[qmailtoaster] Domainkeys Problem
Untitled DocumentDear All, Till last week my mail were signed by domainkeys but today when i checked and some test messages to google and yahoo it say DomainKey-Status: bad. I dont understand how it can happen on its own when I havent changed anything in my server. When i check my server by sending test mail to http://senderid.espcoalition.org/ it also says that DomainKey-Status: bad: Signature failed verification DKIM-Status: failed (no signature found) SPF records and rest all are OK and verified. how can I make sure that every mail sent by my mail server is signed by the designated private key? Or why doest my sever fails to sign mail?? Regards, Anil Aliyan Asst. Manager (Network) (n)Code Solutions - A Division of GNFC Limited 301, GNFC Infotower, S. G. Highway, Bodakdev, Ahmedabad - 380054 Gujarat. India. [EMAIL PROTECTED] [EMAIL PROTECTED] tel: fax: mobile: +91 79 40007348 +91 79 26857321 +91 98989 94371 All information in this communication, including attachments, is strictly confidential and intended solely for delivery to and authorized use by the address(es) identified above, and may contain privileged, confidential, proprietary and/or trade secret information entitled to protection and/or exempt from disclosure under applicable law. If you are not the intended recipient, please take notice that any use, distribution or copying of this communication, and/or any action taken or omitted to be taken in reliance upon it, is unauthorized and may be unlawful. If you have received this communication in error, please notify the sender and delete/destroy this communication from your computer. image001.jpg
Re: [qmailtoaster] Domainkeys Problem
Anil Aliyan wrote: Dear All, Till last week my mail were signed by domainkeys but today when i checked and some test messages to google and yahoo it say DomainKey-Status: bad. I dont understand how it can happen on its own when I havent changed anything in my server. When i check my server by sending test mail to http://senderid.espcoalition.org/ it also says that *DomainKey-Status*: bad: Signature failed verification *DKIM-Status*: failed (no signature found) SPF records and rest all are OK and verified. how can I make sure that every mail sent by my mail server is signed by the designated private key? Or why doest my sever fails to sign mail?? I know Yahoo is horrible about them - one of their servers will show correct, another will show as bad. I see that your message was signed, but I do not check incoming. A reliable place to test is here by sending a message to [EMAIL PROTECTED] Give that a try and see what it returns.
Re: [qmailtoaster] Domainkeys Problem
Untitled DocumentHi Jakes, I have found out why its happening. Please look at my previous mail it has one html signature at the bottom with my name and company information. I removed html signature and then sent the mail to gmail and it recgnised my signature immidiately. How does any stationary or html signature attached to the mail causes domainkeys go corrupt??? Earlier i sent once test message to the email address you gave it was also saying that Authentication System: DomainKeys Identified Mail Result: (no result present) Reporting host: More information: http://mipassoc.org/dkim/ Sendmail milter: https://sourceforge.net/projects/dkim-milter/ Authentication System: Domain Keys Result: DK signature confirmed BAD Description: Signature verification failed, message may have been tampered with or corrupted Reporting host: sendmail.net More information: http://antispam.yahoo.com/domainkeys Sendmail milter: https://sourceforge.net/projects/domainkeys-milter/ But as soon as i removed the html signature from the stationary it changed to Authentication System: DomainKeys Identified Mail Result: (no result present) Reporting host: More information: http://mipassoc.org/dkim/ Sendmail milter: https://sourceforge.net/projects/dkim-milter/ Authentication System: Domain Keys Result: DK signature confirmed GOOD Description: Signature verified, message arrived intact Reporting host: sendmail.net More information: http://antispam.yahoo.com/domainkeys Sendmail milter: https://sourceforge.net/projects/domainkeys-milter/ Regards, Anil Aliyan - Original Message - From: Jake Vickers To: qmailtoaster-list@qmailtoaster.com Sent: Friday, October 17, 2008 4:49 PM Subject: Re: [qmailtoaster] Domainkeys Problem Anil Aliyan wrote: Dear All, Till last week my mail were signed by domainkeys but today when i checked and some test messages to google and yahoo it say DomainKey-Status: bad. I dont understand how it can happen on its own when I havent changed anything in my server. When i check my server by sending test mail to http://senderid.espcoalition.org/ it also says that DomainKey-Status: bad: Signature failed verification DKIM-Status: failed (no signature found) SPF records and rest all are OK and verified. how can I make sure that every mail sent by my mail server is signed by the designated private key? Or why doest my sever fails to sign mail?? I know Yahoo is horrible about them - one of their servers will show correct, another will show as bad. I see that your message was signed, but I do not check incoming. A reliable place to test is here by sending a message to [EMAIL PROTECTED] Give that a try and see what it returns.
