RE: [qmailtoaster] Domainkeys Problems
I just ran these again today and they failed on Domainkeys test. I set this up about a month ago so DNS should have updated already. I used sa-t...@sendmail.net with the following results: Authentication System: DomainKeys Identified Mail Result: (no result present) Reporting host: More information: http://mipassoc.org/dkim/ Sendmail milter: https://sourceforge.net/projects/dkim-milter/ Authentication System: Domain Keys Result: DK signature confirmed BAD Description: Signature verification failed, message may have been tampered with or corrupted Reporting host: sendmail.net More information: http://antispam.yahoo.com/domainkeys Sendmail milter: https://sourceforge.net/projects/domainkeys-milter/ Authentication System: Sender ID Result: SID data confirmed GOOD Description: Sending host is authorized for sending domain Reporting host: sendmail.net More information: http://www.microsoft.com/senderid Sendmail milter: https://sourceforge.net/projects/sid-milter/ Authentication System: Sender Permitted From (SPF) Result: SPF data confirmed GOOD Description: Sending host is authorized for sending domain Reporting host: sendmail.net More information: http://spf.pobox.com/ And I also used email-t...@qmailtoaster.com with the results: Here are the spamassassin headers from this server: No, score=0.6 required=5.0 tests=AWL,DK_POLICY_SIGNALL, DK_SIGNED,HTML_MESSAGE,RDNS_NONE autolearn=no version=3.2.5 Return path was: John Raley j...@fmcfinance.net Original test request was sent using: SPF Record: PASS Sent from a valid domain: PASS DomainKey: FAIL Odd. In that case, what services did you test with that did not work? And when did you enable Domainkeys? Is it possible that your updated DNS information had not yet spread and that those services were using cached (and therefor wrong) DNS information. E.g. they might not have been able to see the selector or policy record... -- Corporation. An ingenious device for obtaining individual profit without individual responsibility. Bierce, Ambrose - Qmailtoaster is sponsored by Vickers Consulting Group (www.vickersconsulting.com) Vickers Consulting Group offers Qmailtoaster support and installations. If you need professional help with your setup, contact them today! - Please visit qmailtoaster.com for the latest news, updates, and packages. To unsubscribe, e-mail: qmailtoaster-list-unsubscr...@qmailtoaster.com For additional commands, e-mail: qmailtoaster-list-h...@qmailtoaster.com
Re: [qmailtoaster] Domainkeys Problems
John, Hm, I used the tools on http://domainkeys.sourceforge.net to verify if your DNS setup is correct and all appears to be in order. Since the outgoing mail is signed and that looks good, too (pointing to the right selector), I really am at a loss here. Do you have a sample header for a rejected email? E.g. could you sent this to some webmail account like google or yahoo and send the headers that will produce? If need be, you should set the policy record to signs SOME mail (curently it says it signs all email), so that your tests do not get blocked and keep you from investigating this... That's all I can think of. Anyone else got some more ideas? Martin Am 02.02.2010 um 11:49 schrieb John Raley: Every email testing service I have tested fails on domainkeys for my qmailtoaster server. I tested my DNS TXT record and came back with: ANSWER SECTION: private._domainkey.fmcfinance.net. 86400 IN TXTk=rsa\ p=MEwwDQYJKoZIhvcNAQEBBQADOwAwOAIxAOIOlQryOFli9YpaxW4XMJL6GQni/tqs2OWSAXPGSUE6AOkaTGyogIpkqJAC/GVrvQIDAQAB This is the header for an email I sent myself: Content-Filter: maildrop-toaster Return-Path: j...@fmcfinance.net Delivered-To: fmcfinance.net-j...@fmcfinance.net Received: (qmail 4136 invoked by uid 89); 2 Feb 2010 16:13:17 - Comment: DomainKeys? See http://antispam.yahoo.com/domainkeys DomainKey-Signature: a=rsa-sha1; q=dns; c=nofws; s=private; d=fmcfinance.net; b=r7PY5hXyE/+6tJ64WKaNpbjIMblrPCPuvQJgWGzhALsUwZNIQEXo4HL8x7uF0kET; Received: from unknown (HELO JohnLaptop) (j...