RE: [qmailtoaster] domainkeys mulitple domain issue
I Guess nobody knows the answer, if i work it out, ill let you know. Rob From: Amit Dalia [mailto:a...@ikf.co.in] Sent: 14 April 2010 05:40 To: qmailtoaster-list@qmailtoaster.com Subject: Re: [qmailtoaster] domainkeys mulitple domain issue Hi Everyone, Any help on how to setup DKIM for multiple domains on the same QMT server? I'm getting below error. Regards, Amit At Tuesday, 13-04-2010 on 15:46 Amit Dalia wrote: Hi Everyone, Even I was going to post this today. I had got around 15 domains on the same toaster. I had configure DKIM as per Jake's Video on How to setup DKIM, but it is signing only 1 domain perfectly but other domains are getting bad signature. Authentication-Results: mx.google.com; spf=neutral (google.com: 180.92.170.125 is neither permitted nor denied by domain of i...@sem-pune.in mailto:a...@vanaz.com ) smtp.mail= mailto:smtp.mail=a...@vanaz.com i...@sem-pune.in mailto:a...@vanaz.com ; dkim=neutral (no key) mailto:header...@mailserver header...@webapplication.co.in My server hostname is mail.webapplication.co.in. How do I replace header.i value for respective domain. Thanks and regards, Amit At Tuesday, 13-04-2010 on 13:57 Rob Wellard wrote: I have the latest toaster installed, Everything works beautifully. However i seem to be getting a weird problem with the domainkey. I have several domains on the one toaster, and i can get the last one working perfectly, however the rest come back with bad signature. And it’s always the latest one that seems to work. Is there something i am doing wrong. Please can you help
[qmailtoaster] QMAIL SPAM RULES
Hi All, can anybody help me to update spamassassin rules? I've take a look to the http://www.rulesemporium.com project but i don't understand the differences between rules files. Since 2 weeks i receive more spam mail and noone have made changes to server configurations. Sorry for my bad english. Bye bye -- ir0nfl...@gmail.com
RE: [qmailtoaster] domainkeys mulitple domain issue
Dear Amit, Have u published the dkim public in the DNS records of all these domains If you are using single key for all the domain then all the domain should have same key in the dns records. Regards, Anil Aliyan From: Rob Wellard [mailto:r...@brainiacmedia.net] Sent: Wednesday, April 14, 2010 12:56 PM To: qmailtoaster-list@qmailtoaster.com Subject: RE: [qmailtoaster] domainkeys mulitple domain issue I Guess nobody knows the answer, if i work it out, ill let you know. Rob From: Amit Dalia [mailto:a...@ikf.co.in] Sent: 14 April 2010 05:40 To: qmailtoaster-list@qmailtoaster.com Subject: Re: [qmailtoaster] domainkeys mulitple domain issue Hi Everyone, Any help on how to setup DKIM for multiple domains on the same QMT server? I'm getting below error. Regards, Amit At Tuesday, 13-04-2010 on 15:46 Amit Dalia wrote: Hi Everyone, Even I was going to post this today. I had got around 15 domains on the same toaster. I had configure DKIM as per Jake's Video on How to setup DKIM, but it is signing only 1 domain perfectly but other domains are getting bad signature. Authentication-Results: mx.google.com; spf=neutral (google.com: 180.92.170.125 is neither permitted nor denied by domain of i...@sem-pune.in mailto:a...@vanaz.com ) smtp.mail= mailto:smtp.mail=a...@vanaz.com i...@sem-pune.in mailto:a...@vanaz.com ; dkim=neutral (no key) mailto:header...@mailserver header...@webapplication.co.in My server hostname is mail.webapplication.co.in. How do I replace header.i value for respective domain. Thanks and regards, Amit At Tuesday, 13-04-2010 on 13:57 Rob Wellard wrote: I have the latest toaster installed, Everything works beautifully. However i seem to be getting a weird problem with the domainkey. I have several domains on the one toaster, and i can get the last one working perfectly, however the rest come back with bad signature. And it’s always the latest one that seems to work. Is there something i am doing wrong. Please can you help
RE: [qmailtoaster] domainkeys mulitple domain issue
Hi All, First of all mail server must be configured properly to work everything smoothly, such as hostname and other virtual domains etc must exists in the /etc/hosts file. Most Importantly RDNS must exist for all the domains. If all the domain share single ip address then all domain must be entered in the /etc/hosts file against that ip address. Example: 1.2.3.1 mail.vanaz.com mail.bbc.com mail.cnn.com Secondly, the key that all the domain get signed by the DKIM for all the domain is the singconf.xml file. Example given below: The default signconf.xml file contains the first section in brown color below with a domain=”/var/qmail/control/me” in it. Remove this line and add query=dns. Coz of this the dkim looks for the hostname or domains in the “/var/qmail/control/me” file to sign the mails for. Add your domains individually as shown in the example below. dkimsign !-- per default sign all mails using dkim -- global algorithm=rsa-sha1 domain=/var/qmail/control/me keyfile=/var/qmail/control/dkim/global.key method=simple selector=dkim1 types id=dkim / /global After modification your signconf.xml file should look like as in example given below, and if everything is set accordingly then everything should work: dkimsign !-- per default sign all mails using dkim -- global algorithm=rsa-sha1 query=dns keyfile=/var/qmail/control/dkim/global.key method=simple selector=dkim1 types id=dkim / types id=domainkey method=nofws / /global vanaz.com selector=dkim1 types id=dkim / types id=domainkey method=nofws / /vanaz.com bbc.com selector=dkim1 types id=dkim / types id=domainkey method=nofws / /bbc.com cnn.com selector=dkim1 types id=dkim / types id=domainkey method=nofws / /cnn.com /dkimsign Regards, Anil Aliyan From: Rob Wellard [mailto:r...@brainiacmedia.net] Sent: Wednesday, April 14, 2010 12:56 PM To: qmailtoaster-list@qmailtoaster.com Subject: RE: [qmailtoaster] domainkeys mulitple domain issue I Guess nobody knows the answer, if i work it out, ill let you know. Rob From: Amit Dalia [mailto:a...