail with test in the subject line to sa-t...@sendmail.net and you should have a reply with output like this shortly: sendmail.net Sender Authentication Auto-Responder $Revision: 1.19 $ This service runs at mailto:sa-t...@sendmail.net sa-t...@sendmail.net and allows remote users to perform a simple, automated test to see if different Sender Authentication schemes are working. Mail sent to this service is checked by our Sender Authentication filters for any valid credentials or signatures. A script receives the message, checks for a special header with the results of the tests, and composes this response message based on what it finds. This response is also signed with DomainKeys and DomainKeys Identified Mail (DKIM). Please note that the DKIM filter signing this reply message conforms to the latest IETF draft version, and thus may not be successfully verified by older implementations. If you are using dkim-filter from Sendmail, Inc., upgrade to at least version 1.0.0 to be compatible with the most recent version of DKIM. We hope this service has been helpful to you. Authentication System: DomainKeys Identified Mail Result: DKIM signature confirmed GOOD Description: Signature verified, message arrived intact Reporting
RE: [qmailtoaster] Re: Mails getting bounced
Dear Anil / Alex, Sorry but I'm little confused now. So what should I do? Regards, Amit At Monday, 05-04-2010 on 17:56 Anil Aliyan wrote: Dear Alex, That’s what I am saying that with DKIM you can sign your mail for both DKIM as well as for DomainKeys. I am using dkim and I don’t have any folder like /var/qmail/control/domainkey instead I have /var/qmail/control/dkim Please look at the last section of the qmail-remote file which replaced by the DKIM installation. It also signs mails for Domainkeys as well: # generate signatures my $sigdone = 0; foreach my $type (keys(%{$conf-{'types'}})) { my $sigconf = $conf-{'types'}-{$type}; IF ( EQ \'DKIM\') { $signer-add_signature( new Mail::DKIM::Signature( Algorithm = $sigconf-{'algorithm'} || $conf-{'algorithm'} || $signer-algorithm, Method = $sigconf-{'method'} || $conf-{'method'} || $signer-method, Headers = $sigconf-{'headers'} || $conf-{'headers'} || $signer-headers, Domain = $sigconf-{'domain'} || $conf-{'domain'} || $signer-domain, Selector = $sigconf-{'selector'} || $conf-{'selector'} || $signer-selector, Query = $sigconf-{'query'} || $conf-{'query'}, Identity = $sigconf-{'identity'} || $conf-{'identity'}, Expiration = $sigconf-{'expiration'} || $conf-{'expiration'} ) ); $sigdone = 1; } ELSIF ( EQ \'DOMAINKEY\') { $signer-add_signature( new Mail::DKIM::DkSignature( Algorithm = 'rsa-sha1', # only rsa-sha1 supported Method = $sigconf-{'method'} || $conf-{'method'} || $signer-method, Headers = $sigconf-{'selector'} || $conf-{'headers'} || $signer-headers, Domain = $sigconf-{'domain'} || $conf-{'domain'} || $signer-domain, Selector = $sigconf-{'selector'} || $conf-{'selector'} || $signer-selector, Query = $sigconf-{'query'} || $conf-{'query'} ) ); $sigdone = 1; } } return $sigdone; } Regards, Anil Aliyan FROM: Postmaster [mailto:postmas...@seawise-chartering.co.uk] SENT: Monday, April 05, 2010 5:48 PM TO: qmailtoaster-list@qmailtoaster.com SUBJECT: Re: [qmailtoaster] Re: Mails getting bounced Anil The file below you are referring is for DKIM and not for Domainkey. For Domainkey tcp.smtp should have the following in order for the outgoing email to be signed: DKSIGN=/var/qmail/control/domainkeys/%/_private_ and DKVERIFY= if you have to accept incoming e-mail failing Domainkey Regards Alex On 05/04/2010 13:09, Anil Aliyan wrote: Dear Amit, Please ignore my last mail about smarthost. Your mail signed by you main mail server should work actually. I have checked your test message and it is signed by DKIM but doesn’t singed for Domainkeys. You need to entry for both in your signconf.xml file: Your file should look like below mentioned example: FROM: Amit Dalia [mailto:a...@ikf.co.in] SENT: Monday, April 05, 2010 5:30 PM TO: qmailtoaster-list@qmailtoaster.com SUBJECT: Re: [qmailtoaster] Re: Mails getting bounced Dear Anil, Please check I had send test mail on your email id. Regards, Amit At Monday, 05-04-2010 on 17:26 Postmaster wrote: It may take a while for the DNS entries to propagate. Send an e-mail with test in the subject line to sa-t...@sendmail.net and you should have a reply with output like this shortly: sendmail.net Sender Authentication Auto-Responder $Revision: 1.19 $ This service runs at [1] and allows remote users to perform a simple, automated test to see if different Sender Authentication schemes are working. Mail sent to this service is checked by our Sender Authentication filters for any valid credentials or signatures. A script receives the message, checks for a special header with the results of the tests, and composes this response message based on what it finds. This response is also signed with DomainKeys and DomainKeys Identified Mail (DKIM). Please note that the DKIM filter signing this reply message conforms to the latest IETF draft version, and thus may not be successfully verified by older implementations. If you are using dkim-filter from Sendmail, Inc., upgrade to at least version 1.0.0 to be compatible with the most recent version of DKIM. We hope this service has been helpful to you. Authentication System: DomainKeys Identified Mail Result: DKIM signature confirmed GOOD Description: Signature verified, message arrived intact Reporting host: sendmail.net More information: http://mipassoc.org/dkim/ Sendmail milter: https://sourceforge.net/projects/dkim-milter/ Authentication System: Domain Keys Result: DK signature
RE: [qmailtoaster] Re: Mails getting bounced
By default singconf.xml file contains on first line as below and only signs for DKIM: dkimsign !-- per default sign all mails using dkim -- global algorithm=rsa-sha1 domain=/var/qmail/control/me keyfile=/var/qmail/control/dkim/global.key method=simple selector=dkim1 types id=dkim / /global /dkimsign But if you want to sign mails for Domainkeys as well then you will have to add one more line just below types id=dkim / and above /global in the above example: types id=domainkey method=nofws / Regards, Anil Aliyan From: Postmaster [mailto:postmas...@seawise-chartering.co.uk] Sent: Monday, April 05, 2010 5:52 PM To: qmailtoaster-list@qmailtoaster.com Subject: Re: [qmailtoaster] Re: Mails getting bounced I have not looked into possibility of having Domainkey and DKIM signed by DKIM as I installed qmailtoaster with Domainkey first and then added DKIM functionality and for this reason I'd keep them separate. Regards Alex On 05/04/2010 13:15, Anil Aliyan wrote: Dear Alex, I do agree with you and we can use two different keys but them you will have to use both DKIM and Domainkeys separately and need to configure them separately. But when DKIM alone can handle both DKIM and Domainkeys with single key its not required to configure serparately. Regards, Anil Aliyan From: Postmaster [mailto:postmas...@seawise-chartering.co.uk] Sent: Monday, April 05, 2010 5:41 PM To: qmailtoaster-list@qmailtoaster.com Subject: Re: [qmailtoaster] Re: Mails getting bounced There is no reason why different keys cannot be used for Domainkey and DKIM. I am using different keys and have had no problems so far. Regards Alex On 05/04/2010 13:01, Anil Aliyan wrote: I have checked both the entries exists but not updated globally yet. BUT BOTH KEYS ARE DIFFERENT, please use one single key for both DKIM and DomainKeys If you run dig command from your server you can see these records: dig txt _domainkey.vanza.com(Answers as Below) [r...@ncode-imss ~]# dig txt dkim1._domainkey.vanaz.com ; DiG 9.3.6-P1-RedHat-9.3.6-4.P1.el5 txt dkim1._domainkey.vanaz.com ;; global options: printcmd ;; Got answer: ;; -HEADER- opcode: QUERY, status: NOERROR, id: 27481 ;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 2, ADDITIONAL: 0 ;; QUESTION SECTION: ;dkim1._domainkey.vanaz.com.IN TXT ;; ANSWER SECTION: dkim1._domainkey.vanaz.com. 3600 IN TXT k=rsa\; p=MEwwDQYJKoZIhvcNAQEBBQADOwAwOAIxAMr0cG1KMKOsR3sNt69ZuqdCPts+mUfBappgKc0qvB+6+X1cXYln9Eq6sikdiIzV4QIDAQAB ;; AUTHORITY SECTION: vanaz.com. 172368 IN NS ns2.iknowledgefactory.com. vanaz.com. 172368 IN NS ns.iknowledgefactory.com. [r...@ncode-imss ~]# dig txt private._domainkey.vanaz.com ; DiG 9.3.6-P1-RedHat-9.3.6-4.P1.el5 txt private._domainkey.vanaz.com ;; global options: printcmd ;; Got answer: ;; -HEADER- opcode: QUERY, status: NOERROR, id: 54065 ;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 0 ;; QUESTION SECTION: ;private._domainkey.vanaz.com. IN TXT ;; ANSWER SECTION: private._domainkey.vanaz.com. 2753 IN TXT k=rsa\; p=MEwwDQYJKoZIhvcNAQEBBQADOwAwOAIxAMOyyYU7C8EPAq5QMKFXWuaEbtS/uCSBaKlCU8bNlpTcIyVZxDvoQJra6um3v9mc5QIDAQAB Regards, Anil Aliyan From: Postmaster [mailto:postmas...@seawise-chartering.co.uk] Sent: Monday, April 05, 2010 5:23 PM To: qmailtoaster-list@qmailtoaster.com Subject: Re: [qmailtoaster] Re: Mails getting bounced There is another problem. You should have two entries for Domainkeys and one entry for DKIM: Domainkey: - _domainkey.vanaz.com - private._domainkey.vanaz.com Please refer to http://wiki.qmailtoaster.com/index.php/Domainkeys DKIM: - dkim1._domainkey.vanaz.com Please refer to video.qmailtoaster.com One of your TXT records is for vanaz.com rather than _domainkey.vanaz.com - please correct it. Once again see the above link about Domiankeys on how to setup your DNS. Regards Alex On 05/04/2010 12:34, Anil Aliyan wrote: Dear Amit, Your DNS entry has one problem. You have k=rsa; twice in you DNS entry please remove one k=rsa; from the DNS entry. private._domainkey.vanaz.com New test http://domainkeys.sourceforge.net/selectorcheck.html TXT Record length = 120 k=rsa; k=rsa; p=MEwwDQYJKoZIhvcNAQEBBQADOwAwOAIxAMOyyYU7C8EPAq5QMKFXWuaEbtS/uCSB ...aKlCU8bNlpTcIyVZxDvoQJra6um3v9mc5QIDAQAB This selector is in error: TagValue# 2, Tag 'k': Duplicate token at position 1 Regards, Anil Aliyan From: Amit Dalia [mailto:a...@ikf.co.in] Sent: Monday, April 05, 2010 4:20 PM To: qmailtoaster-list@qmailtoaster.com Subject: Re: [qmailtoaster] Re: Mails getting bounced Dear Anil/Alex, Please check the link below: http://domainkeys.sourceforge.net/cgi-bin/check_policy?domain=vanaz.com http://domainkeys.sourceforge.net/cgi-bin/check_policy?domain=vanaz.comSubmit=Submit Submit=Submit
RE: [qmailtoaster] Re: Mails getting bounced