@fmcfinance.net@10.1.100.21) by mail.fmcfinance.net with ESMTPA; 2 Feb 2010 16:13:17 - From: John Raley j...@fmcfinance.net To: 'John Raley' j...@fmcfinance.net Subject: Domainkeys Test Date: Tue, 2 Feb 2010 10:12:56 -0600 Message-ID: 004001caa422$94b8c1e0$be2a45...@net MIME-Version: 1.0 Content-Type: multipart/alternative; boundary==_NextPart_000_0041_01CAA3F0.4A1E51E0 X-Mailer: Microsoft Office Outlook 12.0 Thread-Index: AcqkIpRsAWDWMaj7TjyN5swSyM9FbQ== Content-Language: en-us I followed the video on the qmailtoaster website “How to setup DomainKeys for Qmailtoaster and Bind.” Any other information that can help troubleshoot this, just let me know. -- Years ago my mother used to say to me, she'd say, 'In this world, Elwood, you must be oh so smart or oh so pleasant.' Well, for years I was smart. I recommend pleasant. You may quote me. James Stewart as Elwood P. Dowd in 'Harvey' - Qmailtoaster is sponsored by Vickers Consulting Group (www.vickersconsulting.com) Vickers Consulting Group offers Qmailtoaster support and installations. If you need professional help with your setup, contact them today! - Please visit qmailtoaster.com for the latest news, updates, and packages. To unsubscribe, e-mail: qmailtoaster-list-unsubscr...@qmailtoaster.com For additional commands, e-mail: qmailtoaster-list-h...@qmailtoaster.com
RE: [qmailtoaster] Domainkeys Problems
-Original Message- From: Martin Waschbuesch [mailto:mar...@waschbuesch.de] Sent: Tuesday, February 02, 2010 11:10 AM To: qmailtoaster-list@qmailtoaster.com Subject: Re: [qmailtoaster] Domainkeys Problems John, Hm, I used the tools on http://domainkeys.sourceforge.net to verify if your DNS setup is correct and all appears to be in order. Since the outgoing mail is signed and that looks good, too (pointing to the right selector), I really am at a loss here. Do you have a sample header for a rejected email? E.g. could you sent this to some webmail account like google or yahoo and send the headers that will produce? If need be, you should set the policy record to signs SOME mail (curently it says it signs all email), so that your tests do not get blocked and keep you from investigating this... That's all I can think of. Anyone else got some more ideas? Martin Am 02.02.2010 um 11:49 schrieb John Raley: Every email testing service I have tested fails on domainkeys for my qmailtoaster server. I tested my DNS TXT record and came back with: ANSWER SECTION: private._domainkey.fmcfinance.net. 86400 IN TXTk=rsa\ p=MEwwDQYJKoZIhvcNAQEBBQADOwAwOAIxAOIOlQryOFli9YpaxW4XMJL6GQni/tqs2OWSA XPGSUE6AOkaTGyogIpkqJAC/GVrvQIDAQAB This is the header for an email I sent myself: Content-Filter: maildrop-toaster Return-Path: j...@fmcfinance.net Delivered-To: fmcfinance.net-j...@fmcfinance.net Received: (qmail 4136 invoked by uid 89); 2 Feb 2010 16:13:17 - Comment: DomainKeys? See http://antispam.yahoo.com/domainkeys DomainKey-Signature: a=rsa-sha1; q=dns; c=nofws; s=private; d=fmcfinance.net; b=r7PY5hXyE/+6tJ64WKaNpbjIMblrPCPuvQJgWGzhALsUwZNIQEXo4HL8x7uF0kET; Received: from unknown (HELO JohnLaptop) (j...@fmcfinance.net@10.1.100.21) by mail.fmcfinance.net with ESMTPA; 2 Feb 2010 16:13:17 - From: John Raley j...@fmcfinance.net To: 'John Raley' j...@fmcfinance.net Subject: Domainkeys Test Date: Tue, 2 Feb 2010 10:12:56 -0600 Message-ID: 004001caa422$94b8c1e0$be2a45...@net MIME-Version: 1.0 Content-Type: multipart/alternative; boundary==_NextPart_000_0041_01CAA3F0.4A1E51E0 X-Mailer: Microsoft Office Outlook 12.0 Thread-Index: AcqkIpRsAWDWMaj7TjyN5swSyM9FbQ== Content-Language: en-us I followed the video on the qmailtoaster website How to setup DomainKeys for Qmailtoaster and Bind. Any other information that can help troubleshoot this, just let me know. -- Years ago my mother used to say to me, she'd say, 'In this world, Elwood, you must be oh so smart or oh so pleasant.' Well, for years I was smart. I recommend pleasant. You may quote me. James Stewart as Elwood P. Dowd in 'Harvey' --- -- Qmailtoaster is sponsored by Vickers Consulting Group (www.vickersconsulting.com) Vickers Consulting Group offers Qmailtoaster support and installations. If you need professional help with your setup, contact them today! --- -- Please visit qmailtoaster.com for the latest news, updates, and packages. To unsubscribe, e-mail: qmailtoaster-list- unsubscr...