Re: [qmailtoaster] Domainkeys Problem
Untitled DocumentYes, I think you are right. I`ll verify and change the signature and then check the same again. many thanks for your quick response. Regards, Anil Aliyan - Original Message - From: Jake Vickers To: qmailtoaster-list@qmailtoaster.com Sent: Friday, October 17, 2008 5:14 PM Subject: Re: [qmailtoaster] Domainkeys Problem Anil Aliyan wrote: Hi Jakes, I have found out why its happening. Please look at my previous mail it has one html signature at the bottom with my name and company information. I removed html signature and then sent the mail to gmail and it recgnised my signature immidiately. How does any stationary or html signature attached to the mail causes domainkeys go corrupt??? Earlier i sent once test message to the email address you gave it was also saying that Authentication System: DomainKeys Identified Mail Result: (no result present) Reporting host: More information: http://mipassoc.org/dkim/ Sendmail milter: https://sourceforge.net/projects/dkim-milter/ Authentication System: Domain Keys Result: DK signature confirmed BAD Description: Signature verification failed, message may have been tampered with or corrupted Reporting host: sendmail.net More information: http://antispam.yahoo.com/domainkeys Sendmail milter: https://sourceforge.net/projects/domainkeys-milter/ But as soon as i removed the html signature from the stationary it changed to Authentication System: DomainKeys Identified Mail Result: (no result present) Reporting host: More information: http://mipassoc.org/dkim/ Sendmail milter: https://sourceforge.net/projects/dkim-milter/ Authentication System: Domain Keys Result: DK signature confirmed GOOD Description: Signature verified, message arrived intact Reporting host: sendmail.net More information: http://antispam.yahoo.com/domainkeys Sendmail milter: https://sourceforge.net/projects/domainkeys-milter/ Your signature is not HTML, but a Word doc. I only took a brief look, but it looks like your signature ties back to a couple Microsoft websites, so I can see where that would break things. They're meant to show the message is from who it says it is, and untampered with. Since your signature looks like it calls back to external websites for whatever reason that would break either one since that data is NOT from your mail server. Like I said, that was a brief glance. It could be that DK cannot sign a MIME encoded message - try one with an attachment. I sign my accounts, and on one of those accounts I have a signature at the bottom - plain text attached by Thunderbird, and it works fine. I do not think it has anything to do with the MIME encoded message though - I think your Word signature is calling outside and breaking the schema.
Re: [qmailtoaster] Domainkeys Problem
Anil Aliyan wrote: Hi Jakes, I have found out why its happening. Please look at my previous mail it has one html signature at the bottom with my name and company information. I removed html signature and then sent the mail to gmail and it recgnised my signature immidiately. How does any stationary or html signature attached to the mail causes domainkeys go corrupt??? Earlier i sent once test message to the email address you gave it was also saying that Authentication System: DomainKeys Identified Mail Result: (no result present) Reporting host: More information: http://mipassoc.org/dkim/ Sendmail milter: https://sourceforge.net/projects/dkim-milter/ Authentication System: Domain Keys Result: DK signature confirmed BAD Description: Signature verification failed, message may have been tampered with or corrupted Reporting host: sendmail.net More information: http://antispam.yahoo.com/domainkeys Sendmail milter: https://sourceforge.net/projects/domainkeys-milter/ But as soon as i removed the html signature from the stationary it changed to Authentication System: DomainKeys Identified Mail Result: (no result present) Reporting host: More information: http://mipassoc.org/dkim/ Sendmail milter: https://sourceforge.net/projects/dkim-milter/ Authentication System: Domain Keys Result: DK signature confirmed GOOD Description: Signature verified, message arrived intact Reporting host: sendmail.net More information: http://antispam.yahoo.com/domainkeys Sendmail milter: https://sourceforge.net/projects/domainkeys-milter/ Your signature is not HTML, but a Word doc. I only took a brief look, but it looks like your signature ties back to a couple Microsoft websites, so I can see where that would break things. They're meant to show the message is from who it says it is, and untampered with. Since your signature looks like it calls back to external websites for whatever reason that would break either one since that data is NOT from your mail server. Like I said, that was a brief glance. It could be that DK cannot sign a MIME encoded message - try one with an attachment. I sign my accounts, and on one of those accounts I have a signature at the bottom - plain text attached by Thunderbird, and it works fine. I do not think it has anything to do with the MIME encoded message though - I think your Word signature is calling outside and breaking the schema.