Dear Anil, Please find my signconf.xml file contains is below: But your file doesn't contain this. So do I modify my file as per you mentioned. Regards, Amit At Monday, 05-04-2010 on 17:39 Anil Aliyan wrote: Dear Amit, Please ignore my last mail about smarthost. Your mail signed by you main mail server should work actually. I have checked your test message and it is signed by DKIM but doesn’t singed for Domainkeys. You need to entry for both in your signconf.xml file: Your file should look like below mentioned example: FROM: Amit Dalia [mailto:a...@ikf.co.in] SENT: Monday, April 05, 2010 5:30 PM TO: qmailtoaster-list@qmailtoaster.com SUBJECT: Re: [qmailtoaster] Re: Mails getting bounced Dear Anil, Please check I had send test mail on your email id. Regards, Amit At Monday, 05-04-2010 on 17:26 Postmaster wrote: It may take a while for the DNS entries to propagate. Send an e-mail with test in the subject line to sa-t...@sendmail.net and you should have a reply with output like this shortly: sendmail.net Sender Authentication Auto-Responder $Revision: 1.19 $ This service runs at [1] and allows remote users to perform a simple, automated test to see if different Sender Authentication schemes are working. Mail sent to this service is checked by our Sender Authentication filters for any valid credentials or signatures. A script receives the message, checks for a special header with the results of the tests, and composes this response message based on what it finds. This response is also signed with DomainKeys and DomainKeys Identified Mail (DKIM). Please note that the DKIM filter signing this reply message conforms to the latest IETF draft version, and thus may not be successfully verified by older implementations. If you are using dkim-filter from Sendmail, Inc., upgrade to at least version 1.0.0 to be compatible with the most recent version of DKIM. We hope this service has been helpful to you. Authentication System: DomainKeys Identified Mail Result: DKIM signature confirmed GOOD Description: Signature verified, message arrived intact Reporting host: sendmail.net More information: http://mipassoc.org/dkim/ Sendmail milter: https://sourceforge.net/projects/dkim-milter/ Authentication System: Domain Keys Result: DK signature confirmed GOOD Description: Signature verified, message arrived intact Reporting host: sendmail.net More information: http://antispam.yahoo.com/domainkeys Sendmail milter: https://sourceforge.net/projects/domainkeys-milter/ Authentication System: Sender ID Result: SID data confirmed GOOD Description: Sending host is authorized for sending domain Reporting host: sendmail.net More information: http://www.microsoft.com/senderid Sendmail milter: https://sourceforge.net/projects/sid-milter/ Authentication System: Sender Permitted From (SPF) Result: SPF data confirmed GOOD Description: Sending host is authorized for sending domain Reporting host: sendmail.net More information: http://spf.pobox.com/ Regards Alex On 05/04/2010 12:46, Amit Dalia wrote: Dear Anil, Yes I saw that and modified it on my DNS server. Also I had setup DKIM for my server as per Jake Video on settuping up DKIM. I think, I have to check it know whether its working or not, so how can I check it? Regards, Amit At Monday, 05-04-2010 on 17:04 Anil Aliyan wrote: Dear Amit, Your DNS entry has one problem. You have k=rsa; twice in you DNS entry please remove one k=rsa; from the DNS entry. PRIVATE._DOMAINKEY.VANAZ.COM New test [2] TXT Record length = 120 K=RSA; K=RSA; p=MEwwDQYJKoZIhvcNAQEBBQADOwAwOAIxAMOyyYU7C8EPAq5QMKFXWuaEbtS/uCSB ...aKlCU8bNlpTcIyVZxDvoQJra6um3v9mc5QIDAQAB THIS SELECTOR IS IN ERROR: TAGVALUE# 2, TAG \'K\': DUPLICATE TOKEN AT POSITION 1 Regards, Anil Aliyan FROM: Amit Dalia [mailto:a...@ikf.co.in] SENT: Monday, April 05, 2010 4:20 PM TO: qmailtoaster-list@qmailtoaster.com SUBJECT: Re: [qmailtoaster] Re: Mails getting bounced Dear Anil/Alex, Please check the link below: http://domainkeys.sourceforge.net/cgi-bin/check_policy?domain=vanaz.comSubmit=Submit http://domainkeys.sourceforge.net/cgi-bin/check_selector?selector=private._domainkey.vanaz.comSubmit=Submit Anyway I will proceed for DKIM installation now. Thanks and regards, Amit At Monday, 05-04-2010 on 15:34 Postmaster wrote: Issue the following command: ln -sf qmail-dk qmail-queue Restart qmail and do not forget to insert two TXT records into your DNS and make sure you have done it in a right way. This would help you to test
RE: [qmailtoaster] Re: Mails getting bounced
Dear Anil, Ok. After modifying this, I have queries: 1) do I need to remove delete domainkey folder from control? 2) do I need to modify DKSIGN= in tcp.smtp? 3) do I need to modify my DNS server entries and if yes then what the new entry I should made? Thanks and regards, Amit At Monday, 05-04-2010 on 18:05 Anil Aliyan wrote: By default singconf.xml file contains on first line as below and only signs for DKIM: But if you want to sign mails for Domainkeys as well then you will have to add one more line just below AND ABOVE IN THE ABOVE EXAMPLE: REGARDS, ANIL ALIYAN FROM: Postmaster [mailto:postmas...@seawise-chartering.co.uk] SENT: Monday, April 05, 2010 5:52 PM TO: qmailtoaster-list@qmailtoaster.com SUBJECT: Re: [qmailtoaster] Re: Mails getting bounced I have not looked into possibility of having Domainkey and DKIM signed by DKIM as I installed qmailtoaster with Domainkey first and then added DKIM functionality and for this reason I'd keep them separate. Regards Alex On 05/04/2010 13:15, Anil Aliyan wrote: Dear Alex, I do agree with you and we can use two different keys but them you will have to use both DKIM and Domainkeys separately and need to configure them separately. But when DKIM alone can handle both DKIM and Domainkeys with single key its not required to configure serparately. Regards, Anil Aliyan FROM: Postmaster [mailto:postmas...@seawise-chartering.co.uk] SENT: Monday, April 05, 2010 5:41 PM TO: qmailtoaster-list@qmailtoaster.com SUBJECT: Re: [qmailtoaster] Re: Mails getting bounced There is no reason why different keys cannot be used for Domainkey and DKIM. I am using different keys and have had no problems so far. Regards Alex On 05/04/2010 13:01, Anil Aliyan wrote: I have checked both the entries exists but not updated globally yet. BUT BOTH KEYS ARE DIFFERENT, please use one single key for both DKIM and DomainKeys If you run dig command from your server you can see these records: DIG TXT _DOMAINKEY.VANZA.COM (ANSWERS AS BELOW) [r...@ncode-imss ~]# dig txt dkim1._domainkey.vanaz.com ; DiG 9.3.6-P1-RedHat-9.3.6-4.P1.el5 txt dkim1._domainkey.vanaz.com ;; global options: printcmd ;; Got answer: ;; -HEADERHEADER Eric/Jake, Will re-installing qmail toaster package can solve the problem? Amit At Monday, 29-03-2010 on 21:18 Eric Shubert wrote: Amit, No way to repair qmail-dk, until someone steps up and fixes the code. Check out Jake's videos for a way to use DKIM. In order to disable DK entirely, do: # cd /var/qmail/bin # ln -sf qmail-queue.orig qmail-queue -- -Eric 'shubes' Amit Dalia wrote: Dear Eric, This was outgoing mail from server and occurred first time only. If qmail-dk is broken then is there any way to repair this? Is there any other way to use Domain Key or DKIM with my server? Else how to remove Domain Key from my server. Thanks and regards, Amit At Monday, 29-03-2010 on 20:50 Eric Shubert wrote: Amit Dalia wrote: Dear Team, I have been using Domain Key for one of my domain without any problem from long time. But today 1 server bounced it back mentioning the below error: [] The reason of the delivery failure was: 550 Message does not pass DomainKeys requirements for domain vanaz.com Is my domain key break? Thanks and regards, Amit Perhaps. The qmail-dk program included with QMT is broken in some areas, particularly inbound. While we've been under the impression that signing was working ok, it's entirely possible that there's a bug in there. The safest bet is to simply not use it at all. -- -Eric 'shubes' - Qmailtoaster is sponsored by Vickers Consulting Group (www.vickersconsulting.com [4]) Vickers Consulting Group offers Qmailtoaster support and installations. If you need professional help with your setup, contact them today! - Please visit qmailtoaster.com for the latest news, updates, and packages. To unsubscribe, e-mail: qmailtoaster-list-unsubscr...@qmailtoaster.com For additional commands, e-mail: qmailtoaster-list-h...@qmailtoaster.com -- -Eric 'shubes' - Qmailtoaster is sponsored by Vickers Consulting Group (www.vickersconsulting.com [4]) Vickers Consulting Group offers Qmailtoaster support and installations. If you need professional help with your setup, contact them today! - Please visit qmailtoaster.com for the latest news, updates, and packages. To unsubscribe, e-mail: qmailtoaster-list-unsubscr...@qmailtoaster.com For additional commands, e-mail: qmailtoaster-list-h...@qmailtoaster.com
RE: [qmailtoaster] Re: Mails getting bounced
Make you signconf.xml look like this : dkimsign !-- per default sign all mails using dkim -- global algorithm=rsa-sha1 query=dns keyfile=/var/qmail/control/dkim/global.key method=simple selector=dkim1 types id=dkim / /global vanza.com selector=dkim1 types id=dkim / types id=domainkey method=nofws / /vanza.com /dkimsign From: Amit Dalia [mailto:a...@ikf.co.in] Sent: Monday, April 05, 2010 6:09 PM To: qmailtoaster-list@qmailtoaster.com Subject: RE: [qmailtoaster] Re: Mails getting bounced Dear Anil, Please find my signconf.xml file contains is below: dkimsign !-- per default sign all mails using dkim -- global algorithm=rsa-sha1 domain=/var/qmail/control/me keyfile=/var/qmail/control/dkim/global.key method=simple selector=dkim1 types id=dkim / /global /dkimsign But your file doesn't contain this. So do I modify my file as per you mentioned. Regards, Amit At Monday, 05-04-2010 on 17:39 Anil Aliyan wrote: Dear Amit, Please ignore my last mail about smarthost. Your mail signed by you main mail server should work actually. I have checked your test message and it is signed by DKIM but doesn’t singed for Domainkeys. You need to entry for both in your signconf.xml file: Your file should look like below mentioned example: dkimsign !-- per default sign all mails using dkim -- global algorithm=rsa-sha1 query=dns keyfile=/var/qmail/control/dkim/global.key method=simple selector=dkim1 types id=dkim / /global vanza.com selector=dkim1 types id=dkim / types id=domainkey method=nofws / /vanza.com /dkimsign From: Amit Dalia [mailto:a...@ikf.co.in] Sent: Monday, April 05, 2010 5:30 PM To: qmailtoaster-list@qmailtoaster.com Subject: Re: [qmailtoaster] Re: Mails getting bounced Dear Anil, Please check I had send test mail on your email id. Regards, Amit At Monday, 05-04-2010 on 17:26 Postmaster wrote: It may take a while for the DNS entries to propagate. Send an e-mail with test in the subject line to sa-t...@sendmail.net and you should have a reply with output like this shortly: sendmail.net Sender Authentication Auto-Responder $Revision: 1.19 $ This service runs at mailto:sa-t...@sendmail.net sa-t...