@ikf.co.in] Sent: 14 April 2010 05:40 To: qmailtoaster-list@qmailtoaster.com Subject: Re: [qmailtoaster] domainkeys mulitple domain issue Hi Everyone, Any help on how to setup DKIM for multiple domains on the same QMT server? I'm getting below error. Regards, Amit At Tuesday, 13-04-2010 on 15:46 Amit Dalia wrote: Hi Everyone, Even I was going to post this today. I had got around 15 domains on the same toaster. I had configure DKIM as per Jake's Video on How to setup DKIM, but it is signing only 1 domain perfectly but other domains are getting bad signature. Authentication-Results: mx.google.com; spf=neutral (google.com: 180.92.170.125 is neither permitted nor denied by domain of i...@sem-pune.in mailto:a...@vanaz.com ) smtp.mail= mailto:smtp.mail=a...@vanaz.com i...@sem-pune.in mailto:a...@vanaz.com ; dkim=neutral (no key) mailto:header...@mailserver header...@webapplication.co.in My server hostname is mail.webapplication.co.in. How do I replace header.i value for respective domain. Thanks and regards, Amit At Tuesday, 13-04-2010 on 13:57 Rob Wellard wrote: I have the latest toaster installed, Everything works beautifully. However i seem to be getting a weird problem with the domainkey. I have several domains on the one toaster, and i can get the last one working perfectly, however the rest come back with bad signature. And it’s always the latest one that seems to work. Is there something i am doing wrong. Please can you help
RE: [qmailtoaster] domainkeys mulitple domain issue
Hi Anil Thanks a million for answering my question, i really appreciate it. Quick question. Are you referring to domainkeys here or dkim? I am having a problem with domainkeys and have not setup dkim, thats my next step. Thanks Rob From: Anil Aliyan [mailto:acali...@gnvfc.net] Sent: 14 April 2010 11:15 To: qmailtoaster-list@qmailtoaster.com Subject: RE: [qmailtoaster] domainkeys mulitple domain issue Hi All, First of all mail server must be configured properly to work everything smoothly, such as hostname and other virtual domains etc must exists in the /etc/hosts file. Most Importantly RDNS must exist for all the domains. If all the domain share single ip address then all domain must be entered in the /etc/hosts file against that ip address. Example: 1.2.3.1 mail.vanaz.com mail.bbc.com mail.cnn.com Secondly, the key that all the domain get signed by the DKIM for all the domain is the singconf.xml file. Example given below: The default signconf.xml file contains the first section in brown color below with a domain=”/var/qmail/control/me” in it. Remove this line and add query=dns. Coz of this the dkim looks for the hostname or domains in the “/var/qmail/control/me” file to sign the mails for. Add your domains individually as shown in the example below. dkimsign !-- per default sign all mails using dkim -- global algorithm=rsa-sha1 domain=/var/qmail/control/me keyfile=/var/qmail/control/dkim/global.key method=simple selector=dkim1 types id=dkim / /global After modification your signconf.xml file should look like as in example given below, and if everything is set accordingly then everything should work: dkimsign !-- per default sign all mails using dkim -- global algorithm=rsa-sha1 query=dns keyfile=/var/qmail/control/dkim/global.key method=simple selector=dkim1 types id=dkim / types id=domainkey method=nofws / /global vanaz.com selector=dkim1 types id=dkim / types id=domainkey method=nofws / /vanaz.com bbc.com selector=dkim1 types id=dkim / types id=domainkey method=nofws / /bbc.com cnn.com selector=dkim1 types id=dkim / types id=domainkey method=nofws / /cnn.com /dkimsign Regards, Anil Aliyan From: Rob Wellard [mailto:r...@brainiacmedia.net] Sent: Wednesday, April 14, 2010 12:56 PM To: qmailtoaster-list@qmailtoaster.com Subject: RE: [qmailtoaster] domainkeys mulitple domain issue I Guess nobody knows the answer, if i work it out, ill let you know. Rob From: Amit Dalia [mailto:a...@ikf.co.in] Sent: 14 April 2010 05:40 To: qmailtoaster-list@qmailtoaster.com Subject: Re: [qmailtoaster] domainkeys mulitple domain issue Hi Everyone, Any help on how to setup DKIM for multiple domains on the same QMT server? I'm getting below error. Regards, Amit At Tuesday, 13-04-2010 on 15:46 Amit Dalia wrote: Hi Everyone, Even I was going to post this today. I had got around 15 domains on the same toaster. I had configure DKIM as per Jake's Video on How to setup DKIM, but it is signing only 1 domain perfectly but other domains are getting bad signature. Authentication-Results: mx.google.com; spf=neutral (google.com: 180.92.170.125 is neither permitted nor denied by domain of i...@sem-pune.in mailto:a...@vanaz.com ) smtp.mail= mailto:smtp.mail=a...@vanaz.com i...@sem-pune.in mailto:a...@vanaz.com ; dkim=neutral (no key) mailto:header...@mailserver header...@webapplication.co.in My server hostname is mail.webapplication.co.in. How do I replace header.i value for respective domain. Thanks and regards, Amit At Tuesday, 13-04-2010 on 13:57 Rob Wellard wrote: I have the latest toaster installed, Everything works beautifully. However i seem to be getting a weird problem with the domainkey. I have several domains on the one toaster, and i can get the last one working perfectly, however the rest come back with bad signature. And it’s always the latest one that seems to work. Is there something i am doing wrong. Please can you help
RE: [qmailtoaster] domainkeys mulitple domain issue