@qmailtoaster.com For additional commands, e-mail: qmailtoaster-list- h...@qmailtoaster.com Actually gmail says it passes Domainkeys check. This is the header for an email I just sent my gmail account: Delivered-To: trols...@gmail.com Received: by 10.100.210.10 with SMTP id i10cs34536ang; Tue, 2 Feb 2010 09:24:18 -0800 (PST) Received: by 10.150.251.10 with SMTP id y10mr8970648ybh.131.1265131458112; Tue, 02 Feb 2010 09:24:18 -0800 (PST) Return-Path: j...@fmcfinance.net Received: from mail.fmcfinance.net (mail.fmcfinance.net [207.203.115.100]) by mx.google.com with ESMTP id 17si13367599yxe.134.2010.02.02.09.24.16; Tue, 02 Feb 2010 09:24:16 -0800 (PST) Received-SPF: pass (google.com: domain of j...@fmcfinance.net designates 207.203.115.100 as permitted sender) client-ip=207.203.115.100; DomainKey-Status: good Authentication-Results: mx.google.com; spf=pass (google.com: domain of j...@fmcfinance.net designates 207.203.115.100 as permitted sender) smtp.mail=j...@fmcfinance.net; domainkeys=pass header.from=j...@fmcfinance.net Received: (qmail 11210 invoked by uid 89); 2 Feb 2010 17:24:26 - Comment: DomainKeys? See http://antispam.yahoo.com/domainkeys DomainKey-Signature: a=rsa-sha1; q=dns; c=nofws; s=private; d=fmcfinance.net; b=XCeWdhi32GqN9cWW35nEH6yooG74pZ5+CtvwdSouh66DCCJxzagtm17SJenzV5sI; Received: from unknown (HELO JohnLaptop) (j...@fmcfinance.net@10.1.100.21) by mail.fmcfinance.net with ESMTPA; 2 Feb 2010 17:24:26 - From: John Raley j...@fmcfinance.net To: trols...@gmail.com Subject: Testing Domainkeys Date: Tue, 2 Feb 2010 11:24:05 -0600 Message-ID: 006401caa42c$85561d10$900257...@net MIME
Re: [qmailtoaster] Domainkeys Problems
Actually gmail says it passes Domainkeys check. This is the header for an email I just sent my gmail account: Odd. In that case, what services did you test with that did not work? And when did you enable Domainkeys? Is it possible that your updated DNS information had not yet spread and that those services were using cached (and therefor wrong) DNS information. E.g. they might not have been able to see the selector or policy record... -- Corporation. An ingenious device for obtaining individual profit without individual responsibility. Bierce, Ambrose - Qmailtoaster is sponsored by Vickers Consulting Group (www.vickersconsulting.com) Vickers Consulting Group offers Qmailtoaster support and installations. If you need professional help with your setup, contact them today! - Please visit qmailtoaster.com for the latest news, updates, and packages. To unsubscribe, e-mail: qmailtoaster-list-unsubscr...@qmailtoaster.com For additional commands, e-mail: qmailtoaster-list-h...@qmailtoaster.com
RE: [qmailtoaster] Domainkeys Problems
Hi All, Same thing happened with me when I setup domainkeys and dkim for my mailserver and published my public key in the DNS. Some of the public mailserver like gmail start reading the dns entry after few hours but some other mailserver like yahoo takes time to update their dns server/dns caching servers. So one should wait for atleast 3-4 days from the day you publish your public key in the DNS to be reflected globally. Regards, Anil Aliyan -Original Message- From: Martin Waschbuesch [mailto:mar...@waschbuesch.de] Sent: Wednesday, February 03, 2010 2:23 AM To: qmailtoaster-list@qmailtoaster.com Subject: Re: [qmailtoaster] Domainkeys Problems Actually gmail says it passes Domainkeys check. This is the header for an email I just sent my gmail account: Odd. In that case, what services did you test with that did not work? And when did you enable Domainkeys? Is it possible that your updated DNS information had not yet spread and that those services were using cached (and therefor wrong) DNS information. E.g. they might not have been able to see the selector or policy record... -- Corporation. An ingenious device for obtaining individual profit without individual responsibility. Bierce, Ambrose - Qmailtoaster is sponsored by Vickers Consulting Group (www.vickersconsulting.com) Vickers Consulting Group offers Qmailtoaster support and installations. If you need professional help with your setup, contact them today! - Please visit qmailtoaster.com for the latest news, updates, and packages. To unsubscribe, e-mail: qmailtoaster-list-unsubscr...