@sendmail.net and allows remote users to perform a simple, automated test to see if different Sender Authentication schemes are working. Mail sent to this service is checked by our Sender Authentication filters for any valid credentials or signatures. A script receives the message, checks for a special header with the results of the tests, and composes this response message based on what it finds. This response is also signed with DomainKeys and DomainKeys Identified Mail (DKIM). Please note that the DKIM filter signing this reply message conforms to the latest IETF draft version, and thus may not be successfully verified by older implementations. If you are using dkim-filter from Sendmail, Inc., upgrade to at least version 1.0.0 to be compatible with the most recent version of DKIM. We hope this service has been helpful to you. Authentication System: DomainKeys Identified Mail Result: DKIM signature confirmed GOOD Description: Signature verified, message arrived intact Reporting host: sendmail.net More information: http://mipassoc.org/dkim/ Sendmail milter: https://sourceforge.net/projects/dkim-milter/ Authentication System: Domain Keys Result: DK signature confirmed GOOD Description: Signature verified, message arrived intact Reporting host: sendmail.net More information: http://antispam.yahoo.com/domainkeys Sendmail milter: https://sourceforge.net/projects/domainkeys-milter/ Authentication System: Sender ID Result: SID data confirmed GOOD Description: Sending host is authorized for sending domain Reporting host: sendmail.net More information: http://www.microsoft.com/senderid Sendmail milter: https://sourceforge.net/projects/sid-milter/ Authentication System: Sender Permitted From (SPF) Result: SPF data confirmed GOOD Description: Sending host is authorized for sending domain Reporting host: sendmail.net More information: http://spf.pobox.com/ Regards Alex On 05/04/2010 12:46, Amit Dalia wrote: Dear Anil, Yes I saw that and modified it on my DNS server. Also I had setup DKIM for my server as per Jake Video on settuping up DKIM. I think, I have to check it know whether its working or not, so how
Re: [qmailtoaster] Re: Mails getting bounced
Perhaps you are right, as I said I never looked into having DKIM signing for both domainkey and DKIM. I have both setup seperately and they work alright. Regards Alex On 05/04/2010 13:26, Anil Aliyan wrote: Dear Alex, That’s what I am saying that with DKIM you can sign your mail for both DKIM as well as for DomainKeys. I am using dkim and I don’t have any folder like /var/qmail/control/domainkey instead I have /var/qmail/control/dkim Please look at the last section of the qmail-remote file which replaced by the DKIM installation. It also signs mails for Domainkeys as well: # generate signatures my $sigdone = 0; foreach my $type (keys(%{$conf-{'types'}})) { my $sigconf = $conf-{'types'}-{$type}; *if ($type eq 'dkim')* { $signer-add_signature( new Mail::DKIM::Signature( Algorithm = $sigconf-{'algorithm'} || $conf-{'algorithm'} || $signer-algorithm, Method = $sigconf-{'method'} || $conf-{'method'}|| $signer-method, Headers= $sigconf-{'headers'}|| $conf-{'headers'} || $signer-headers, Domain = $sigconf-{'domain'} || $conf-{'domain'}|| $signer-domain, Selector = $sigconf-{'selector'} || $conf-{'selector'} || $signer-selector, Query = $sigconf-{'query'} || $conf-{'query'}, Identity = $sigconf-{'identity'} || $conf-{'identity'}, Expiration = $sigconf-{'expiration'} || $conf-{'expiration'} ) ); $sigdone = 1; } *elsif ($type eq 'domainkey')* { $signer-add_signature( new Mail::DKIM::DkSignature( Algorithm = 'rsa-sha1', # only rsa-sha1 supported Method = $sigconf-{'method'} || $conf-{'method'} || $signer-method, Headers= $sigconf-{'selector'} || $conf-{'headers'} || $signer-headers, Domain = $sigconf-{'domain'} || $conf-{'domain'} || $signer-domain, Selector = $sigconf-{'selector'} || $conf-{'selector'} || $signer-selector, Query = $sigconf-{'query'}|| $conf-{'query'} ) ); $sigdone = 1; } } return $sigdone; } Regards, Anil Aliyan *From:* Postmaster [mailto:postmas...@seawise-chartering.co.uk] *Sent:* Monday, April 05, 2010 5:48 PM *To:* qmailtoaster-list@qmailtoaster.com *Subject:* Re: [qmailtoaster] Re: Mails getting bounced Anil The file below you are referring is for DKIM and not for Domainkey. For Domainkey tcp.smtp should have the following in order for the outgoing email to be signed: DKSIGN=/var/qmail/control/domainkeys/%//private/ and DKVERIFY= if you have to accept incoming e-mail failing Domainkey Regards Alex On 05/04/2010 13:09, Anil Aliyan wrote: Dear Amit, Please ignore my last mail about smarthost. Your mail signed by you main mail server should work actually. I have checked your test message and it is signed by DKIM but doesn’t singed for Domainkeys. You need to entry for both in your signconf.xml file: Your file should look like below mentioned example: *dkimsign* * !-- per default sign all mails using dkim --* * global algorithm=rsa-sha1 query=dns keyfile=/var/qmail/control/dkim/global.key method=simple selector=dkim1* * types id=dkim /* * /global* * * * vanza.com selector=dkim1* * types id=dkim /* * types id=domainkey method=nofws /* * /vanza.com* * * */dkimsign* *From:* Amit Dalia [mailto:a...@ikf.co.in] *Sent:* Monday, April 05, 2010 5:30 PM *To:* qmailtoaster-list@qmailtoaster.com mailto:qmailtoaster-list@qmailtoaster.com *Subject:* Re: [qmailtoaster] Re: Mails getting bounced Dear Anil, Please check I had send test mail on your email id. Regards, Amit At Monday, 05-04-2010 on 17:26 Postmaster wrote: It may take a while for the DNS entries to propagate. Send an e-mail with test in the subject line to sa-t...@sendmail.net mailto:sa-t...@sendmail.net and you should have a reply with output like this shortly: sendmail.net Sender Authentication Auto-Responder $Revision: 1.19 $ This service runs atsa-t...@sendmail.net mailto:sa-t...@sendmail.net and allows remote users to perform a simple, automated test to see if different Sender Authentication schemes are working. Mail sent to this service is checked by our Sender Authentication filters for any valid credentials or signatures. A script receives the message, checks for a special header with the results of the tests, and composes this response message based on what it finds. This response is also signed with DomainKeys and DomainKeys Identified Mail (DKIM). Please note that the DKIM filter signing this reply message conforms to the latest IETF draft version, and thus may not be successfully verified by older implementations. If you are using dkim-filter from Sendmail, Inc., upgrade to at least version 1.0.0 to be compatible with the
RE: [qmailtoaster] Re: Mails getting bounced
Dear Amit, 1) do I need to remove delete domainkey folder from control? Simply rename the domainkey folder to domain-key or something else , that’s upto you. 2) do I need to modify DKSIGN= in tcp.smtp? You don’t have to make any changes in your tcp.smtp, just keep them as it is. 3) do I need to modify my DNS server entries and if yes then what the new entry I should made? If the DNS entry for dkim1._domainkey.vanza.com is the same key you have generated for DKIM then you need not do anything else. Just keep the same key and same key will be used for verification of botk DKIM and Domainkey. Regards, Anil Aliyan From: Amit Dalia [mailto:a...@ikf.co.in] Sent: Monday, April 05, 2010 6:13 PM To: qmailtoaster-list@qmailtoaster.com Subject: RE: [qmailtoaster] Re: Mails getting bounced Dear Anil, Ok. After modifying this, I have queries: 1) do I need to remove delete domainkey folder from control? 2) do I need to modify DKSIGN= in tcp.smtp? 3) do I need to modify my DNS server entries and if yes then what the new entry I should made? Thanks and regards, Amit At Monday, 05-04-2010 on 18:05 Anil Aliyan wrote: By default singconf.xml file contains on first line as below and only signs for DKIM: dkimsign !-- per default sign all mails using dkim -- global algorithm=rsa-sha1 domain=/var/qmail/control/me keyfile=/var/qmail/control/dkim/global.key method=simple selector=dkim1 types id=dkim / /global /dkimsign But if you want to sign mails for Domainkeys as well then you will have to add one more line just below types id=dkim / and above /global in the above example: types id=domainkey method=nofws / Regards, Anil Aliyan From: Postmaster [mailto:postmas...@seawise-chartering.co.uk] Sent: Monday, April 05, 2010 5:52 PM To: qmailtoaster-list@qmailtoaster.com Subject: Re: [qmailtoaster] Re: Mails getting bounced I have not looked into possibility of having Domainkey and DKIM signed by DKIM as I installed qmailtoaster with Domainkey first and then added DKIM functionality and for this reason I'd keep them separate. Regards Alex On 05/04/2010 13:15, Anil Aliyan wrote: Dear Alex, I do agree with you and we can use two different keys but them you will have to use both DKIM and Domainkeys separately and need to configure them separately. But when DKIM alone can handle both DKIM and Domainkeys with single key its not required to configure serparately. Regards, Anil Aliyan From: Postmaster [mailto:postmas...@seawise-chartering.co.uk] Sent: Monday, April 05, 2010 5:41 PM To: qmailtoaster-list@qmailtoaster.com Subject: Re: [qmailtoaster] Re: Mails getting bounced There is no reason why different keys cannot be used for Domainkey and DKIM. I am using different keys and have had no problems so far. Regards Alex On 05/04/2010 13:01, Anil Aliyan wrote: I have checked both the entries exists but not updated globally yet. BUT BOTH KEYS ARE DIFFERENT, please use one single key for both DKIM and DomainKeys If you run dig command from your server you can see these records: dig txt _domainkey.vanza.com(Answers as Below) [r...@ncode-imss ~]# dig txt dkim1._domainkey.vanaz.com ; DiG 9.3.6-P1-RedHat-9.3.6-4.P1.el5 txt dkim1._domainkey.vanaz.com ;; global options: printcmd ;; Got answer: ;; -HEADER- opcode: QUERY, status: NOERROR, id: 27481 ;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 2, ADDITIONAL: 0 ;; QUESTION SECTION: ;dkim1._domainkey.vanaz.com.IN TXT ;; ANSWER SECTION: dkim1._domainkey.vanaz.com. 3600 IN TXT k=rsa\; p=MEwwDQYJKoZIhvcNAQEBBQADOwAwOAIxAMr0cG1KMKOsR3sNt69ZuqdCPts+mUfBappgKc0qvB+6+X1cXYln9Eq6sikdiIzV4QIDAQAB ;; AUTHORITY SECTION: vanaz.com. 172368 IN NS ns2.iknowledgefactory.com. vanaz.com. 172368 IN NS ns.iknowledgefactory.com. [r...@ncode-imss ~]# dig txt private._domainkey.vanaz.com ; DiG 9.3.6-P1-RedHat-9.3.6-4.P1.el5 txt private._domainkey.vanaz.com ;; global options: printcmd ;; Got answer: ;; -HEADER- opcode: QUERY, status: NOERROR, id: 54065 ;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 0 ;; QUESTION SECTION: ;private._domainkey.vanaz.com. IN TXT ;; ANSWER SECTION: private._domainkey.vanaz.com. 2753 IN TXT k=rsa\; p=MEwwDQYJKoZIhvcNAQEBBQADOwAwOAIxAMOyyYU7C8EPAq5QMKFXWuaEbtS/uCSBaKlCU8bNlpTcIyVZxDvoQJra6um3v9mc5QIDAQAB Regards, Anil Aliyan From: Postmaster [mailto:postmas...@seawise-chartering.co.uk] Sent: Monday, April 05, 2010 5:23 PM To: qmailtoaster-list@qmailtoaster.com Subject: Re: [qmailtoaster] Re: Mails getting bounced There is another problem. You should have two entries for Domainkeys and one entry for DKIM: Domainkey: - _domainkey.vanaz.com - private._domainkey.vanaz.com Please refer to http://wiki.qmailtoaster.com/index.php/Domainkeys DKIM: -