Hi Rob, My answer are regarding DKIM which signs mails for both DKIM and Domainkeys. Regards, Anil Aliyan From: Rob Wellard [mailto:r...@brainiacmedia.net] Sent: Wednesday, April 14, 2010 4:25 PM To: qmailtoaster-list@qmailtoaster.com Subject: RE: [qmailtoaster] domainkeys mulitple domain issue Hi Anil Thanks a million for answering my question, i really appreciate it. Quick question. Are you referring to domainkeys here or dkim? I am having a problem with domainkeys and have not setup dkim, thats my next step. Thanks Rob From: Anil Aliyan [mailto:acali...@gnvfc.net] Sent: 14 April 2010 11:15 To: qmailtoaster-list@qmailtoaster.com Subject: RE: [qmailtoaster] domainkeys mulitple domain issue Hi All, First of all mail server must be configured properly to work everything smoothly, such as hostname and other virtual domains etc must exists in the /etc/hosts file. Most Importantly RDNS must exist for all the domains. If all the domain share single ip address then all domain must be entered in the /etc/hosts file against that ip address. Example: 1.2.3.1 mail.vanaz.com mail.bbc.com mail.cnn.com Secondly, the key that all the domain get signed by the DKIM for all the domain is the singconf.xml file. Example given below: The default signconf.xml file contains the first section in brown color below with a domain=”/var/qmail/control/me” in it. Remove this line and add query=dns. Coz of this the dkim looks for the hostname or domains in the “/var/qmail/control/me” file to sign the mails for. Add your domains individually as shown in the example below. dkimsign !-- per default sign all mails using dkim -- global algorithm=rsa-sha1 domain=/var/qmail/control/me keyfile=/var/qmail/control/dkim/global.key method=simple selector=dkim1 types id=dkim / /global After modification your signconf.xml file should look like as in example given below, and if everything is set accordingly then everything should work: dkimsign !-- per default sign all mails using dkim -- global algorithm=rsa-sha1 query=dns keyfile=/var/qmail/control/dkim/global.key method=simple selector=dkim1 types id=dkim / types id=domainkey method=nofws / /global vanaz.com selector=dkim1 types id=dkim / types id=domainkey method=nofws / /vanaz.com bbc.com selector=dkim1 types id=dkim / types id=domainkey method=nofws / /bbc.com cnn.com selector=dkim1 types id=dkim / types id=domainkey method=nofws / /cnn.com /dkimsign Regards, Anil Aliyan From: Rob Wellard [mailto:r...@brainiacmedia.net] Sent: Wednesday, April 14, 2010 12:56 PM To: qmailtoaster-list@qmailtoaster.com Subject: RE: [qmailtoaster] domainkeys mulitple domain issue I Guess nobody knows the answer, if i work it out, ill let you know. Rob From: Amit Dalia [mailto:a...@ikf.co.in] Sent: 14 April 2010 05:40 To: qmailtoaster-list@qmailtoaster.com Subject: Re: [qmailtoaster] domainkeys mulitple domain issue Hi Everyone, Any help on how to setup DKIM for multiple domains on the same QMT server? I'm getting below error. Regards, Amit At Tuesday, 13-04-2010 on 15:46 Amit Dalia wrote: Hi Everyone, Even I was going to post this today. I had got around 15 domains on the same toaster. I had configure DKIM as per Jake's Video on How to setup DKIM, but it is signing only 1 domain perfectly but other domains are getting bad signature. Authentication-Results: mx.google.com; spf=neutral (google.com: 180.92.170.125 is neither permitted nor denied by domain of i...@sem-pune.in mailto:a...@vanaz.com ) smtp.mail= mailto:smtp.mail=a...@vanaz.com i...@sem-pune.in mailto:a...@vanaz.com ; dkim=neutral (no key) mailto:header...@mailserver header...@webapplication.co.in My server hostname is mail.webapplication.co.in. How do I replace header.i value for respective domain. Thanks and regards, Amit At Tuesday, 13-04-2010 on 13:57 Rob Wellard wrote: I have the latest toaster installed, Everything works beautifully. However i seem to be getting a weird problem with the domainkey. I have several domains on the one toaster, and i can get the last one working perfectly, however the rest come back with bad signature. And it’s always the latest one that seems to work. Is there something i am doing wrong. Please can you help
RE: [qmailtoaster] domainkeys mulitple domain issue
Hi Anil, Thanks a lot. Will try this and if any query will get back. Thanks and regards, Amit At Wednesday, 14-04-2010 on 16:46 Anil Aliyan wrote: Hi Rob, My answer are regarding DKIM which signs mails for both DKIM and Domainkeys. Regards, Anil Aliyan FROM: Rob Wellard [mailto:r...@brainiacmedia.net] SENT: Wednesday, April 14, 2010 4:25 PM TO: qmailtoaster-list@qmailtoaster.com SUBJECT: RE: [qmailtoaster] domainkeys mulitple domain issue Hi Anil Thanks a million for answering my question, i really appreciate it. Quick question. Are you referring to domainkeys here or dkim? I am having a problem with domainkeys and have not setup dkim, thats my next step. Thanks Rob FROM: Anil Aliyan [mailto:acali...@gnvfc.net] SENT: 14 April 2010 11:15 TO: qmailtoaster-list@qmailtoaster.com SUBJECT: RE: [qmailtoaster] domainkeys mulitple domain issue Hi All, First of all mail server must be configured properly to work everything smoothly, such as hostname and other virtual domains etc must exists in the /etc/hosts file. Most Importantly RDNS must exist for all the domains. If all the domain share single ip address then all domain must be entered in the /etc/hosts file against that ip address. Example: 1.2.3.1 mail.vanaz.com mail.bbc.com mail.cnn.com Secondly, the key that all the domain get signed by the DKIM for all the domain is the SINGCONF.XML file. Example given below: The default signconf.xml file contains the first section in brown color below with a domain=”/var/qmail/control/me” in it. Remove this line and add QUERY=DNS. Coz of this the dkim looks for the hostname or domains in the “/var/qmail/control/me” file to sign the mails for. Add your domains individually as shown in the example below. AFTER MODIFICATION YOUR SIGNCONF.XML FILE SHOULD LOOK LIKE AS IN EXAMPLE GIVEN BELOW, AND IF EVERYTHING IS SET ACCORDINGLY THEN EVERYTHING SHOULD WORK: Regards, Anil Aliyan FROM: Rob Wellard [mailto:r...@brainiacmedia.net] SENT: Wednesday, April 14, 2010 12:56 PM TO: qmailtoaster-list@qmailtoaster.com SUBJECT: RE: [qmailtoaster] domainkeys mulitple domain issue I Guess nobody knows the answer, if i work it out, ill let you know. Rob FROM: Amit Dalia [mailto:a...