Re: [qmailtoaster] Re: Strange Behavior of Domainkey

2011-01-03 Thread Nigel Reed
13) chmod 777 /var/qmail/bin/qmail-remote

Yeah, no so sure about this line.

[r...@wibble dkim]# ls -l /var/qmail/control/dkim/
total 12
-rw-r--r-- 1 root   root  396 2011-01-03 13:31 global.key
-rw-r--r-- 1 root   root  140 2011-01-03 13:31 public.txt
-rw-r--r-- 1 qmailr qmail 250 2011-01-03 13:30 signconf.xml

Plus, all your keys are world readable. Is that how it should be? What should 
the proper ownership permissions be?






From: Amit Dalia a...@ikf.co.in
To: qmailtoaster-list@qmailtoaster.com qmailtoaster-list@qmailtoaster.com
Sent: Wed, December 29, 2010 12:36:54 PM
Subject: [qmailtoaster] Re: Strange Behavior of Domainkey

Hi all,

I was just going with mails after long time. So waiting for new version of 
qmail 
toaster. Anyway I had already posted a wiki page on how to setup DKIM with 
qmail 
toaster long time back. Please find the link for same below:

http://wiki.qmailtoaster.com/index.php/How_to_Setup_DKIM_with_Qmail_Toaster

-- Amit

At Wednesday, 29-12-2010 on 22:54 Eric Shubert wrote:

On 12/29/2010 12:59 AM, Martin Waschbüsch wrote:
 Hi all,

 The problem with the stock domainkey configuration is that it will only sign 
things when they enter the queue. If any application uses qmail as sendmail 
replacement (e.g. a locally installed squirrelmail or horde webmail can be 
configured to do it), then the message will not be signed.
 The DKIM replacement (there was a video Jake did on that) is much better - 
 it 
will sign messages when they LEAVE the system and it can be configured to do 
DKIM and Domainkeys.

 I'd really recommend replacing the stock domainkeys config by the dkim 
enhancement. There should also be a page on the wiki about it.

I agree. Anil, would you care to take on creating some wiki content for 
this? You needn't worry about making it polished - someone else may edit 
it once the initial draft is out there.

-- 
-Eric 'shubes'


-

Qmailtoaster is sponsored by Vickers Consulting Group 
(www.vickersconsulting.com)
Vickers Consulting Group offers Qmailtoaster support and installations.
If you need professional help with your setup, contact them today!
-

Please visit qmailtoaster.com for the latest news, updates, and packages.

To unsubscribe, e-mail: qmailtoaster-list-unsubscr...@qmailtoaster.com
For additional commands, e-mail: qmailtoaster-list-h...@qmailtoaster.com 


  

Re: [qmailtoaster] Re: Strange Behavior of Domainkey

2011-01-03 Thread Nigel Reed
So what's this dkim neutral bad format I'm getting?
(domain and IP hidden for obvious reasons)


Authentication-Results: mx.google.com; spf=pass (google.com: domain of 
ni...@nospamthanks.com designates xx.xx.202.194 as permitted sender) 
smtp.mail=ni...@nospamthanks.com; dkim=neutral (bad format) 
header...@nospamthanks.com







From: Amit Dalia a...@ikf.co.in
To: qmailtoaster-list@qmailtoaster.com qmailtoaster-list@qmailtoaster.com
Sent: Wed, December 29, 2010 12:36:54 PM
Subject: [qmailtoaster] Re: Strange Behavior of Domainkey

Hi all,

I was just going with mails after long time. So waiting for new version of 
qmail 
toaster. Anyway I had already posted a wiki page on how to setup DKIM with 
qmail 
toaster long time back. Please find the link for same below:

http://wiki.qmailtoaster.com/index.php/How_to_Setup_DKIM_with_Qmail_Toaster

-- Amit

At Wednesday, 29-12-2010 on 22:54 Eric Shubert wrote:

On 12/29/2010 12:59 AM, Martin Waschbüsch wrote:
 Hi all,

 The problem with the stock domainkey configuration is that it will only sign 
things when they enter the queue. If any application uses qmail as sendmail 
replacement (e.g. a locally installed squirrelmail or horde webmail can be 
configured to do it), then the message will not be signed.
 The DKIM replacement (there was a video Jake did on that) is much better - 
 it 
will sign messages when they LEAVE the system and it can be configured to do 
DKIM and Domainkeys.