RE: [qmailtoaster] Re: Mails getting bounced
Dear Anil, Yes, dkim1._domainkey.vanaz.com is the same key which I generate for DKIM. Second, right now DKSIGN=/var/qmail/control/%/private. So do I modify it to DKSIGN=. Regards, Amit At Monday, 05-04-2010 on 18:23 Anil Aliyan wrote: Dear Amit, 1) do I need to remove delete domainkey folder from control? SIMPLY RENAME THE DOMAINKEY FOLDER TO DOMAIN-KEY OR SOMETHING ELSE , THAT’S UPTO YOU. 2) do I need to modify DKSIGN= in tcp.smtp? YOU DON’T HAVE TO MAKE ANY CHANGES IN YOUR TCP.SMTP, JUST KEEP THEM AS IT IS. 3) do I need to modify my DNS server entries and if yes then what the new entry I should made? IF THE DNS ENTRY FOR DKIM1._DOMAINKEY.VANZA.COM IS THE SAME KEY YOU HAVE GENERATED FOR DKIM THEN YOU NEED NOT DO ANYTHING ELSE. JUST KEEP THE SAME KEY AND SAME KEY WILL BE USED FOR VERIFICATION OF BOTK DKIM AND DOMAINKEY. Regards, Anil Aliyan FROM: Amit Dalia [mailto:a...@ikf.co.in] SENT: Monday, April 05, 2010 6:13 PM TO: qmailtoaster-list@qmailtoaster.com SUBJECT: RE: [qmailtoaster] Re: Mails getting bounced Dear Anil, Ok. After modifying this, I have queries: 1) do I need to remove delete domainkey folder from control? 2) do I need to modify DKSIGN= in tcp.smtp? 3) do I need to modify my DNS server entries and if yes then what the new entry I should made? Thanks and regards, Amit At Monday, 05-04-2010 on 18:05 Anil Aliyan wrote: By default singconf.xml file contains on first line as below and only signs for DKIM: But if you want to sign mails for Domainkeys as well then you will have to add one more line just below AND ABOVE IN THE ABOVE EXAMPLE: REGARDS, ANIL ALIYAN FROM: Postmaster [mailto:postmas...@seawise-chartering.co.uk] SENT: Monday, April 05, 2010 5:52 PM TO: qmailtoaster-list@qmailtoaster.com SUBJECT: Re: [qmailtoaster] Re: Mails getting bounced I have not looked into possibility of having Domainkey and DKIM signed by DKIM as I installed qmailtoaster with Domainkey first and then added DKIM functionality and for this reason I'd keep them separate. Regards Alex On 05/04/2010 13:15, Anil Aliyan wrote: Dear Alex, I do agree with you and we can use two different keys but them you will have to use both DKIM and Domainkeys separately and need to configure them separately. But when DKIM alone can handle both DKIM and Domainkeys with single key its not required to configure serparately. Regards, Anil Aliyan FROM: Postmaster [mailto:postmas...@seawise-chartering.co.uk] SENT: Monday, April 05, 2010 5:41 PM TO: qmailtoaster-list@qmailtoaster.com SUBJECT: Re: [qmailtoaster] Re: Mails getting bounced There is no reason why different keys cannot be used for Domainkey and DKIM. I am using different keys and have had no problems so far. Regards Alex On 05/04/2010 13:01, Anil Aliyan wrote: I have checked both the entries exists but not updated globally yet. BUT BOTH KEYS ARE DIFFERENT, please use one single key for both DKIM and DomainKeys If you run dig command from your server you can see these records: DIG TXT _DOMAINKEY.VANZA.COM (ANSWERS AS BELOW) [r...@ncode-imss ~]# dig txt dkim1._domainkey.vanaz.com ; DiG 9.3.6-P1-RedHat-9.3.6-4.P1.el5 txt dkim1._domainkey.vanaz.com ;; global options: printcmd ;; Got answer: ;; -HEADERHEADER Eric/Jake, Will re-installing qmail toaster package can solve the problem? Amit At Monday, 29-03-2010 on 21:18 Eric Shubert wrote: Amit, No way to repair qmail-dk, until someone steps up and fixes the code. Check out Jake's videos for a way to use DKIM. In order to disable DK entirely, do: # cd /var/qmail/bin # ln -sf qmail-queue.orig qmail-queue -- -Eric 'shubes' Amit Dalia wrote: Dear Eric, This was outgoing mail from server and occurred first time only. If qmail-dk is broken then is there any way to repair this? Is there any other way to use Domain Key or DKIM with my server? Else how to remove Domain Key from my server. Thanks and regards, Amit At Monday, 29-03-2010 on 20:50 Eric Shubert wrote: Amit Dalia wrote: Dear Team, I have been using Domain Key for one of my domain without any problem from long time. But today 1 server bounced it back mentioning the below error: [] The reason of the delivery failure was: 550 Message does not pass DomainKeys requirements for domain vanaz.com Is my domain key break? Thanks and regards, Amit Perhaps. The qmail-dk program included with QMT is broken in some areas, particularly inbound. While we've been under the impression that signing was working ok, it's entirely possible that there's a bug in there. The safest bet is to simply not use it at all. -- -Eric 'shubes' - Qmailtoaster is sponsored by Vickers Consulting Group (www.vickersconsulting.com [4]) Vickers
RE: [qmailtoaster] Re: Mails getting bounced
That’s nice. If you would have simply renamed the domainkey folder would have served the purpose. Coz if the domainkey folder doesn’t exist that line in the tcp.smtp will not have any effect. Regards, Anil Aliyan From: Amit Dalia [mailto:a...@ikf.co.in] Sent: Monday, April 05, 2010 6:30 PM To: qmailtoaster-list@qmailtoaster.com Subject: RE: [qmailtoaster] Re: Mails getting bounced Dear Anil, Yes, dkim1._domainkey.vanaz.com is the same key which I generate for DKIM. Second, right now DKSIGN=/var/qmail/control/%/private. So do I modify it to DKSIGN=. Regards, Amit At Monday, 05-04-2010 on 18:23 Anil Aliyan wrote: Dear Amit, 1) do I need to remove delete domainkey folder from control? Simply rename the domainkey folder to domain-key or something else , that’s upto you. 2) do I need to modify DKSIGN= in tcp.smtp? You don’t have to make any changes in your tcp.smtp, just keep them as it is. 3) do I need to modify my DNS server entries and if yes then what the new entry I should made? If the DNS entry for dkim1._domainkey.vanza.com is the same key you have generated for DKIM then you need not do anything else. Just keep the same key and same key will be used for verification of botk DKIM and Domainkey. Regards, Anil Aliyan From: Amit Dalia [mailto:a...@ikf.co.in] Sent: Monday, April 05, 2010 6:13 PM To: qmailtoaster-list@qmailtoaster.com Subject: RE: [qmailtoaster] Re: Mails getting bounced Dear Anil, Ok. After modifying this, I have queries: 1) do I need to remove delete domainkey folder from control? 2) do I need to modify DKSIGN= in tcp.smtp? 3) do I need to modify my DNS server entries and if yes then what the new entry I should made? Thanks and regards, Amit At Monday, 05-04-2010 on 18:05 Anil Aliyan wrote: By default singconf.xml file contains on first line as below and only signs for DKIM: dkimsign !-- per default sign all mails using dkim -- global algorithm=rsa-sha1 domain=/var/qmail/control/me keyfile=/var/qmail/control/dkim/global.key method=simple selector=dkim1 types id=dkim / /global /dkimsign But if you want to sign mails for Domainkeys as well then you will have to add one more line just below types id=dkim / and above /global in the above example: types id=domainkey method=nofws / Regards, Anil Aliyan From: Postmaster [mailto:postmas...@seawise-chartering.co.uk] Sent: Monday, April 05, 2010 5:52 PM To: qmailtoaster-list@qmailtoaster.com Subject: Re: [qmailtoaster] Re: Mails getting bounced I have not looked into possibility of having Domainkey and DKIM signed by DKIM as I installed qmailtoaster with Domainkey first and then added DKIM functionality and for this reason I'd keep them separate. Regards Alex On 05/04/2010 13:15, Anil Aliyan wrote: Dear Alex, I do agree with you and we can use two different keys but them you will have to use both DKIM and Domainkeys separately and need to configure them separately. But when DKIM alone can handle both DKIM and Domainkeys with single key its not required to configure serparately. Regards, Anil Aliyan From: Postmaster [mailto:postmas...@seawise-chartering.co.uk] Sent: Monday, April 05, 2010 5:41 PM To: qmailtoaster-list@qmailtoaster.com Subject: Re: [qmailtoaster] Re: Mails getting bounced There is no reason why different keys cannot be used for Domainkey and DKIM. I am using different keys and have had no problems so far. Regards Alex On 05/04/2010 13:01, Anil Aliyan wrote: I have checked both the entries exists but not updated globally yet. BUT BOTH KEYS ARE DIFFERENT, please use one single key for both DKIM and DomainKeys If you run dig command from your server you can see these records: dig txt _domainkey.vanza.com(Answers as Below) [r...@ncode-imss ~]# dig txt dkim1._domainkey.vanaz.com ; DiG 9.3.6-P1-RedHat-9.3.6-4.P1.el5 txt dkim1._domainkey.vanaz.com ;; global options: printcmd ;; Got answer: ;; -HEADER- opcode: QUERY, status: NOERROR, id: 27481 ;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 2, ADDITIONAL: 0 ;; QUESTION SECTION: ;dkim1._domainkey.vanaz.com.IN TXT ;; ANSWER SECTION: dkim1._domainkey.vanaz.com. 3600 IN TXT k=rsa\; p=MEwwDQYJKoZIhvcNAQEBBQADOwAwOAIxAMr0cG1KMKOsR3sNt69ZuqdCPts+mUfBappgKc0qvB+6+X1cXYln9Eq6sikdiIzV4QIDAQAB ;; AUTHORITY SECTION: vanaz.com. 172368 IN NS ns2.iknowledgefactory.com. vanaz.com. 172368 IN NS ns.iknowledgefactory.com. [r...@ncode-imss ~]# dig txt private._domainkey.vanaz.com ; DiG 9.3.6-P1-RedHat-9.3.6-4.P1.el5 txt private._domainkey.vanaz.com ;; global options: printcmd ;; Got answer: ;; -HEADER- opcode: QUERY, status: NOERROR, id: 54065 ;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 0 ;; QUESTION SECTION: ;private._domainkey.vanaz.com. IN TXT ;; ANSWER SECTION:
RE: [qmailtoaster] Re: Mails getting bounced