@ikf.co.in] SENT: 14 April 2010 05:40 TO: qmailtoaster-list@qmailtoaster.com SUBJECT: Re: [qmailtoaster] domainkeys mulitple domain issue Hi Everyone, Any help on how to setup DKIM for multiple domains on the same QMT server? I'm getting below error. Regards, Amit At Tuesday, 13-04-2010 on 15:46 Amit Dalia wrote: Hi Everyone, Even I was going to post this today. I had got around 15 domains on the same toaster. I had configure DKIM as per Jake's Video on How to setup DKIM, but it is signing only 1 domain perfectly but other domains are getting bad signature. Authentication-Results: mx.google.com; spf=neutral (google.com: 180.92.170.125 is neither permitted nor denied by domain of i...@sem-pune.in [1]) smtp.mail= [2]i...@sem-pune.in [1]; dkim=neutral (no key) header...@webapplication.co.in [3] My server hostname is mail.webapplication.co.in. How do I replace header.i value for respective domain. Thanks and regards, Amit At Tuesday, 13-04-2010 on 13:57 Rob Wellard wrote: I have the latest toaster installed, Everything works beautifully. However i seem to be getting a weird problem with the domainkey. I have several domains on the one toaster, and i can get the last one working perfectly, however the rest come back with bad signature. And it’s always the latest one that seems to work. Is there something i am doing wrong. Please can you help Links: -- [1] mailto:a...@vanaz.com [2] mailto:smtp.mail=a...@vanaz.com [3] MAILTO:header...@mailserver
RE: [qmailtoaster] domainkeys mulitple domain issue
Dear Anil, I tried what you had told but seems like its not working. Its just picking domain from file /var/qmail/control/me. Any help? Regards, Amit At Wednesday, 14-04-2010 on 16:46 Anil Aliyan wrote: Hi Rob, My answer are regarding DKIM which signs mails for both DKIM and Domainkeys. Regards, Anil Aliyan FROM: Rob Wellard [mailto:r...@brainiacmedia.net] SENT: Wednesday, April 14, 2010 4:25 PM TO: qmailtoaster-list@qmailtoaster.com SUBJECT: RE: [qmailtoaster] domainkeys mulitple domain issue Hi Anil Thanks a million for answering my question, i really appreciate it. Quick question. Are you referring to domainkeys here or dkim? I am having a problem with domainkeys and have not setup dkim, thats my next step. Thanks Rob FROM: Anil Aliyan [mailto:acali...@gnvfc.net] SENT: 14 April 2010 11:15 TO: qmailtoaster-list@qmailtoaster.com SUBJECT: RE: [qmailtoaster] domainkeys mulitple domain issue Hi All, First of all mail server must be configured properly to work everything smoothly, such as hostname and other virtual domains etc must exists in the /etc/hosts file. Most Importantly RDNS must exist for all the domains. If all the domain share single ip address then all domain must be entered in the /etc/hosts file against that ip address. Example: 1.2.3.1 mail.vanaz.com mail.bbc.com mail.cnn.com Secondly, the key that all the domain get signed by the DKIM for all the domain is the SINGCONF.XML file. Example given below: The default signconf.xml file contains the first section in brown color below with a domain=”/var/qmail/control/me” in it. Remove this line and add QUERY=DNS. Coz of this the dkim looks for the hostname or domains in the “/var/qmail/control/me” file to sign the mails for. Add your domains individually as shown in the example below. AFTER MODIFICATION YOUR SIGNCONF.XML FILE SHOULD LOOK LIKE AS IN EXAMPLE GIVEN BELOW, AND IF EVERYTHING IS SET ACCORDINGLY THEN EVERYTHING SHOULD WORK: Regards, Anil Aliyan FROM: Rob Wellard [mailto:r...@brainiacmedia.net] SENT: Wednesday, April 14, 2010 12:56 PM TO: qmailtoaster-list@qmailtoaster.com SUBJECT: RE: [qmailtoaster] domainkeys mulitple domain issue I Guess nobody knows the answer, if i work it out, ill let you know. Rob FROM: Amit Dalia [mailto:a...@ikf.co.in] SENT: 14 April 2010 05:40 TO: qmailtoaster-list@qmailtoaster.com SUBJECT: Re: [qmailtoaster] domainkeys mulitple domain issue Hi Everyone, Any help on how to setup DKIM for multiple domains on the same QMT server? I'm getting below error. Regards, Amit At Tuesday, 13-04-2010 on 15:46 Amit Dalia wrote: Hi Everyone, Even I was going to post this today. I had got around 15 domains on the same toaster. I had configure DKIM as per Jake's Video on How to setup DKIM, but it is signing only 1 domain perfectly but other domains are getting bad signature. Authentication-Results: mx.google.com; spf=neutral (google.com: 180.92.170.125 is neither permitted nor denied by domain of i...@sem-pune.in [1]) smtp.mail= [2]i...@sem-pune.in [1]; dkim=neutral (no key) header...@webapplication.co.in [3] My server hostname is mail.webapplication.co.in. How do I replace header.i value for respective domain. Thanks and regards, Amit At Tuesday, 13-04-2010 on 13:57 Rob Wellard wrote: I have the latest toaster installed, Everything works beautifully. However i seem to be getting a weird problem with the domainkey. I have several domains on the one toaster, and i can get the last one working perfectly, however the rest come back with bad signature. And it’s always the latest one that seems to work. Is there something i am doing wrong. Please can you help Links: -- [1] mailto:a...@vanaz.com [2] mailto:smtp.mail=a...@vanaz.com [3] MAILTO:header...@mailserver
[qmailtoaster] domainkey headers