Re: [qmailtoaster] DomainKeys Problem
You should be ok then. DKIM is not the same as DK. DKIM is DK's successor (a version 2 of DK of sorts). DKIM is not implemented in the toaster. Anil Aliyan wrote: Yes i have tested it from those sites and it Passes all test except the DKIM-Status: failed (no signature found) Regards, Anil Aliyan - Original Message - From: Eric Shubert [EMAIL PROTECTED] To: qmailtoaster-list@qmailtoaster.com Sent: Friday, July 18, 2008 6:20 AM Subject: Re: [qmailtoaster] DomainKeys Problem Have you seen the DomainKeys wiki page? There is a site or two listed there that can be used for testing. You can send yourself an email and examine the headers to see if there's a DK signature present. That won't tell you if it's value is valid or not though. Anil Aliyan wrote: Hi, How can i verify if mails are signed by domainkeys. I dont see in any qmail logs or in maillog at all that outgoing mails are singed by qmail-dk. Regards, Anil Aliyan - Original Message - From: Ben Mills [EMAIL PROTECTED] To: qmailtoaster-list@qmailtoaster.com Sent: Saturday, July 12, 2008 7:07 PM Subject: Re: [qmailtoaster] DomainKeys Problem Anil Aliyan wrote: Dear All, I have recently intalled qmailtoaster with Domainkeys. But when mails are delivered into yahoo and gmail mailbox the headers shows the as follows: In yahoo it says domainkeys=fail (bad sig) and in gmail it says DomainKey-Status: bad domainkeys=hardfail According to http://domainkeys.sourceforge.net/policycheck.html , you don't have a valid domainkey txt record. I wish I could help you more but it's been so long since I set up domainkeys on my toaster, I recall little about it. At that time there was a bit of disagreement on this list regarding the format of the dns records. With a bit of trial and error, I got mine working. I'm sorry I can't help you more. Maybe you will find the URL I mentioned useful for testing your setup. Good luck, Ben -- -Eric 'shubes' - QmailToaster hosted by: VR Hosted http://www.vr.org - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - QmailToaster hosted by: VR Hosted http://www.vr.org - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] -- -Eric 'shubes' - QmailToaster hosted by: VR Hosted http://www.vr.org - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [qmailtoaster] DomainKeys Problem
Have you seen the DomainKeys wiki page? There is a site or two listed there that can be used for testing. You can send yourself an email and examine the headers to see if there's a DK signature present. That won't tell you if it's value is valid or not though. Anil Aliyan wrote: Hi, How can i verify if mails are signed by domainkeys. I dont see in any qmail logs or in maillog at all that outgoing mails are singed by qmail-dk. Regards, Anil Aliyan - Original Message - From: Ben Mills [EMAIL PROTECTED] To: qmailtoaster-list@qmailtoaster.com Sent: Saturday, July 12, 2008 7:07 PM Subject: Re: [qmailtoaster] DomainKeys Problem Anil Aliyan wrote: Dear All, I have recently intalled qmailtoaster with Domainkeys. But when mails are delivered into yahoo and gmail mailbox the headers shows the as follows: In yahoo it says domainkeys=fail (bad sig) and in gmail it says DomainKey-Status: bad domainkeys=hardfail According to http://domainkeys.sourceforge.net/policycheck.html , you don't have a valid domainkey txt record. I wish I could help you more but it's been so long since I set up domainkeys on my toaster, I recall little about it. At that time there was a bit of disagreement on this list regarding the format of the dns records. With a bit of trial and error, I got mine working. I'm sorry I can't help you more. Maybe you will find the URL I mentioned useful for testing your setup. Good luck, Ben -- -Eric 'shubes' - QmailToaster hosted by: VR Hosted http://www.vr.org - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [qmailtoaster] DomainKeys Problem