Now send a test mail to me and yourself and check the headers if you see signatures for both DKIM and Domainkey. From: Amit Dalia [mailto:a...@ikf.co.in] Sent: Monday, April 05, 2010 6:30 PM To: qmailtoaster-list@qmailtoaster.com Subject: RE: [qmailtoaster] Re: Mails getting bounced Dear Anil, Yes, dkim1._domainkey.vanaz.com is the same key which I generate for DKIM. Second, right now DKSIGN=/var/qmail/control/%/private. So do I modify it to DKSIGN=. Regards, Amit At Monday, 05-04-2010 on 18:23 Anil Aliyan wrote: Dear Amit, 1) do I need to remove delete domainkey folder from control? Simply rename the domainkey folder to domain-key or something else , that’s upto you. 2) do I need to modify DKSIGN= in tcp.smtp? You don’t have to make any changes in your tcp.smtp, just keep them as it is. 3) do I need to modify my DNS server entries and if yes then what the new entry I should made? If the DNS entry for dkim1._domainkey.vanza.com is the same key you have generated for DKIM then you need not do anything else. Just keep the same key and same key will be used for verification of botk DKIM and Domainkey. Regards, Anil Aliyan From: Amit Dalia [mailto:a...@ikf.co.in] Sent: Monday, April 05, 2010 6:13 PM To: qmailtoaster-list@qmailtoaster.com Subject: RE: [qmailtoaster] Re: Mails getting bounced Dear Anil, Ok. After modifying this, I have queries: 1) do I need to remove delete domainkey folder from control? 2) do I need to modify DKSIGN= in tcp.smtp? 3) do I need to modify my DNS server entries and if yes then what the new entry I should made? Thanks and regards, Amit At Monday, 05-04-2010 on 18:05 Anil Aliyan wrote: By default singconf.xml file contains on first line as below and only signs for DKIM: dkimsign !-- per default sign all mails using dkim -- global algorithm=rsa-sha1 domain=/var/qmail/control/me keyfile=/var/qmail/control/dkim/global.key method=simple selector=dkim1 types id=dkim / /global /dkimsign But if you want to sign mails for Domainkeys as well then you will have to add one more line just below types id=dkim / and above /global in the above example: types id=domainkey method=nofws / Regards, Anil Aliyan From: Postmaster [mailto:postmas...@seawise-chartering.co.uk] Sent: Monday, April 05, 2010 5:52 PM To: qmailtoaster-list@qmailtoaster.com Subject: Re: [qmailtoaster] Re: Mails getting bounced I have not looked into possibility of having Domainkey and DKIM signed by DKIM as I installed qmailtoaster with Domainkey first and then added DKIM functionality and for this reason I'd keep them separate. Regards Alex On 05/04/2010 13:15, Anil Aliyan wrote: Dear Alex, I do agree with you and we can use two different keys but them you will have to use both DKIM and Domainkeys separately and need to configure them separately. But when DKIM alone can handle both DKIM and Domainkeys with single key its not required to configure serparately. Regards, Anil Aliyan From: Postmaster [mailto:postmas...@seawise-chartering.co.uk] Sent: Monday, April 05, 2010 5:41 PM To: qmailtoaster-list@qmailtoaster.com Subject: Re: [qmailtoaster] Re: Mails getting bounced There is no reason why different keys cannot be used for Domainkey and DKIM. I am using different keys and have had no problems so far. Regards Alex On 05/04/2010 13:01, Anil Aliyan wrote: I have checked both the entries exists but not updated globally yet. BUT BOTH KEYS ARE DIFFERENT, please use one single key for both DKIM and DomainKeys If you run dig command from your server you can see these records: dig txt _domainkey.vanza.com(Answers as Below) [r...@ncode-imss ~]# dig txt dkim1._domainkey.vanaz.com ; DiG 9.3.6-P1-RedHat-9.3.6-4.P1.el5 txt dkim1._domainkey.vanaz.com ;; global options: printcmd ;; Got answer: ;; -HEADER- opcode: QUERY, status: NOERROR, id: 27481 ;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 2, ADDITIONAL: 0 ;; QUESTION SECTION: ;dkim1._domainkey.vanaz.com.IN TXT ;; ANSWER SECTION: dkim1._domainkey.vanaz.com. 3600 IN TXT k=rsa\; p=MEwwDQYJKoZIhvcNAQEBBQADOwAwOAIxAMr0cG1KMKOsR3sNt69ZuqdCPts+mUfBappgKc0qvB+6+X1cXYln9Eq6sikdiIzV4QIDAQAB ;; AUTHORITY SECTION: vanaz.com. 172368 IN NS ns2.iknowledgefactory.com. vanaz.com. 172368 IN NS ns.iknowledgefactory.com. [r...@ncode-imss ~]# dig txt private._domainkey.vanaz.com ; DiG 9.3.6-P1-RedHat-9.3.6-4.P1.el5 txt private._domainkey.vanaz.com ;; global options: printcmd ;; Got answer: ;; -HEADER- opcode: QUERY, status: NOERROR, id: 54065 ;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 0 ;; QUESTION SECTION: ;private._domainkey.vanaz.com. IN TXT ;; ANSWER SECTION: private._domainkey.vanaz.com. 2753 IN TXT k=rsa\;
RE: [qmailtoaster] Re: Mails getting bounced
Dear Anil, Now I'm getting below error: Message not sent. Server replied: Transaction failed 554 qmail-dk: Couldn't read signature file for signing. (#5.3.0) Regards, Amit At Monday, 05-04-2010 on 18:36 Anil Aliyan wrote: That’s nice. If you would have simply renamed the domainkey folder would have served the purpose. Coz if the domainkey folder doesn’t exist that line in the tcp.smtp will not have any effect. Regards, Anil Aliyan FROM: Amit Dalia [mailto:a...@ikf.co.in] SENT: Monday, April 05, 2010 6:30 PM TO: qmailtoaster-list@qmailtoaster.com SUBJECT: RE: [qmailtoaster] Re: Mails getting bounced Dear Anil, Yes, dkim1._domainkey.vanaz.com is the same key which I generate for DKIM. Second, right now DKSIGN=/var/qmail/control/%/private. So do I modify it to DKSIGN=. Regards, Amit At Monday, 05-04-2010 on 18:23 Anil Aliyan wrote: Dear Amit, 1) do I need to remove delete domainkey folder from control? SIMPLY RENAME THE DOMAINKEY FOLDER TO DOMAIN-KEY OR SOMETHING ELSE , THAT’S UPTO YOU. 2) do I need to modify DKSIGN= in tcp.smtp? YOU DON’T HAVE TO MAKE ANY CHANGES IN YOUR TCP.SMTP, JUST KEEP THEM AS IT IS. 3) do I need to modify my DNS server entries and if yes then what the new entry I should made? IF THE DNS ENTRY FOR DKIM1._DOMAINKEY.VANZA.COM IS THE SAME KEY YOU HAVE GENERATED FOR DKIM THEN YOU NEED NOT DO ANYTHING ELSE. JUST KEEP THE SAME KEY AND SAME KEY WILL BE USED FOR VERIFICATION OF BOTK DKIM AND DOMAINKEY. Regards, Anil Aliyan FROM: Amit Dalia [mailto:a...@ikf.co.in] SENT: Monday, April 05, 2010 6:13 PM TO: qmailtoaster-list@qmailtoaster.com SUBJECT: RE: [qmailtoaster] Re: Mails getting bounced Dear Anil, Ok. After modifying this, I have queries: 1) do I need to remove delete domainkey folder from control? 2) do I need to modify DKSIGN= in tcp.smtp? 3) do I need to modify my DNS server entries and if yes then what the new entry I should made? Thanks and regards, Amit At Monday, 05-04-2010 on 18:05 Anil Aliyan wrote: By default singconf.xml file contains on first line as below and only signs for DKIM: But if you want to sign mails for Domainkeys as well then you will have to add one more line just below AND ABOVE IN THE ABOVE EXAMPLE: REGARDS, ANIL ALIYAN FROM: Postmaster [mailto:postmas...@seawise-chartering.co.uk] SENT: Monday, April 05, 2010 5:52 PM TO: qmailtoaster-list@qmailtoaster.com SUBJECT: Re: [qmailtoaster] Re: Mails getting bounced I have not looked into possibility of having Domainkey and DKIM signed by DKIM as I installed qmailtoaster with Domainkey first and then added DKIM functionality and for this reason I'd keep them separate. Regards Alex On 05/04/2010 13:15, Anil Aliyan wrote: Dear Alex, I do agree with you and we can use two different keys but them you will have to use both DKIM and Domainkeys separately and need to configure them separately. But when DKIM alone can handle both DKIM and Domainkeys with single key its not required to configure serparately. Regards, Anil Aliyan FROM: Postmaster [mailto:postmas...@seawise-chartering.co.uk] SENT: Monday, April 05, 2010 5:41 PM TO: qmailtoaster-list@qmailtoaster.com SUBJECT: Re: [qmailtoaster] Re: Mails getting bounced There is no reason why different keys cannot be used for Domainkey and DKIM. I am using different keys and have had no problems so far. Regards Alex On 05/04/2010 13:01, Anil Aliyan wrote: I have checked both the entries exists but not updated globally yet. BUT BOTH KEYS ARE DIFFERENT, please use one single key for both DKIM and DomainKeys If you run dig command from your server you can see these records: DIG TXT _DOMAINKEY.VANZA.COM (ANSWERS AS BELOW) [r...@ncode-imss ~]# dig txt dkim1._domainkey.vanaz.com ; DiG 9.3.6-P1-RedHat-9.3.6-4.P1.el5 txt dkim1._domainkey.vanaz.com ;; global options: printcmd ;; Got answer: ;; -HEADERHEADER Eric/Jake, Will re-installing qmail toaster package can solve the problem? Amit At Monday, 29-03-2010 on 21:18 Eric Shubert wrote: Amit, No way to repair qmail-dk, until someone steps up and fixes the code. Check out Jake's videos for a way to use DKIM. In order to disable DK entirely, do: # cd /var/qmail/bin # ln -sf qmail-queue.orig qmail-queue -- -Eric 'shubes' Amit Dalia wrote: Dear Eric, This was outgoing mail from server and occurred first time only. If qmail-dk is broken then is there any way to repair this? Is there any other way to use Domain Key or DKIM with my server? Else how to remove Domain Key from my server. Thanks and regards, Amit At Monday, 29-03-2010 on 20:50 Eric Shubert wrote: Amit Dalia wrote: Dear Team, I have been using Domain Key for one of my domain without any problem from long time. But today 1 server bounced it back mentioning the below error: [] The reason of the delivery failure was:
RE: [qmailtoaster] Re: Mails getting bounced
Done. Sorry I had forgot to do qmailctl cdb. Anyway Anil please check whether you received my mail or not. Regards, Amit At Monday, 05-04-2010 on 18:36 Anil Aliyan wrote: That’s nice. If you would have simply renamed the domainkey folder would have served the purpose. Coz if the domainkey folder doesn’t exist that line in the tcp.smtp will not have any effect. Regards, Anil Aliyan FROM: Amit Dalia [mailto:a...@ikf.co.in] SENT: Monday, April 05, 2010 6:30 PM TO: qmailtoaster-list@qmailtoaster.com SUBJECT: RE: [qmailtoaster] Re: Mails getting bounced Dear Anil, Yes, dkim1._domainkey.vanaz.com is the same key which I generate for DKIM. Second, right now DKSIGN=/var/qmail/control/%/private. So do I modify it to DKSIGN=. Regards, Amit At Monday, 05-04-2010 on 18:23 Anil Aliyan wrote: Dear Amit, 1) do I need to remove delete domainkey folder from control? SIMPLY RENAME THE DOMAINKEY FOLDER TO DOMAIN-KEY OR SOMETHING ELSE , THAT’S UPTO YOU. 2) do I need to modify DKSIGN= in tcp.smtp? YOU DON’T HAVE TO MAKE ANY CHANGES IN YOUR TCP.SMTP, JUST KEEP THEM AS IT IS. 3) do I need to modify my DNS server entries and if yes then what the new entry I should made? IF THE DNS ENTRY FOR DKIM1._DOMAINKEY.VANZA.COM IS THE SAME KEY YOU HAVE GENERATED FOR DKIM THEN YOU NEED NOT DO ANYTHING ELSE. JUST KEEP THE SAME KEY AND SAME KEY WILL BE USED FOR VERIFICATION OF BOTK DKIM AND DOMAINKEY. Regards, Anil Aliyan FROM: Amit Dalia [mailto:a...@ikf.co.in] SENT: Monday, April 05, 2010 6:13 PM TO: qmailtoaster-list@qmailtoaster.com SUBJECT: RE: [qmailtoaster] Re: Mails getting bounced Dear Anil, Ok. After modifying this, I have queries: 1) do I need to remove delete domainkey folder from control? 2) do I need to modify DKSIGN= in tcp.smtp? 3) do I need to modify my DNS server entries and if yes then what the new entry I should made? Thanks and regards, Amit At Monday, 05-04-2010 on 18:05 Anil Aliyan wrote: By default singconf.xml file contains on first line as below and only signs for DKIM: But if you want to sign mails for Domainkeys as well then you will have to add one more line just below AND ABOVE IN THE ABOVE EXAMPLE: REGARDS, ANIL ALIYAN FROM: Postmaster [mailto:postmas...