Hi all, I just followed the instructions in Jake's excellent DKIM video to implement that. Also, I switched to having this script do the domainkey signing as well. Now, every test I tried says all is well, but there is one thing I do not understand: The headers for the domainkey and DKIM signature contain weird information: (Example from a mail I sent to my own yahoo account): DomainKey-Signature:a=rsa-sha1; c=nofws; d=waschbuesch.de; h=from :content-type:content-transfer-encoding:subject:date:message-id :to:mime-version; q=dns; s=default; b=lF2aWIX+e9oN8bYFk8OGupo/F+ CDbPVA/yGb8eagFBr8ypwTSPuZq07cssngeQ0+ DKIM-Signature: v=1; a=rsa-sha1; c=simple; d=waschbuesch.de; h=from :content-type:content-transfer-encoding:subject:date:message-id :to:mime-version; s=default; bh=IFo6QBdna/qAn60/ytgz9ZK1/Y4=; b= ldXU+PxQlyiCCcOYHsIzj49GPRofZtird92MAIqZLThB60mJKrz8VEow0fA3WgIO Now, where does this weird h-tag come from? Is there a way to influence that? Thanks, Martin -- Years ago my mother used to say to me, she'd say, 'In this world, Elwood, you must be oh so smart or oh so pleasant.' Well, for years I was smart. I recommend pleasant. James Stewart as Elwood P. Dowd in 'Harvey' - Qmailtoaster is sponsored by Vickers Consulting Group (www.vickersconsulting.com) Vickers Consulting Group offers Qmailtoaster support and installations. If you need professional help with your setup, contact them today! - Please visit qmailtoaster.com for the latest news, updates, and packages. To unsubscribe, e-mail: qmailtoaster-list-unsubscr...@qmailtoaster.com For additional commands, e-mail: qmailtoaster-list-h...@qmailtoaster.com
[qmailtoaster] RDNS rejecting on a domain
I have a problem with email being rejected from one of our customers. They do not have reverse DNS setup for their mail server. I have explained to them why they need that and they are looking into getting it fixed. Until then, is there a way to whitelist mail coming form them so it passes through the rDNS check?
RE: [qmailtoaster] domainkeys mulitple domain issue
Please read my previous mail and edit your signconfig.xml file accordingly From: Amit Dalia [mailto:a...@ikf.co.in] Sent: Wednesday, April 14, 2010 5:53 PM To: qmailtoaster-list@qmailtoaster.com Subject: RE: [qmailtoaster] domainkeys mulitple domain issue Dear Anil, I tried what you had told but seems like its not working. Its just picking domain from file /var/qmail/control/me. Any help? Regards, Amit At Wednesday, 14-04-2010 on 16:46 Anil Aliyan wrote: Hi Rob, My answer are regarding DKIM which signs mails for both DKIM and Domainkeys. Regards, Anil Aliyan From: Rob Wellard [mailto:r...@brainiacmedia.net] Sent: Wednesday, April 14, 2010 4:25 PM To: qmailtoaster-list@qmailtoaster.com Subject: RE: [qmailtoaster] domainkeys mulitple domain issue Hi Anil Thanks a million for answering my question, i really appreciate it. Quick question. Are you referring to domainkeys here or dkim? I am having a problem with domainkeys and have not setup dkim, thats my next step. Thanks Rob From: Anil Aliyan [mailto:acali...@gnvfc.net] Sent: 14 April 2010 11:15 To: qmailtoaster-list@qmailtoaster.com Subject: RE: [qmailtoaster] domainkeys mulitple domain issue Hi All, First of all mail server must be configured properly to work everything smoothly, such as hostname and other virtual domains etc must exists in the /etc/hosts file. Most Importantly RDNS must exist for all the domains. If all the domain share single ip address then all domain must be entered in the /etc/hosts file against that ip address. Example: 1.2.3.1 mail.vanaz.com mail.bbc.com mail.cnn.com Secondly, the key that all the domain get signed by the DKIM for all the domain is the singconf.xml file. Example given below: The default signconf.xml file contains the first section in brown color below with a domain=”/var/qmail/control/me” in it. Remove this line and add query=dns. Coz of this the dkim looks for the hostname or domains in the “/var/qmail/control/me” file to sign the mails for. Add your domains individually as shown in the example below. dkimsign !-- per default sign all mails using dkim -- global algorithm=rsa-sha1 domain=/var/qmail/control/me keyfile=/var/qmail/control/dkim/global.key method=simple selector=dkim1 types id=dkim / /global After modification your signconf.xml file should look like as in example given below, and if everything is set accordingly then everything should work: dkimsign !-- per default sign all mails using dkim -- global algorithm=rsa-sha1 query=dns keyfile=/var/qmail/control/dkim/global.key method=simple selector=dkim1 types id=dkim / types id=domainkey method=nofws / /global vanaz.com selector=dkim1 types id=dkim / types id=domainkey method=nofws / /vanaz.com bbc.com selector=dkim1 types id=dkim / types id=domainkey method=nofws / /bbc.com cnn.com selector=dkim1 types id=dkim / types id=domainkey method=nofws / /cnn.com /dkimsign Regards, Anil Aliyan From: Rob Wellard [mailto:r...@brainiacmedia.net] Sent: Wednesday, April 14, 2010 12:56 PM To: qmailtoaster-list@qmailtoaster.com Subject: RE: [qmailtoaster] domainkeys mulitple domain issue I Guess nobody knows the answer, if i work it out, ill let you know. Rob From: Amit Dalia [mailto:a...@ikf.co.in] Sent: 14 April 2010 05:40 To: qmailtoaster-list@qmailtoaster.com Subject: Re: [qmailtoaster] domainkeys mulitple domain issue Hi Everyone, Any help on how to setup DKIM for multiple domains on the same QMT server? I'm getting below error. Regards, Amit At Tuesday, 13-04-2010 on 15:46 Amit Dalia wrote: Hi Everyone, Even I was going to post this today. I had got around 15 domains on the same toaster. I had configure DKIM as per Jake's Video on How to setup DKIM, but it is signing only 1 domain perfectly but other domains are getting bad signature. Authentication-Results: mx.google.com; spf=neutral (google.com: 180.92.170.125 is neither permitted nor denied by domain of i...@sem-pune.in mailto:a...@vanaz.com ) smtp.mail= mailto:smtp.mail=a...@vanaz.com i...@sem-pune.in mailto:a...@vanaz.com ; dkim=neutral (no key) mailto:header...@mailserver header...@webapplication.co.in My server hostname is mail.webapplication.co.in. How do I replace header.i value for respective domain. Thanks and regards, Amit At Tuesday, 13-04-2010 on 13:57 Rob Wellard wrote: I have the latest toaster installed, Everything works beautifully. However i seem to be getting a weird problem with the domainkey. I have several domains on the one toaster, and i can get the last one working perfectly, however the rest come back with bad signature. And it’s always the latest one that seems to work. Is there something i am doing wrong. Please can you help