 I'd really recommend replacing the stock domainkeys config by the dkim 
enhancement. There should also be a page on the wiki about it.

I agree. Anil, would you care to take on creating some wiki content for 
this? You needn't worry about making it polished - someone else may edit 
it once the initial draft is out there.

-- 
-Eric 'shubes'


-

Qmailtoaster is sponsored by Vickers Consulting Group 
(www.vickersconsulting.com)
Vickers Consulting Group offers Qmailtoaster support and installations.
If you need professional help with your setup, contact them today!
-

Please visit qmailtoaster.com for the latest news, updates, and packages.

To unsubscribe, e-mail: qmailtoaster-list-unsubscr...@qmailtoaster.com
For additional commands, e-mail: qmailtoaster-list-h...@qmailtoaster.com 


  

Re: [qmailtoaster] Re: Strange Behavior of Domainkey

2010-12-29 Thread yardu
Thanks guys for the advices.
I'll switch to dkim then,


~yuri

 On 12/29/2010 12:59 AM, Martin Waschbüsch wrote:
 Hi all,

 The problem with the stock domainkey configuration is that it will only
 sign things when they enter the queue. If any application uses qmail as
 sendmail replacement (e.g. a locally installed squirrelmail or horde
 webmail can be configured to do it), then the message will not be
 signed.
 The DKIM replacement (there was a video Jake did on that) is much better
 - it will sign messages when they LEAVE the system and it can be
 configured to do DKIM and Domainkeys.

 I'd really recommend replacing the stock domainkeys config by the dkim
 enhancement. There should also be a page on the wiki about it.

 I agree. Anil, would you care to take on creating some wiki content for
 this? You needn't worry about making it polished - someone else may edit
 it once the initial draft is out there.

 --
 -Eric 'shubes'


 -
 Qmailtoaster is sponsored by Vickers Consulting Group
 (www.vickersconsulting.com)
 Vickers Consulting Group offers Qmailtoaster support and
 installations.
   If you need professional help with your setup, contact them today!
 -
  Please visit qmailtoaster.com for the latest news, updates, and
 packages.

   To unsubscribe, e-mail:
 qmailtoaster-list-unsubscr...@qmailtoaster.com
  For additional commands, e-mail:
 qmailtoaster-list-h...@qmailtoaster.com






-
Qmailtoaster is sponsored by Vickers Consulting Group 
(www.vickersconsulting.com)
Vickers Consulting Group offers Qmailtoaster support and installations.
  If you need professional help with your setup, contact them today!
-
 Please visit qmailtoaster.com for the latest news, updates, and packages.
 
  To unsubscribe, e-mail: qmailtoaster-list-unsubscr...@qmailtoaster.com
 For additional commands, e-mail: qmailtoaster-list-h...@qmailtoaster.com




Re: [qmailtoaster] Re: Strange Behavior of Domainkey

2010-12-28 Thread yardu
SPF is configured and not causing any problem in both cases.
I was contemplating the possibility that it could be some difference in
the config line for localhost vs anything else, but i made them identical
as well. and it doesn't help :(

127.:allow,RELAYCLIENT=,DKSIGN=/var/qmail/control/domainkeys/%/private,RBLSMTPD=,NOP0FCHECK=1
192.168.1.60:allow,RELAYCLIENT=,DKSIGN=/var/qmail/control/domainkeys/%/private,RBLSMTPD=,NOP0FCHECK=1
:allow,BADMIMETYPE=,BADLOADERTYPE=M,CHKUSER_RCPTLIMIT=50,CHKUSER_WRONGRCPTLIMIT=10,DKSIGN=/var/qmail/control/domainkeys/%/private




 On 12/28/2010 02:36 AM, Anil Aliyan wrote:
 Is your tcp.smtp configuration for localhost or mailserver and you
 client
 has the same configuration?

 This is on the right track. The 'stock' configuration for squirrelmail
 presently uses an open relay configuration for localhost, with no
 authentication (this will hopefully change in v2). For the sake of
 consistency (and a little better security), I change my SM config to
 submit via port 587 and authenticate, and remove the 127.: line from
 tcp.smtp. See http://wiki.qmailtoaster.com/index.php/Fetchmail for such
 SM configuration.