@seawise-chartering.co.uk] SENT: Monday, April 05, 2010 5:52 PM TO: qmailtoaster-list@qmailtoaster.com SUBJECT: Re: [qmailtoaster] Re: Mails getting bounced I have not looked into possibility of having Domainkey and DKIM signed by DKIM as I installed qmailtoaster with Domainkey first and then added DKIM functionality and for this reason I'd keep them separate. Regards Alex On 05/04/2010 13:15, Anil Aliyan wrote: Dear Alex, I do agree with you and we can use two different keys but them you will have to use both DKIM and Domainkeys separately and need to configure them separately. But when DKIM alone can handle both DKIM and Domainkeys with single key its not required to configure serparately. Regards, Anil Aliyan FROM: Postmaster [mailto:postmas...@seawise-chartering.co.uk] SENT: Monday, April 05, 2010 5:41 PM TO: qmailtoaster-list@qmailtoaster.com SUBJECT: Re: [qmailtoaster] Re: Mails getting bounced There is no reason why different keys cannot be used for Domainkey and DKIM. I am using different keys and have had no problems so far. Regards Alex On 05/04/2010 13:01, Anil Aliyan wrote: I have checked both the entries exists but not updated globally yet. BUT BOTH KEYS ARE DIFFERENT, please use one single key for both DKIM and DomainKeys If you run dig command from your server you can see these records: DIG TXT _DOMAINKEY.VANZA.COM (ANSWERS AS BELOW) [r...@ncode-imss ~]# dig txt dkim1._domainkey.vanaz.com ; DiG 9.3.6-P1-RedHat-9.3.6-4.P1.el5 txt dkim1._domainkey.vanaz.com ;; global options: printcmd ;; Got answer: ;; -HEADERHEADER Eric/Jake, Will re-installing qmail toaster package can solve the problem? Amit At Monday, 29-03-2010 on 21:18 Eric Shubert wrote: Amit, No way to repair qmail-dk, until someone steps up and fixes the code. Check out Jake's videos for a way to use DKIM. In order to disable DK entirely, do: # cd /var/qmail/bin # ln -sf qmail-queue.orig qmail-queue -- -Eric 'shubes' Amit Dalia wrote: Dear Eric, This was outgoing mail from server and occurred first time only. If qmail-dk is broken then is there any way to repair this? Is there any other way to use Domain Key or DKIM with my server? Else how to remove Domain Key from my server. Thanks and regards, Amit At Monday, 29-03-2010 on 20:50 Eric Shubert wrote: Amit Dalia wrote: Dear Team, I have been using Domain Key for one of my domain without any problem from long time. But today 1 server bounced it back mentioning the below error: [] The reason of the delivery failure was: 550 Message does not pass DomainKeys requirements
RE: [qmailtoaster] Re: Mails getting bounced
Dear Anil / Alex, Thanks a lot for all your help. This mailing is really great. Regards, Amit At Monday, 05-04-2010 on 19:04 Anil Aliyan wrote: OK I got ur mail and it has both the signatures its working man. Try sending some test message to any of yours account on gmail and yahoo then check the headers. Regards, Anil Aliyan FROM: Amit Dalia [mailto:a...@ikf.co.in] SENT: Monday, April 05, 2010 6:44 PM TO: qmailtoaster-list@qmailtoaster.com SUBJECT: RE: [qmailtoaster] Re: Mails getting bounced Done. Sorry I had forgot to do qmailctl cdb. Anyway Anil please check whether you received my mail or not. Regards, Amit At Monday, 05-04-2010 on 18:36 Anil Aliyan wrote: That’s nice. If you would have simply renamed the domainkey folder would have served the purpose. Coz if the domainkey folder doesn’t exist that line in the tcp.smtp will not have any effect. Regards, Anil Aliyan FROM: Amit Dalia [mailto:a...@ikf.co.in] SENT: Monday, April 05, 2010 6:30 PM TO: qmailtoaster-list@qmailtoaster.com SUBJECT: RE: [qmailtoaster] Re: Mails getting bounced Dear Anil, Yes, dkim1._domainkey.vanaz.com is the same key which I generate for DKIM. Second, right now DKSIGN=/var/qmail/control/%/private. So do I modify it to DKSIGN=. Regards, Amit At Monday, 05-04-2010 on 18:23 Anil Aliyan wrote: Dear Amit, 1) do I need to remove delete domainkey folder from control? SIMPLY RENAME THE DOMAINKEY FOLDER TO DOMAIN-KEY OR SOMETHING ELSE , THAT’S UPTO YOU. 2) do I need to modify DKSIGN= in tcp.smtp? YOU DON’T HAVE TO MAKE ANY CHANGES IN YOUR TCP.SMTP, JUST KEEP THEM AS IT IS. 3) do I need to modify my DNS server entries and if yes then what the new entry I should made? IF THE DNS ENTRY FOR DKIM1._DOMAINKEY.VANZA.COM IS THE SAME KEY YOU HAVE GENERATED FOR DKIM THEN YOU NEED NOT DO ANYTHING ELSE. JUST KEEP THE SAME KEY AND SAME KEY WILL BE USED FOR VERIFICATION OF BOTK DKIM AND DOMAINKEY. Regards, Anil Aliyan FROM: Amit Dalia [mailto:a...@ikf.co.in] SENT: Monday, April 05, 2010 6:13 PM TO: qmailtoaster-list@qmailtoaster.com SUBJECT: RE: [qmailtoaster] Re: Mails getting bounced Dear Anil, Ok. After modifying this, I have queries: 1) do I need to remove delete domainkey folder from control? 2) do I need to modify DKSIGN= in tcp.smtp? 3) do I need to modify my DNS server entries and if yes then what the new entry I should made? Thanks and regards, Amit At Monday, 05-04-2010 on 18:05 Anil Aliyan wrote: By default singconf.xml file contains on first line as below and only signs for DKIM: But if you want to sign mails for Domainkeys as well then you will have to add one more line just below AND ABOVE IN THE ABOVE EXAMPLE: REGARDS, ANIL ALIYAN FROM: Postmaster [mailto:postmas...@seawise-chartering.co.uk] SENT: Monday, April 05, 2010 5:52 PM TO: qmailtoaster-list@qmailtoaster.com SUBJECT: Re: [qmailtoaster] Re: Mails getting bounced I have not looked into possibility of having Domainkey and DKIM signed by DKIM as I installed qmailtoaster with Domainkey first and then added DKIM functionality and for this reason I'd keep them separate. Regards Alex On 05/04/2010 13:15, Anil Aliyan wrote: Dear Alex, I do agree with you and we can use two different keys but them you will have to use both DKIM and Domainkeys separately and need to configure them separately. But when DKIM alone can handle both DKIM and Domainkeys with single key its not required to configure serparately. Regards, Anil Aliyan FROM: Postmaster [mailto:postmas...@seawise-chartering.co.uk] SENT: Monday, April 05, 2010 5:41 PM TO: qmailtoaster-list@qmailtoaster.com SUBJECT: Re: [qmailtoaster] Re: Mails getting bounced There is no reason why different keys cannot be used for Domainkey and DKIM. I am using different keys and have had no problems so far. Regards Alex On 05/04/2010 13:01, Anil Aliyan wrote: I have checked both the entries exists but not updated globally yet. BUT BOTH KEYS ARE DIFFERENT, please use one single key for both DKIM and DomainKeys If you run dig command from your server you can see these records: DIG TXT _DOMAINKEY.VANZA.COM (ANSWERS AS BELOW) [r...@ncode-imss ~]# dig txt dkim1._domainkey.vanaz.com ; DiG 9.3.6-P1-RedHat-9.3.6-4.P1.el5 txt dkim1._domainkey.vanaz.com ;; global options: printcmd ;; Got answer: ;; -HEADERHEADER Eric/Jake, Will re-installing qmail toaster package can solve the problem? Amit At Monday, 29-03-2010 on 21:18 Eric Shubert wrote: Amit, No way to repair qmail-dk, until someone steps up and fixes the code. Check out Jake's videos for a way to use DKIM. In order to disable DK entirely, do: # cd /var/qmail/bin # ln -sf qmail-queue.orig qmail-queue -- -Eric 'shubes' Amit Dalia wrote: Dear Eric, This was outgoing mail from server and occurred first time only. If qmail-dk is broken then is there any
RE: [qmailtoaster] Re: Mails getting bounced
Hi, Now I'm able to see signature in my mails, but also getting error. Please see details below: DomainKey-Signature: a=rsa-sha1; c=nofws; d=mailserver; h=to:subject :mime-version:date:from:cc:message-id:content-type; q=dns; s= dkim1; b=EJJf493aRwtpqumbElVUhczVFtJi4Y+XhG9rcW5lMMvMQe5rQJsV5BE BF/QITML9 DKIM-Signature: v=1; a=rsa-sha1; c=simple; d=mailserver; h=to:subject :mime-version:date:from:cc:message-id:content-type; q=dns; s= dkim1; bh=FNfmzKx9JuLnfrW3zJJj57jDbkc=; b=Mpco6Xx/zZkP0IxiYSZiNk RHuFuGDzOMsJdmkkw+YIYygZiWN4a33AeFk1kXbXrW Authentication-Results: mta179.mail.ac4.yahoo.com from=vanaz.com; domainkeys=fail (bad syntax); from=mailserver; dkim=permerror (no key) Regards, Amit At Monday, 05-04-2010 on 19:04 Anil Aliyan wrote: OK I got ur mail and it has both the signatures its working man. Try sending some test message to any of yours account on gmail and yahoo then check the headers. Regards, Anil Aliyan FROM: Amit Dalia [mailto:a...@ikf.co.in] SENT: Monday, April 05, 2010 6:44 PM TO: qmailtoaster-list@qmailtoaster.com SUBJECT: RE: [qmailtoaster] Re: Mails getting bounced Done. Sorry I had forgot to do qmailctl cdb. Anyway Anil please check whether you received my mail or not. Regards, Amit At Monday, 05-04-2010 on 18:36 Anil Aliyan wrote: That’s nice. If you would have simply renamed the domainkey folder would have served the purpose. Coz if the domainkey folder doesn’t exist that line in the tcp.smtp will not have any effect. Regards, Anil Aliyan FROM: Amit Dalia [mailto:a...@ikf.co.in] SENT: Monday, April 05, 2010 6:30 PM TO: qmailtoaster-list@qmailtoaster.com SUBJECT: RE: [qmailtoaster] Re: Mails getting bounced Dear Anil, Yes, dkim1._domainkey.vanaz.com is the same key which I generate for DKIM. Second, right now DKSIGN=/var/qmail/control/%/private. So do I modify it to DKSIGN=. Regards, Amit At Monday, 05-04-2010 on 18:23 Anil Aliyan wrote: Dear Amit, 1) do I need to remove delete domainkey folder from control? SIMPLY RENAME THE DOMAINKEY FOLDER TO DOMAIN-KEY OR SOMETHING ELSE , THAT’S UPTO YOU. 2) do I need to modify DKSIGN= in tcp.smtp? YOU DON’T HAVE TO MAKE ANY CHANGES IN YOUR TCP.SMTP, JUST KEEP THEM AS IT IS. 3) do I need to modify my DNS server entries and if yes then what the new entry I should made? IF THE DNS ENTRY FOR DKIM1._DOMAINKEY.VANZA.COM IS THE SAME KEY YOU HAVE GENERATED FOR DKIM THEN YOU NEED NOT DO ANYTHING ELSE. JUST KEEP THE SAME KEY AND SAME KEY WILL BE USED FOR VERIFICATION OF BOTK DKIM AND DOMAINKEY. Regards, Anil Aliyan FROM: Amit Dalia [mailto:a...@ikf.co.in] SENT: Monday, April 05, 2010 6:13 PM TO: qmailtoaster-list@qmailtoaster.com SUBJECT: RE: [qmailtoaster] Re: Mails getting bounced Dear Anil, Ok. After modifying this, I have queries: 1) do I need to remove delete domainkey folder from control? 2) do I need to modify DKSIGN= in tcp.smtp? 3) do I need to modify my DNS server entries and if yes then what the new entry I should made? Thanks and regards, Amit At Monday, 05-04-2010 on 18:05 Anil Aliyan wrote: By default singconf.xml file contains on first line as below and only signs for DKIM: But if you want to sign mails for Domainkeys as well then you will have to add one more line just below AND ABOVE IN THE ABOVE EXAMPLE: REGARDS, ANIL ALIYAN FROM: Postmaster [mailto:postmas...@seawise-chartering.co.uk] SENT: Monday, April 05, 2010 5:52 PM TO: qmailtoaster-list@qmailtoaster.com SUBJECT: Re: [qmailtoaster] Re: Mails getting bounced I have not looked into possibility of having Domainkey and DKIM signed by DKIM as I installed qmailtoaster with Domainkey first and then added DKIM functionality and for this reason I'd keep them separate. Regards Alex On 05/04/2010 13:15, Anil Aliyan wrote: Dear Alex, I do agree with you and we can use two different keys but them you will have to use both DKIM and Domainkeys separately and need to configure them separately. But when DKIM alone can handle both DKIM and Domainkeys with single key its not required to configure serparately. Regards, Anil Aliyan FROM: Postmaster [mailto:postmas...@seawise-chartering.co.uk] SENT: Monday, April 05, 2010 5:41 PM TO: qmailtoaster-list@qmailtoaster.com SUBJECT: Re: [qmailtoaster] Re: Mails getting bounced There is no reason why different keys cannot be used for Domainkey and DKIM. I am using different keys and have had no problems so far. Regards Alex On 05/04/2010 13:01, Anil Aliyan wrote: I have checked both the entries exists but not updated globally yet. BUT BOTH KEYS ARE DIFFERENT, please use one single key for both DKIM and DomainKeys If you run dig command from your server you can see these records: DIG TXT _DOMAINKEY.VANZA.COM (ANSWERS AS BELOW) [r...@ncode-imss ~]# dig