[qmailtoaster] Re: QMAIL SPAM RULES
Ir0nFl4m3 wrote: Hi All, can anybody help me to update spamassassin rules? I've take a look to the http://www.rulesemporium.com project but i don't understand the differences between rules files. Since 2 weeks i receive more spam mail and noone have made changes to server configurations. Sorry for my bad english. Bye bye -- ir0nfl...@gmail.com mailto:ir0nfl...@gmail.com Spamassassin rules don't generally need any customization. Tailoring of SA is commonly done by setting up enhanced bayes processing. If you're simply trying to reduce spam, the best thing you can do is install spamdyke. There's a qtp-install-spamdyke script in the qmailtoaster-plus package that will do this for you. See http://wiki.qmailtoaster.com/index.php/Spamdyke -- -Eric 'shubes' - Qmailtoaster is sponsored by Vickers Consulting Group (www.vickersconsulting.com) Vickers Consulting Group offers Qmailtoaster support and installations. If you need professional help with your setup, contact them today! - Please visit qmailtoaster.com for the latest news, updates, and packages. To unsubscribe, e-mail: qmailtoaster-list-unsubscr...@qmailtoaster.com For additional commands, e-mail: qmailtoaster-list-h...@qmailtoaster.com
[qmailtoaster] Re: RDNS rejecting on a domain
(I presume you're using spamdyke here. If not, I've no idea how your QMT is checking rDNS.) It's the later, Alex. ;) There are several types of whitelists with spamdyke. There are /etc/spamdyke/whitelist_* files already set up for you by the qtp-install-spamdyke script. Simply add the rDNS name in the whitelist_rdns file, and you should be good to go. Alternatively, if you want to whitelist the sending server's IP address, you can add that IP address to the whitelist_ip file. Or you could whitelist the sender's domain by adding @senderdomain.com to the whitelist_senders file. So many choices. :) See http://www.spamdyke.org/documentation/README.html#WHITELISTS for details. -- -Eric 'shubes' Postmaster wrote: The answer is no or at least not that I am aware of. rDNS has to be setup. My e-mail server is rejecting any incoming e-mail if the e-mail server does not have rDNS as in 99% cases this is spam. Regards Alex On 14/04/2010 15:19, John Raley wrote: I have a problem with email being rejected from one of our customers. They do not have reverse DNS setup for their mail server. I have explained to them why they need that and they are looking into getting it fixed. Until then, is there a way to whitelist mail coming form them so it passes through the rDNS check? - Qmailtoaster is sponsored by Vickers Consulting Group (www.vickersconsulting.com) Vickers Consulting Group offers Qmailtoaster support and installations. If you need professional help with your setup, contact them today! - Please visit qmailtoaster.com for the latest news, updates, and packages. To unsubscribe, e-mail: qmailtoaster-list-unsubscr...@qmailtoaster.com For additional commands, e-mail: qmailtoaster-list-h...@qmailtoaster.com
Re: [qmailtoaster] Re: spam
Eric Shubert wrote: Jake Vickers wrote: On 04/09/2010 05:26 PM, Eric Shubert wrote: Jake Vickers wrote: On 04/09/2010 11:25 AM, madmac wrote: Is there then a way to secure squirrelmail, or any other webmail prog. This is a default install of qmail with the ISO. Not having it is not an option, as most of the clients can only use webmail as they are on the road daily. Thanks I use fail2ban to monitor for brute-force attacks. Works on pop3 as well. fail2ban is good for brute-force attacks all right, but useless if a password is sniffed. Best to be sure that no passwords travel the internet in the clear. True - I run everything using SSL myself. I normally do not see too many passwords sniffed. I can provide gigs worth of logs of brute force attempts. ;) Yeah, I've only seen pw sniffed once. Lots of "script kiddies" out there though. I shut off pop3 entirely, and users use pop3-ssl. Haven't noticed any brute-force attacks on IMAP, or SMTP for that matter (doesn't mean there haven't been any though). I am migrating everything over to ssl slowly but in oder to do a full move without people noticing the pop up one time I need a fix on my self signed cert so it doesnt pop up everytime I login. I am looking into it but just havent had time to figure out what I did wrong when I did the cert. --dave -- David Milholen Project Engineer 501-318-1300 Wireless Etc
[qmailtoaster] Re: spam
David Milholen wrote: Eric Shubert wrote: Jake Vickers wrote: On 04/09/2010 05:26 PM, Eric Shubert wrote: Jake Vickers wrote: On 04/09/2010 11:25 AM, madmac wrote: Is there then a way to secure squirrelmail, or any other webmail prog. This is a default install of qmail with the ISO. Not having it is not an option, as most of the clients can only use webmail as they are on the road daily. Thanks I use fail2ban to monitor for brute-force attacks. Works on pop3 as well. fail2ban is good for brute-force attacks all right, but useless if a password is sniffed. Best to be sure that no passwords travel the internet in the clear. True - I run everything using SSL myself. I normally do not see too many passwords sniffed. I can provide gigs worth of logs of brute force attempts. ;) Yeah, I've only seen pw sniffed once. Lots of script kiddies out there though. I shut off pop3 entirely, and users use pop3-ssl. Haven't noticed any brute-force attacks on IMAP, or SMTP for that matter (doesn't mean there haven't been any though). I am migrating everything over to ssl slowly but in oder to do a full move without people noticing the pop up one time I need a fix on my self signed cert so it doesnt pop up everytime I login. I am looking into it but just havent had time to figure out what I did wrong when I did the cert. --dave TTBOMK, the only way to avoid having to do anything on the clients is to pay for a cert from a CA that's recognized by the client by default. The best I've been able to do short of that is to use cacert.org to sign certs. Still need to import cacert.org's root cert into each client, but once that's done then any cert signed by cacert.org will pass. -- -Eric 'shubes' - Qmailtoaster is sponsored by Vickers Consulting Group (www.vickersconsulting.com) Vickers Consulting Group offers Qmailtoaster support and installations. If you need professional help with your setup, contact them today! - Please visit qmailtoaster.com for the latest news, updates, and packages. To unsubscribe, e-mail: qmailtoaster-list-unsubscr...@qmailtoaster.com For additional commands, e-mail: qmailtoaster-list-h...@qmailtoaster.com