Yes i have tested it from those sites and it Passes all test except the DKIM-Status: failed (no signature found) Regards, Anil Aliyan - Original Message - From: Eric Shubert [EMAIL PROTECTED] To: qmailtoaster-list@qmailtoaster.com Sent: Friday, July 18, 2008 6:20 AM Subject: Re: [qmailtoaster] DomainKeys Problem Have you seen the DomainKeys wiki page? There is a site or two listed there that can be used for testing. You can send yourself an email and examine the headers to see if there's a DK signature present. That won't tell you if it's value is valid or not though. Anil Aliyan wrote: Hi, How can i verify if mails are signed by domainkeys. I dont see in any qmail logs or in maillog at all that outgoing mails are singed by qmail-dk. Regards, Anil Aliyan - Original Message - From: Ben Mills [EMAIL PROTECTED] To: qmailtoaster-list@qmailtoaster.com Sent: Saturday, July 12, 2008 7:07 PM Subject: Re: [qmailtoaster] DomainKeys Problem Anil Aliyan wrote: Dear All, I have recently intalled qmailtoaster with Domainkeys. But when mails are delivered into yahoo and gmail mailbox the headers shows the as follows: In yahoo it says domainkeys=fail (bad sig) and in gmail it says DomainKey-Status: bad domainkeys=hardfail According to http://domainkeys.sourceforge.net/policycheck.html , you don't have a valid domainkey txt record. I wish I could help you more but it's been so long since I set up domainkeys on my toaster, I recall little about it. At that time there was a bit of disagreement on this list regarding the format of the dns records. With a bit of trial and error, I got mine working. I'm sorry I can't help you more. Maybe you will find the URL I mentioned useful for testing your setup. Good luck, Ben -- -Eric 'shubes' - QmailToaster hosted by: VR Hosted http://www.vr.org - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - QmailToaster hosted by: VR Hosted http://www.vr.org - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [qmailtoaster] DomainKeys Problem
Hi, How can i verify if mails are signed by domainkeys. I dont see in any qmail logs or in maillog at all that outgoing mails are singed by qmail-dk. Regards, Anil Aliyan - Original Message - From: Ben Mills [EMAIL PROTECTED] To: qmailtoaster-list@qmailtoaster.com Sent: Saturday, July 12, 2008 7:07 PM Subject: Re: [qmailtoaster] DomainKeys Problem Anil Aliyan wrote: Dear All, I have recently intalled qmailtoaster with Domainkeys. But when mails are delivered into yahoo and gmail mailbox the headers shows the as follows: In yahoo it says domainkeys=fail (bad sig) and in gmail it says DomainKey-Status: bad domainkeys=hardfail According to http://domainkeys.sourceforge.net/policycheck.html , you don't have a valid domainkey txt record. I wish I could help you more but it's been so long since I set up domainkeys on my toaster, I recall little about it. At that time there was a bit of disagreement on this list regarding the format of the dns records. With a bit of trial and error, I got mine working. I'm sorry I can't help you more. Maybe you will find the URL I mentioned useful for testing your setup. Good luck, Ben - QmailToaster hosted by: VR Hosted http://www.vr.org - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - QmailToaster hosted by: VR Hosted http://www.vr.org - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [qmailtoaster] DomainKeys Problem