Re: [qmailtoaster] Re: Mails getting bounced
Sorry again. Better I'll wait and check it after 2-3 days. Regards, Amit At Monday, 05-04-2010 on 20:44 Postmaster wrote: Amit, I think we have discussed it before. You should wait for several days for your DNS to propagate and all DNS caches to renew data. Personally, I cannot see your new TXT entries into your DNS and I am sure I am not alone. Regards Alex On 05/04/2010 16:08, Amit Dalia wrote: Hi, Now I'm able to see signature in my mails, but also getting error. Please see details below: DomainKey-Signature: a=rsa-sha1; c=nofws; d=mailserver; h=to:subject :mime-version:date:from:cc:message-id:content-type; q=dns; s= dkim1; b=EJJf493aRwtpqumbElVUhczVFtJi4Y+XhG9rcW5lMMvMQe5rQJsV5BE BF/QITML9 DKIM-Signature: v=1; a=rsa-sha1; c=simple; d=mailserver; h=to:subject :mime-version:date:from:cc:message-id:content-type; q=dns; s= dkim1; bh=FNfmzKx9JuLnfrW3zJJj57jDbkc=; b=Mpco6Xx/zZkP0IxiYSZiNk RHuFuGDzOMsJdmkkw+YIYygZiWN4a33AeFk1kXbXrW Authentication-Results: mta179.mail.ac4.yahoo.com from=vanaz.com; domainkeys=fail (bad syntax); from=mailserver; dkim=permerror (no key) Regards, Amit At Monday, 05-04-2010 on 19:04 Anil Aliyan wrote: OK I got ur mail and it has both the signatures its working man. Try sending some test message to any of yours account on gmail and yahoo then check the headers. Regards, Anil Aliyan FROM: Amit Dalia [mailto:a...@ikf.co.in] SENT: Monday, April 05, 2010 6:44 PM TO: qmailtoaster-list@qmailtoaster.com SUBJECT: RE: [qmailtoaster] Re: Mails getting bounced Done. Sorry I had forgot to do qmailctl cdb. Anyway Anil please check whether you received my mail or not. Regards, Amit At Monday, 05-04-2010 on 18:36 Anil Aliyan wrote: That’s nice. If you would have simply renamed the domainkey folder would have served the purpose. Coz if the domainkey folder doesn’t exist that line in the tcp.smtp will not have any effect. Regards, Anil Aliyan FROM: Amit Dalia [mailto:a...@ikf.co.in] SENT: Monday, April 05, 2010 6:30 PM TO: qmailtoaster-list@qmailtoaster.com SUBJECT: RE: [qmailtoaster] Re: Mails getting bounced Dear Anil, Yes, dkim1._domainkey.vanaz.com is the same key which I generate for DKIM. Second, right now DKSIGN=/var/qmail/control/%/private. So do I modify it to DKSIGN=. Regards, Amit At Monday, 05-04-2010 on 18:23 Anil Aliyan wrote: Dear Amit, 1) do I need to remove delete domainkey folder from control? SIMPLY RENAME THE DOMAINKEY FOLDER TO DOMAIN-KEY OR SOMETHING ELSE , THAT’S UPTO YOU. 2) do I need to modify DKSIGN= in tcp.smtp? YOU DON’T HAVE TO MAKE ANY CHANGES IN YOUR TCP.SMTP, JUST KEEP THEM AS IT IS. 3) do I need to modify my DNS server entries and if yes then what the new entry I should made? IF THE DNS ENTRY FOR DKIM1._DOMAINKEY.VANZA.COM IS THE SAME KEY YOU HAVE GENERATED FOR DKIM THEN YOU NEED NOT DO ANYTHING ELSE. JUST KEEP THE SAME KEY AND SAME KEY WILL BE USED FOR VERIFICATION OF BOTK DKIM AND DOMAINKEY. Regards, Anil Aliyan FROM: Amit Dalia [mailto:a...@ikf.co.in] SENT: Monday, April 05, 2010 6:13 PM TO: qmailtoaster-list@qmailtoaster.com SUBJECT: RE: [qmailtoaster] Re: Mails getting bounced Dear Anil, Ok. After modifying this, I have queries: 1) do I need to remove delete domainkey folder from control? 2) do I need to modify DKSIGN= in tcp.smtp? 3) do I need to modify my DNS server entries and if yes then what the new entry I should made? Thanks and regards, Amit At Monday, 05-04-2010 on 18:05 Anil Aliyan wrote: By default singconf.xml file contains on first line as below and only signs for DKIM: But if you want to sign mails for Domainkeys as well then you will have to add one more line just below AND ABOVE IN THE ABOVE EXAMPLE: REGARDS, ANIL ALIYAN FROM: Postmaster [mailto:postmas...@seawise-chartering.co.uk] SENT: Monday, April 05, 2010 5:52 PM TO: qmailtoaster-list@qmailtoaster.com SUBJECT: Re: [qmailtoaster] Re: Mails getting bounced I have not looked into possibility of having Domainkey and DKIM signed by DKIM as I installed qmailtoaster with Domainkey first and then added DKIM functionality and for this reason I'd keep them separate. Regards Alex On 05/04/2010 13:15, Anil Aliyan wrote: Dear Alex, I do agree with you and we can use two different keys but them you will have to use both DKIM and Domainkeys separately and need to configure them separately. But when DKIM alone can handle both DKIM and Domainkeys with single key its not required to configure serparately. Regards, Anil Aliyan FROM: Postmaster [mailto:postmas...@seawise-chartering.co.uk] SENT: Monday, April 05, 2010 5:41 PM TO: qmailtoaster-list@qmailtoaster.com SUBJECT: Re: [qmailtoaster] Re: Mails getting bounced There is no reason why different keys cannot be used for Domainkey and DKIM. I am using
[qmailtoaster] Qmailtoaster videos - major change!
Hopefully everyone will read this: First off, I've been sick the last week or two, so the videos are a day or two behind. Once I'm able to record without coughing through the whole thing, I'll get a new video out - hopefully in the next day or two. Anyway, I've also been thinking quite a bit on the video site, and am going to implement some major changes. The rest of this email will be kinda long-winded and detailed, so if you're just interested in the end results, skip to the last paragraph when I recap ;) Do you realize it's been almost a year already? As I have been recording the videos, I have been learning a lot myself. First thing I learned is that the credit card processing companies are rackets. Authorize.net is the worst - did you know when you enter your credit card information and it gets rejected for *whatever* reason, I still get charged (all said and done) $1.57 for the transaction, even though it failed and I didn't actually receive any funds? I had a user run his card 50 times in a day! And never even completed a sale! So one guy racked up $78USD in charges for me, and he never did pay for the subscription. Authorize.net was *very* unhelpful in the process. As such, the first change I am going to make to the video site is using a different credit card processor and also include PayPal transactions. To go hand-in-hand with this, there will no longer be a subscription service. The videos that you require a subscription to view now will be individually priced. I will still continue to produce free videos just like I always have, but the special videos will have an individual price - I am targeting $4 - $8 for the premium videos. I need to sit down and figure out service charges for PayPal and the credit card processor to find out where the actual price break will need to be, factoring in server costs as well. For those that have a current subscription - it's still active. I canceled the recurring fee so once the subscription runs out, it's done. I will continue to produce videos the week of June 29th, when the last currently paid for subscription runs out. At that point I will transition everything to the new system. I will actually be transferring the videos to the new system (and new server!) during this time frame so that once the June 29th week hits, it should juts be a quick change in DNS to redirect everyone to the new server. For those that want to see some of the premium videos NOW, email me off-list and let me know which video. We can work out something. For those that want ALL the videos, email me off-list. I'm considering mailing DVDs with copies of all the videos on them and we can discuss this possibility. Now the second thing I learned from this project, is that I have a **lot** of topics I would love to produce videos on that are not Qmailtoaster specific. To go hand-in-hand with the above shopping cart changes, I am also going to transition the site to a more Linux-general site instead of Qmailtoaster specific. I will still do Qmailtoaster videos! I just want to have the flexibility to do videos on other topics that are not Qmailtoaster specific as well (I've been itching to do a video on OpenVPN for several months now, as well as Bind!). So when I move everything to the new server, the format/theme will change to be more Linux in general versus Qmailtoaster specific. I think this will benefit everyone who visits. The third thing I learned is that finding time to do a video every week is difficult! With the economy changes, family, house projects, etc. there are just not enough hours in the day. I would get spells where I could knock out 2 or 3 videos in a day so I was stocked up for a few weeks, but then when it came time to record again I was jammed up with something else that required my attention. So I will not promise to produce a video every week, but will get videos posted regularly. Since the new system will allow you to purchase each video individually, this will allow you to purchase videos as you wish and/or as they are released - hopefully those two points meet! For those that skipped to the last paragraph, here's the recap: The video site is going to transition to a more Linux-general video site but will still produce Qmailtoaster videos. Videos will no longer be a subscription service - there will be free videos and there will be premium videos that can be purchased individually. I will continue to produce Qmailtoaster only videos until June 29th. At that point it will transition to the new site. The Qmailtoaster videos will follow over to the new site. You will have more options for purchasing videos, such as PayPal. Thanks for everyone's support! - Qmailtoaster is sponsored by Vickers Consulting Group (www.vickersconsulting.com) Vickers Consulting Group offers Qmailtoaster support and installations.