[qmailtoaster] Re: clamav-toaster-0.96.0-1.3.35 error
Eric Shubert wrote: Eric Shubert wrote: Eric Shubert wrote: I'm guessing that nobody has seen this error yet: display Building clamav-toaster-0.96.0-1.3.35 ... qtp-build-rpms - rpmbuild failed for clamav-toaster-0.96.0-1.3.35 qtp-build-rpms - here are the last 10 messages from the log: + '[' 0 -ne 0 ']' + cd clamav-0.96.0 ++ /usr/bin/id -u + '[' 0 = 0 ']' + /bin/chown -Rhf root . error: Bad exit status from /var/tmp/rpm-tmp.29349 (%prep) RPM build errors: Bad exit status from /var/tmp/rpm-tmp.29349 (%prep) end of log messages qtp-build-rpms - see /mnt/qtp-sandbox/usr/src/qtp-upgrade/log/build-recent.log for more details Build failed, Exiting. /display When I try to recreate the error manually, it works fine, with 0 exit status from the chown command. Quite perplexing. This is on a VMware guest. Has anyone used qtp-newmodel successfully with this clamav package yet? Just trying to narrow things down. Hmmm. That test VM must be hosed up somehow. It has gotten past that point on a live QMT that's very similar. For posterity, I'll sadly say that it ran out of disk space. :( It was a test machine, and there were loads of backups on it from running qtp-newmodel repeatedly. Doh! I really thought that would fix the problem, but I'm still getting the same error. Very peculiar. H... -- -Eric 'shubes' - Qmailtoaster is sponsored by Vickers Consulting Group (www.vickersconsulting.com) Vickers Consulting Group offers Qmailtoaster support and installations. If you need professional help with your setup, contact them today! - Please visit qmailtoaster.com for the latest news, updates, and packages. To unsubscribe, e-mail: qmailtoaster-list-unsubscr...@qmailtoaster.com For additional commands, e-mail: qmailtoaster-list-h...@qmailtoaster.com
Re: [qmailtoaster] Re: RDNS rejecting on a domain
Sorry, I was thinking more about the client side server In fact, I am surprised your client is not complaining about other e-mails being rejected. Regards Alex On 14/04/2010 16:03, Eric Shubert wrote: (I presume you're using spamdyke here. If not, I've no idea how your QMT is checking rDNS.) It's the later, Alex. ;) There are several types of whitelists with spamdyke. There are /etc/spamdyke/whitelist_* files already set up for you by the qtp-install-spamdyke script. Simply add the rDNS name in the whitelist_rdns file, and you should be good to go. Alternatively, if you want to whitelist the sending server's IP address, you can add that IP address to the whitelist_ip file. Or you could whitelist the sender's domain by adding @senderdomain.com to the whitelist_senders file. So many choices. :) See http://www.spamdyke.org/documentation/README.html#WHITELISTS for details. - Qmailtoaster is sponsored by Vickers Consulting Group (www.vickersconsulting.com) Vickers Consulting Group offers Qmailtoaster support and installations. If you need professional help with your setup, contact them today! - Please visit qmailtoaster.com for the latest news, updates, and packages. To unsubscribe, e-mail: qmailtoaster-list-unsubscr...@qmailtoaster.com For additional commands, e-mail: qmailtoaster-list-h...@qmailtoaster.com
[qmailtoaster] Connected_to_X.X.X.X_but_connection_died
Dear list, Couple of days, my servers can sent email to destination servers, below is the error on send log check on archive, perhaps my server SSL or TLS may be expire, I have stop qmail and move files servercert.pem, tlsserverciphers, dh1024.pem, dh512.pem, rsa512.pem from /var/qmail/control and start qmail again. but still failed. 2010-04-15 01:09:37.754490500 delivery 4: deferral: User_and_password_not_set,_continuing_without_authentication./nooraldin.ara...@fedex.com_Connected_to_199.81.195.41_but_connection_died._Possible_duplicate!_error:1408F10B:SSL_routines:SSL3_GET_RECORD:wrong_version_number_(#4.4.2)/ 2010-04-15 01:09:37.754710500 status: local 0/10 remote 10/60 2010-04-15 01:17:12.496239500 delivery 10: deferral: User_and_password_not_set,_continuing_without_authentication./astri.irwi...@id.henkel.com_Connected_to_193.96.101.84_but_connection_died._Possible_duplicate!_(#4.4.2)/ 2010-04-15 01:17:12.496248500 status: local 0/10 remote 9/60 I have tried opening secure smtp using this command, and I didn't found any error openssl s_client -starttls smtp -crlf -connect smtp.dmz.fedex.com:25 -debug I leave the the recipient email address there, so somebody can also send test email to them. Need your help and advise on this. Thanks before - Qmailtoaster is sponsored by Vickers Consulting Group (www.vickersconsulting.com) Vickers Consulting Group offers Qmailtoaster support and installations. If you need professional help with your setup, contact them today! - Please visit qmailtoaster.com for the latest news, updates, and packages. To unsubscribe, e-mail: qmailtoaster-list-unsubscr...@qmailtoaster.com For additional commands, e-mail: qmailtoaster-list-h...@qmailtoaster.com
Re: [qmailtoaster] Re: spam