Anil Aliyan wrote: Dear All, I have recently intalled qmailtoaster with Domainkeys. But when mails are delivered into yahoo and gmail mailbox the headers shows the as follows: In yahoo it says domainkeys=fail (bad sig) and in gmail it says DomainKey-Status: bad domainkeys=hardfail According to http://domainkeys.sourceforge.net/policycheck.html , you don't have a valid domainkey txt record. I wish I could help you more but it's been so long since I set up domainkeys on my toaster, I recall little about it. At that time there was a bit of disagreement on this list regarding the format of the dns records. With a bit of trial and error, I got mine working. I'm sorry I can't help you more. Maybe you will find the URL I mentioned useful for testing your setup. Good luck, Ben - QmailToaster hosted by: VR Hosted http://www.vr.org - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
[qmailtoaster] DomainKeys Problem
Dear All, I have recently intalled qmailtoaster with Domainkeys. But when mails are delivered into yahoo and gmail mailbox the headers shows the as follows: In yahoo it says domainkeys=fail (bad sig) and in gmail it says DomainKey-Status: bad domainkeys=hardfail YAHOO: Return-Path: [EMAIL PROTECTED] Authentication-Results: mta151.mail.in.yahoo.com from=gnvfc.net; domainkeys=fail (bad sig) Received: from 125.18.132.20 (EHLO mail.gnvfc.net) (125.18.132.20) by mta151.mail.in.yahoo.com with SMTP; Wed, 09 Jul 2008 12:24:17 +0530 Received: (qmail 1903 invoked by uid 89); 9 Jul 2008 06:48:39 - Comment: DomainKeys? See http://antispam.yahoo.com/domainkeys DomainKey-Signature: a=rsa-sha1; q=dns; c=nofws; s=private; d=gnvfc.net; b=hyTQBAfguveD7nWizlaAOc/pkirbaIkybedzj76oF3M9cYboEvZfG3OkTmh6PYsE; Received: by simscan 1.3.1 ppid: 1897, pid: 1900, t: 0.0498s scanners: attach: 1.3.1 ___ GMAIL: Return-Path: [EMAIL PROTECTED] Received: from mail.gnvfc.net (mail.gnvfc.net [125.18.132.20]) by mx.google.com with ESMTP id k21si8723209waf.8.2008.07.09.00.10.09; Wed, 09 Jul 2008 00:10:18 -0700 (PDT) Received-SPF: pass (google.com: domain of [EMAIL PROTECTED] designates 125.18.132.20 as permitted sender) client-ip=125.18.132.20; DomainKey-Status: bad Authentication-Results: mx.google.com; spf=pass (google.com: domain of [EMAIL PROTECTED] designates 125.18.132.20 as permitted sender) [EMAIL PROTECTED]; domainkeys=hardfail [EMAIL PROTECTED] Received: (qmail 6077 invoked by uid 89); 9 Jul 2008 07:10:10 - Comment: DomainKeys? See http://antispam.yahoo.com/domainkeys DomainKey-Signature: a=rsa-sha1; q=dns; c=nofws; s=private; d=gnvfc.net; b=xdaU2BcTAn3Ih/hoOPlS7VMQODUt0OKDg/OsyW9+HTfTHWHCx00R9OWvYfiRT7Z7; my tcp.smtp configuration is as below: 127.:allow,RELAYCLIENT=,DKSIGN=/var/qmail/control/domainkeys/%/private,RBLSMTPD=,NOP0FCHECK=1 :allow,BADMIMETYPE=,BADLOADERTYPE=M,CHKUSER_RCPTLIMIT=50,CHKUSER_WRONGRCPTLIMIT=10,QMAILQUEUE=/var/qmail/bin/simscan,DKVERIFY=BDEGIJKfh,DKQUEUE=/var/qmail/bin/qmail-queue.orig,DKSIGN=/var/qmail/control/domainkeys/%/private,NOP0FCHECK=1 my dns configurations is as below: _domainkey.gnvfc.net. IN TXT t=y; o=~ private._domainkey IN TXT k=rsa; p=MEwwDQYJKoZIhvcNAQEBBQADOwAwOAIxAMuTneJEmSJbD9p967da4JPx0K5o52AQ7gKpD8i+yQajaOKdHL35Twu0FlMNO3vC1wIDAQAB How can i resolve the bad sig problem with my mails. Regards, Anil Aliyan - QmailToaster hosted by: VR Hosted http://www.vr.org - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]