Re: [qmailtoaster] Re: X-SPAM Headers missing from emails
I followed the spamdyke installation here: http://wiki.qmailtoaster.com/index.php/Spamdyke http://wiki.qmailtoaster.com/index.php/SpamdykeEverything seemed to be working fine, except, unfortunately it broke TLS on SMTP so I had to disable it. with spamdyke: Starting TLS... STARTTLS [220] 'Proceed.' Using cipher: AES256-SHA Then the email would get delivered without TLS in the header. When I disabled spamdyke again: Starting TLS... STARTTLS [220] 'ready for tls' Using cipher: DHE-RSA-AES256-SHA The email headers confirmed it successfully encrypted during smtp session. Right now I have it off... any idea why this might have happened? Thanks On Mon, Mar 29, 2010 at 3:02 PM, Eric Shubert e...@shubes.net wrote: Also check your /var/qmail/control/simcontrol file. Should be set to scan by default though. Does smtp or spamd log show any result of scanning? BTW, I highly recommend using spamdyke. That will reject 80+% of spam without even receiving it, so spamassassin and clamav have a lot less work to do. Your server will breath easier. -- -Eric 'shubes' Postmaster wrote: Have you tried spamassassin -D --lint Also see if you have all necessary plugins uncommented/perl dependencies. Regards Alex On 29/03/2010 19:16, George Alexander wrote: I recently moved my mailserver from an old qmailtoaster install to the newest (as of right now). The only things that stayed from the old server were the contents of /home/vpopmail/domains/mydomain.tld The server is setup on CentOS 5.4 64bit from scratch following the guide on the wiki. We're still getting email, and everything is working fine on the new server, except some spam keeps coming in. Normally I would now go adjust scores in 50_scores.cf http://50_scores.cf to ensure it doesn't come in anymore, but there are no spam headers on the email for me to look at the tests that the spam passed. What do I need to do to make sure they're there? Here's my /etc/tcprules.d/tcp.smtp 127.:allow,RELAYCLIENT=,DKSIGN=/var/qmail/control/domainkeys/%/private,RBLSMTPD=,NOP0FCHECK=1 :allow,BADMIMETYPE=,BADLOADERTYPE=M,CHKUSER_RCPTLIMIT=50,CHKUSER_WRONGRCPTLIMIT=10,QMAILQUEUE=/var/qmail/bin/simscan,DKSIGN=/var/qmail/control/domainkeys/%/private,NOP0FCHECK=1 Here's my /etc/mail/spamassassin/local.cf http://local.cf ok_locales all skip_rbl_checks 1 required_score 5 report_safe 0 rewrite_header Subject ***SPAM*** use_pyzor 1 use_auto_whitelist 1 use_bayes 1 use_bayes_rules 1 bayes_auto_learn 1 Anybody else have any ideas? thanks - Qmailtoaster is sponsored by Vickers Consulting Group ( www.vickersconsulting.com) Vickers Consulting Group offers Qmailtoaster support and installations. If you need professional help with your setup, contact them today! - Please visit qmailtoaster.com for the latest news, updates, and packages. To unsubscribe, e-mail: qmailtoaster-list-unsubscr...@qmailtoaster.com For additional commands, e-mail: qmailtoaster-list-h...@qmailtoaster.com
[qmailtoaster] Re: X-SPAM Headers missing from emails
Spamdyke doesn't log or alter headers when it does TLS. It's not broken, it just doesn't show you what's going on like qmail-smtp does with TLS. Since spamdyke is doing TLS with the sender, it does not subsequently do TLS with qmail-smtpd, which is what puts the TLS messages in the header. See http://spamdyke.org/documentation/README.html#TLS for details. George Alexander wrote: I followed the spamdyke installation here: http://wiki.qmailtoaster.com/index.php/Spamdyke http://wiki.qmailtoaster.com/index.php/SpamdykeEverything seemed to be working fine, except, unfortunately it broke TLS on SMTP so I had to disable it. with spamdyke: Starting TLS... STARTTLS [220] 'Proceed.' Using cipher: AES256-SHA Then the email would get delivered without TLS in the header. When I disabled spamdyke again: Starting TLS... STARTTLS [220] 'ready for tls' Using cipher: DHE-RSA-AES256-SHA The email headers confirmed it successfully encrypted during smtp session. Right now I have it off... any idea why this might have happened? Thanks On Mon, Mar 29, 2010 at 3:02 PM, Eric Shubert e...@shubes.net mailto:e...@shubes.net wrote: Also check your /var/qmail/control/simcontrol file. Should be set to scan by default though. Does smtp or spamd log show any result of scanning? BTW, I highly recommend using spamdyke. That will reject 80+% of spam without even receiving it, so spamassassin and clamav have a lot less work to do. Your server will breath easier. -- -Eric 'shubes' Postmaster wrote: Have you tried spamassassin -D --lint Also see if you have all necessary plugins uncommented/perl dependencies. Regards Alex On 29/03/2010 19:16, George Alexander wrote: I recently moved my mailserver from an old qmailtoaster install to the newest (as of right now). The only things that stayed from the old server were the contents of /home/vpopmail/domains/mydomain.tld The server is setup on CentOS 5.4 64bit from scratch following the guide on the wiki. We're still getting email, and everything is working fine on the new server, except some spam keeps coming in. Normally I would now go adjust scores in 50_scores.cf http://50_scores.cf http://50_scores.cf to ensure it doesn't come in anymore, but there are no spam headers on the email for me to look at the tests that the spam passed. What do I need to do to make sure they're there? Here's my /etc/tcprules.d/tcp.smtp 127.:allow,RELAYCLIENT=,DKSIGN=/var/qmail/control/domainkeys/%/private,RBLSMTPD=,NOP0FCHECK=1 :allow,BADMIMETYPE=,BADLOADERTYPE=M,CHKUSER_RCPTLIMIT=50,CHKUSER_WRONGRCPTLIMIT=10,QMAILQUEUE=/var/qmail/bin/simscan,DKSIGN=/var/qmail/control/domainkeys/%/private,NOP0FCHECK=1 Here's my /etc/mail/spamassassin/local.cf http://local.cf http://local.cf ok_locales all skip_rbl_checks 1 required_score 5 report_safe 0 rewrite_header Subject ***SPAM*** use_pyzor 1 use_auto_whitelist 1 use_bayes 1 use_bayes_rules 1 bayes_auto_learn 1 Anybody else have any ideas? thanks - Qmailtoaster is sponsored by Vickers Consulting Group (www.vickersconsulting.com http://www.vickersconsulting.com) Vickers Consulting Group offers Qmailtoaster support and installations. If you need professional help with your setup, contact them today! - Please visit qmailtoaster.com http://qmailtoaster.com for the latest news, updates, and packages. To unsubscribe, e-mail: qmailtoaster-list-unsubscr...@qmailtoaster.com mailto:qmailtoaster-list-unsubscr...@qmailtoaster.com For additional commands, e-mail: qmailtoaster-list-h...@qmailtoaster.com mailto:qmailtoaster-list-h...@qmailtoaster.com -- -Eric 'shubes' - Qmailtoaster is sponsored by Vickers Consulting Group (www.vickersconsulting.com) Vickers Consulting Group offers Qmailtoaster support and installations. If you need professional help with your setup, contact them today! - Please visit qmailtoaster.com for the latest news, updates, and packages. To unsubscribe, e-mail: qmailtoaster-list-unsubscr...@qmailtoaster.com For additional commands, e-mail:
[qmailtoaster] disable mx check in chkuser
hi i use squirrelmail when customers send emails to a number of people from webmail then if there is one address that is wrong the message that is shown is #5.1.1 chkuser - can't find valid MX for rcpt domain however the exact domain name where the problem exists is not shown here i see two ways out a) either i get the exact email id which has the problem, but i am not sure whether squirrelmail needs to be modified or chkuser --- this would be ideal. b) the easy way -- disable chkuser MX checks for webmail users so that the bad email id bounces back after some time. could you please guide me on how to do this ? thanks rajesh - Qmailtoaster is sponsored by Vickers Consulting Group (www.vickersconsulting.com) Vickers Consulting Group offers Qmailtoaster support and installations. If you need professional help with your setup, contact them today! - Please visit qmailtoaster.com for the latest news, updates, and packages. To unsubscribe, e-mail: qmailtoaster-list-unsubscr...@qmailtoaster.com For additional commands, e-mail: qmailtoaster-list-h...@qmailtoaster.com
Re: [qmailtoaster] disable mx check in chkuser
Rajesh, Maybe your customers should be more careful entering the address they are sending to? You can't make everything stupid proof. I don't think you can disable CHKUSER nor do I think you'd want to. This occurs not only in Squirrelmail, but in Thunderbird and other e mail clients when the recipient is addressed incorrectly. CJ On 04/05/2010 07:35 PM, Rajesh M wrote: hi i use squirrelmail when customers send emails to a number of people from webmail then if there is one address that is wrong the message that is shown is #5.1.1 chkuser - can't find valid MX for rcpt domain however the exact domain name where the problem exists is not shown here i see two ways out a) either i get the exact email id which has the problem, but i am not sure whether squirrelmail needs to be modified or chkuser --- this would be ideal. b) the easy way -- disable chkuser MX checks for webmail users so that the bad email id bounces back after some time. could you please guide me on how to do this ? thanks rajesh - Qmailtoaster is sponsored by Vickers Consulting Group (www.vickersconsulting.com) Vickers Consulting Group offers Qmailtoaster support and installations. If you need professional help with your setup, contact them today! - Please visit qmailtoaster.com for the latest news, updates, and packages. To unsubscribe, e-mail: qmailtoaster-list-unsubscr...@qmailtoaster.com For additional commands, e-mail: qmailtoaster-list-h...@qmailtoaster.com -- Cecil Yother, Jr. cj cj's 2318 Clement Ave Alameda, CA 94501 tel 510.865.2787 | fax 510.864.7300 http://yother.com - Qmailtoaster is sponsored by Vickers Consulting Group (www.vickersconsulting.com) Vickers Consulting Group offers Qmailtoaster support and installations. If you need professional help with your setup, contact them today! - Please visit qmailtoaster.com for the latest news, updates, and packages. To unsubscribe, e-mail: qmailtoaster-list-unsubscr...@qmailtoaster.com For additional commands, e-mail: qmailtoaster-list-h...@qmailtoaster.com
[qmailtoaster] disable mx check in chkuser
Dear Rajesh, Please refer to the url mentioned below to solve your problem: http://wiki.qmailtoaster.org/index.php/Chkuser Chkuser From QMail-Toaster chkuser configuration is not configurable on the fly. Configuration settings currently in use are documented at /var/qmail/doc/chkuser_settings.h. To tailor your chkuser settings, use the following procedure (provided by Nick): # rpm -Uvh qmail-toaster*.src.rpm # cd /usr/src/redhat/SPECS (assuming you are using CentOS 4) edit qmail-toaster.spec. find 'sleep 5' (should be line 606). change 5 to 300 (5 seconds to 300 seconds). save. # rpmbuild -bb --with cnt40 qmail-toaster.spec (use the appropriate --with value for your distro) When the build process pauses, open another terminal and edit /usr/src/redhat/BUILD/qmail-1.03/chkuser_settings.h to your liking. You have 5 minutes (or whatever you changed the sleep parameter to). Save your changes and wait for the 300 seconds to expire and watch it build. Search for #define CHKUSER_RCPT_MX(4th statement from below in the chkuser_settings.h file) Modify the line to comment it. Before change : #define CHKUSER_RCPT_MX After Change : /* #define CHKUSER_RCPT_MX */ Then save the file and let the rpm rebuild # cd ../RPMS/i386/ # qmailctl stop # rpm -Uvh --replacefiles --replacepkgs qmail-*.rpm # qmailctl start That's the procedure for now. Regards, Anil Aliyan hi i use squirrelmail when customers send emails to a number of people from webmail then if there is one address that is wrong the message that is shown is #5.1.1 chkuser - can't find valid MX for rcpt domain however the exact domain name where the problem exists is not shown here i see two ways out a) either i get the exact email id which has the problem, but i am not sure whether squirrelmail needs to be modified or chkuser --- this would be ideal. b) the easy way -- disable chkuser MX checks for webmail users so that the bad email id bounces back after some time. could you please guide me on how to do this ? thanks rajesh - Qmailtoaster is sponsored by Vickers Consulting Group (www.vickersconsulting.com) Vickers Consulting Group offers Qmailtoaster support and installations. If you need professional help with your setup, contact them today! - Please visit qmailtoaster.com for the latest news, updates, and packages. To unsubscribe, e-mail: qmailtoaster-list-unsubscr...@qmailtoaster.com For additional commands, e-mail: qmailtoaster-list-h...@qmailtoaster.com