Sorry eric I have just got to ask; what is TTBOMK - Original Message - From: Eric Shubert e...@shubes.net To: qmailtoaster-list@qmailtoaster.com Sent: Wednesday, April 14, 2010 9:28 AM Subject: [qmailtoaster] Re: spam David Milholen wrote: Eric Shubert wrote: Jake Vickers wrote: On 04/09/2010 05:26 PM, Eric Shubert wrote: Jake Vickers wrote: On 04/09/2010 11:25 AM, madmac wrote: Is there then a way to secure squirrelmail, or any other webmail prog. This is a default install of qmail with the ISO. Not having it is not an option, as most of the clients can only use webmail as they are on the road daily. Thanks I use fail2ban to monitor for brute-force attacks. Works on pop3 as well. fail2ban is good for brute-force attacks all right, but useless if a password is sniffed. Best to be sure that no passwords travel the internet in the clear. True - I run everything using SSL myself. I normally do not see too many passwords sniffed. I can provide gigs worth of logs of brute force attempts. ;) Yeah, I've only seen pw sniffed once. Lots of script kiddies out there though. I shut off pop3 entirely, and users use pop3-ssl. Haven't noticed any brute-force attacks on IMAP, or SMTP for that matter (doesn't mean there haven't been any though). I am migrating everything over to ssl slowly but in oder to do a full move without people noticing the pop up one time I need a fix on my self signed cert so it doesnt pop up everytime I login. I am looking into it but just havent had time to figure out what I did wrong when I did the cert. --dave TTBOMK, the only way to avoid having to do anything on the clients is to pay for a cert from a CA that's recognized by the client by default. The best I've been able to do short of that is to use cacert.org to sign certs. Still need to import cacert.org's root cert into each client, but once that's done then any cert signed by cacert.org will pass. -- -Eric 'shubes' - Qmailtoaster is sponsored by Vickers Consulting Group (www.vickersconsulting.com) Vickers Consulting Group offers Qmailtoaster support and installations. If you need professional help with your setup, contact them today! - Please visit qmailtoaster.com for the latest news, updates, and packages. To unsubscribe, e-mail: qmailtoaster-list-unsubscr...@qmailtoaster.com For additional commands, e-mail: qmailtoaster-list-h...@qmailtoaster.com - Qmailtoaster is sponsored by Vickers Consulting Group (www.vickersconsulting.com) Vickers Consulting Group offers Qmailtoaster support and installations. If you need professional help with your setup, contact them today! - Please visit qmailtoaster.com for the latest news, updates, and packages. To unsubscribe, e-mail: qmailtoaster-list-unsubscr...@qmailtoaster.com For additional commands, e-mail: qmailtoaster-list-h...@qmailtoaster.com
Re: [qmailtoaster] Re: spam
Ok I got it, brain fart - Original Message - From: madmac sysad...@tricubemedia.com To: qmailtoaster-list@qmailtoaster.com Sent: Wednesday, April 14, 2010 3:06 PM Subject: Re: [qmailtoaster] Re: spam Sorry eric I have just got to ask; what is TTBOMK - Original Message - From: Eric Shubert e...@shubes.net To: qmailtoaster-list@qmailtoaster.com Sent: Wednesday, April 14, 2010 9:28 AM Subject: [qmailtoaster] Re: spam David Milholen wrote: Eric Shubert wrote: Jake Vickers wrote: On 04/09/2010 05:26 PM, Eric Shubert wrote: Jake Vickers wrote: On 04/09/2010 11:25 AM, madmac wrote: Is there then a way to secure squirrelmail, or any other webmail prog. This is a default install of qmail with the ISO. Not having it is not an option, as most of the clients can only use webmail as they are on the road daily. Thanks I use fail2ban to monitor for brute-force attacks. Works on pop3 as well. fail2ban is good for brute-force attacks all right, but useless if a password is sniffed. Best to be sure that no passwords travel the internet in the clear. True - I run everything using SSL myself. I normally do not see too many passwords sniffed. I can provide gigs worth of logs of brute force attempts. ;) Yeah, I've only seen pw sniffed once. Lots of script kiddies out there though. I shut off pop3 entirely, and users use pop3-ssl. Haven't noticed any brute-force attacks on IMAP, or SMTP for that matter (doesn't mean there haven't been any though). I am migrating everything over to ssl slowly but in oder to do a full move without people noticing the pop up one time I need a fix on my self signed cert so it doesnt pop up everytime I login. I am looking into it but just havent had time to figure out what I did wrong when I did the cert. --dave TTBOMK, the only way to avoid having to do anything on the clients is to pay for a cert from a CA that's recognized by the client by default. The best I've been able to do short of that is to use cacert.org to sign certs. Still need to import cacert.org's root cert into each client, but once that's done then any cert signed by cacert.org will pass. -- -Eric 'shubes' - Qmailtoaster is sponsored by Vickers Consulting Group (www.vickersconsulting.com) Vickers Consulting Group offers Qmailtoaster support and installations. If you need professional help with your setup, contact them today! - Please visit qmailtoaster.com for the latest news, updates, and packages. To unsubscribe, e-mail: qmailtoaster-list-unsubscr...@qmailtoaster.com For additional commands, e-mail: qmailtoaster-list-h...@qmailtoaster.com - Qmailtoaster is sponsored by Vickers Consulting Group (www.vickersconsulting.com) Vickers Consulting Group offers Qmailtoaster support and installations. If you need professional help with your setup, contact them today! - Please visit qmailtoaster.com for the latest news, updates, and packages. To unsubscribe, e-mail: qmailtoaster-list-unsubscr...@qmailtoaster.com For additional commands, e-mail: qmailtoaster-list-h...@qmailtoaster.com - Qmailtoaster is sponsored by Vickers Consulting Group (www.vickersconsulting.com) Vickers Consulting Group offers Qmailtoaster support and installations. If you need professional help with your setup, contact them today! - Please visit qmailtoaster.com for the latest news, updates, and packages. To unsubscribe, e-mail: qmailtoaster-list-unsubscr...@qmailtoaster.com For additional commands, e-mail: qmailtoaster-list-h...@qmailtoaster.com