 I expect that this will not fix your problem, and will cause the problem
 to exist with SM as well as Outlook. There's something to be said for
 consistency. ;)

 How have you implemented DK? The 'stock' configuration is a bit flakey.
 I think that there is a DKIM implementation that works well, although I
 haven't used it personally yet. I would look into DKIM (as opposed to
 using DK) if you haven't already.

 Have you configured SPF records for your clients network in your DNS
 records?

 Shouldn't need this, as SPF has to do with the server which sends the
 message, not client (origin) addresses.

 Regards,

 Anil Aliyan

 Thanks for your input, Anil. I'll let you help Yuri on this further.

 -Original Message-
 From: ya...@ardmail.com [mailto:ya...@ardmail.com]
 Sent: 28 December 2010 14:36
 To: qmailtoaster-list@qmailtoaster.com
 Subject: [qmailtoaster] Strange Behavior of Domainkey


 Hello,

 I noticed very strange behavior of domainkey with yahoo :( if i am
 sending
 the mail from squirrelmail everything works and yahoo passing the
 signature.
 if i am sending the same mail from outlook client yahoo says the
 signature
 is bad.

 is this a problem of my configuration?
 Any help will be appreciated.

 Thanks,

 ~yuri



 
 -
 Qmailtoaster is sponsored by Vickers Consulting Group
 (www.vickersconsulting.com)
  Vickers Consulting Group offers Qmailtoaster support and
 installations.
If you need professional help with your setup, contact them
 today!
 
 -
   Please visit qmailtoaster.com for the latest news, updates, and
 packages.

To unsubscribe, e-mail:
 qmailtoaster-list-unsubscr...@qmailtoaster.com
   For additional commands, e-mail:
 qmailtoaster-list-h...@qmailtoaster.com




 -
 Qmailtoaster is sponsored by Vickers Consulting Group
 (www.vickersconsulting.com)
  Vickers Consulting Group offers Qmailtoaster support and
 installations.
If you need professional help with your setup, contact them
 today!


 --
 -Eric 'shubes'


 -
 Qmailtoaster is sponsored by Vickers Consulting Group
 (www.vickersconsulting.com)
 Vickers Consulting Group offers Qmailtoaster support and
 installations.
   If you need professional help with your setup, contact them today!
 -
  Please visit qmailtoaster.com for the latest news, updates, and
 packages.

   To unsubscribe, e-mail:
 qmailtoaster-list-unsubscr...@qmailtoaster.com
  For additional commands, e-mail:
 qmailtoaster-list-h...@qmailtoaster.com






-
Qmailtoaster is sponsored by Vickers Consulting Group 
(www.vickersconsulting.com)
Vickers Consulting Group offers Qmailtoaster support and installations.
  If you need professional help with your setup, contact them today!
-
 Please visit qmailtoaster.com for the latest news, updates, and packages.
 
  To unsubscribe, e-mail: qmailtoaster-list-unsubscr...@qmailtoaster.com
 For additional commands, e-mail: qmailtoaster-list-h...@qmailtoaster.com




RE: [qmailtoaster] Re: Strange Behavior of Domainkey

2010-12-28 Thread Anil Aliyan
I agree. SPF has nothing to do with signing of the mail by Domainkeys or
DKIM.

If need any help in setting up DKIM please let me know. I have 5 servers and
all are configured with DKIM and working without any issue.


Regards,

Anil Aliyan


-Original Message-
From: Eric Shubert [mailto:e...@shubes.net] 
Sent: 28 December 2010 23:24
To: qmailtoaster-list@qmailtoaster.com
Subject: [qmailtoaster] Re: Strange Behavior of Domainkey

The stock qmail-dk is just plain broken. It sometimes works, but it also
fails to sign properly in some (unpredictable AFAICT) circumstances. I
recommmend using DKIM if you really need to sign messages with a key.
--
-Eric 'shubes'

On 12/28/2010 10:34 AM, ya...@ardmail.com wrote:
 SPF is configured and not causing any problem in both cases.
 I was contemplating the possibility that it could be some difference 
 in the config line for localhost vs anything else, but i made them 
 identical as well. and it doesn't help :(


127.:allow,RELAYCLIENT=,DKSIGN=/var/qmail/control/domainkeys/%/private,R
BLSMTPD=,NOP0FCHECK=1