@qmailtoaster.com For additional commands, e-mail: qmailtoaster-list-h...@qmailtoaster.com - Qmailtoaster is sponsored by Vickers Consulting Group (www.vickersconsulting.com) Vickers Consulting Group offers Qmailtoaster support and installations. If you need professional help with your setup, contact them today! - Please visit qmailtoaster.com for the latest news, updates, and packages. To unsubscribe, e-mail: qmailtoaster-list-unsubscr...@qmailtoaster.com For additional commands, e-mail: qmailtoaster-list-h...@qmailtoaster.com
Re: [qmailtoaster] Domainkeys Problems
You should be able to adjust the TTL to a lower level before iinstalling domainkeys to obtain faster implementation on DNS servers. Once a week or so has passed up the TTL to the standard 38400 IIRC. Don't go too low or you can have problems. 3600 should be enough. On 02/02/2010 09:08 PM, Anil Aliyan wrote: Hi All, Same thing happened with me when I setup domainkeys and dkim for my mailserver and published my public key in the DNS. Some of the public mailserver like gmail start reading the dns entry after few hours but some other mailserver like yahoo takes time to update their dns server/dns caching servers. So one should wait for atleast 3-4 days from the day you publish your public key in the DNS to be reflected globally. Regards, Anil Aliyan -Original Message- From: Martin Waschbuesch [mailto:mar...@waschbuesch.de] Sent: Wednesday, February 03, 2010 2:23 AM To: qmailtoaster-list@qmailtoaster.com Subject: Re: [qmailtoaster] Domainkeys Problems Actually gmail says it passes Domainkeys check. This is the header for an email I just sent my gmail account: Odd. In that case, what services did you test with that did not work? And when did you enable Domainkeys? Is it possible that your updated DNS information had not yet spread and that those services were using cached (and therefor wrong) DNS information. E.g. they might not have been able to see the selector or policy record... -- Corporation. An ingenious device for obtaining individual profit without individual responsibility. Bierce, Ambrose - Qmailtoaster is sponsored by Vickers Consulting Group (www.vickersconsulting.com) Vickers Consulting Group offers Qmailtoaster support and installations. If you need professional help with your setup, contact them today! - Please visit qmailtoaster.com for the latest news, updates, and packages. To unsubscribe, e-mail: qmailtoaster-list-unsubscr...@qmailtoaster.com For additional commands, e-mail: qmailtoaster-list-h...@qmailtoaster.com - Qmailtoaster is sponsored by Vickers Consulting Group (www.vickersconsulting.com) Vickers Consulting Group offers Qmailtoaster support and installations. If you need professional help with your setup, contact them today! - Please visit qmailtoaster.com for the latest news, updates, and packages. To unsubscribe, e-mail: qmailtoaster-list-unsubscr...@qmailtoaster.com For additional commands, e-mail: qmailtoaster-list-h...@qmailtoaster.com -- Cecil Yother, Jr. cj cj's 2318 Clement Ave Alameda, CA 94501 tel 510.865.2787 | fax 510.864.7300 http://yother.com - Qmailtoaster is sponsored by Vickers Consulting Group (www.vickersconsulting.com) Vickers Consulting Group offers Qmailtoaster support and installations. If you need professional help with your setup, contact them today! - Please visit qmailtoaster.com for the latest news, updates, and packages. To unsubscribe, e-mail: qmailtoaster-list-unsubscr...@qmailtoaster.com For additional commands, e-mail: qmailtoaster-list-h...@qmailtoaster.com