192.168.1.60:allow,RELAYCLIENT=,DKSIGN=/var/qmail/control/domainkeys/%/pr
ivate,RBLSMTPD=,NOP0FCHECK=1

:allow,BADMIMETYPE=,BADLOADERTYPE=M,CHKUSER_RCPTLIMIT=50,CHKUSER_WRONG
RCPTLIMIT=10,DKSIGN=/var/qmail/control/domainkeys/%/private




 On 12/28/2010 02:36 AM, Anil Aliyan wrote:
 Is your tcp.smtp configuration for localhost or mailserver and you 
 client has the same configuration?

 This is on the right track. The 'stock' configuration for 
 squirrelmail presently uses an open relay configuration for 
 localhost, with no authentication (this will hopefully change in v2). 
 For the sake of consistency (and a little better security), I change 
 my SM config to submit via port 587 and authenticate, and remove the 
 127.: line from tcp.smtp. See 
 http://wiki.qmailtoaster.com/index.php/Fetchmail for such SM
configuration.

 I expect that this will not fix your problem, and will cause the 
 problem to exist with SM as well as Outlook. There's something to be 
 said for consistency. ;)

 How have you implemented DK? The 'stock' configuration is a bit flakey.
 I think that there is a DKIM implementation that works well, although 
 I haven't used it personally yet. I would look into DKIM (as opposed 
 to using DK) if you haven't already.

 Have you configured SPF records for your clients network in your DNS 
 records?

 Shouldn't need this, as SPF has to do with the server which sends the 
 message, not client (origin) addresses.

 Regards,

 Anil Aliyan

 Thanks for your input, Anil. I'll let you help Yuri on this further.

 -Original Message-
 From: ya...@ardmail.com [mailto:ya...@ardmail.com]
 Sent: 28 December 2010 14:36
 To: qmailtoaster-list@qmailtoaster.com
 Subject: [qmailtoaster] Strange Behavior of Domainkey


 Hello,

 I noticed very strange behavior of domainkey with yahoo :( if i am 
 sending the mail from squirrelmail everything works and yahoo 
 passing the signature.
 if i am sending the same mail from outlook client yahoo says the 
 signature is bad.

 is this a problem of my configuration?
 Any help will be appreciated.

 Thanks,

 ~yuri



 
 
 -
 Qmailtoaster is sponsored by Vickers Consulting Group
 (www.vickersconsulting.com)
   Vickers Consulting Group offers Qmailtoaster support and 
 installations.
 If you need professional help with your setup, contact them 
 today!
 
 
 -
Please visit qmailtoaster.com for the latest news, updates, 
 and packages.

 To unsubscribe, e-mail:
 qmailtoaster-list-unsubscr...@qmailtoaster.com
For additional commands, e-mail:
 qmailtoaster-list-h...@qmailtoaster.com




 
 - Qmailtoaster is sponsored by Vickers Consulting Group
 (www.vickersconsulting.com)
   Vickers Consulting Group offers Qmailtoaster support and 
 installations.
 If you need professional help with your setup, contact them 
 today!


 --
 -Eric 'shubes'


 -
  Qmailtoaster is sponsored by Vickers Consulting Group
 (www.vickersconsulting.com)
  Vickers Consulting Group offers Qmailtoaster support and 
 installations.
If you need professional help with your setup, contact them today!


-
   Please visit qmailtoaster.com for the latest news, updates, and 
 packages.

To unsubscribe, e-mail:
 qmailtoaster-list-unsubscr...@qmailtoaster.com
   For additional commands, e-mail:
 qmailtoaster-list-h...@qmailtoaster.com






 --
 --- Qmailtoaster is sponsored by Vickers Consulting Group

Re: [qmailtoaster] Re: Strange Behavior of Domainkey

2010-12-28 Thread Martin Waschbüsch
Hi all,

The problem with the stock domainkey configuration is that it will only sign 
things when they enter the queue. If any application uses qmail as sendmail 
replacement (e.g. a locally installed squirrelmail or horde webmail can be 
configured to do it), then the message will not be signed.
The DKIM replacement (there was a video Jake did on that) is much better - it 
will sign messages when they LEAVE the system and it can be configured to do 
DKIM and Domainkeys.

I'd really recommend replacing the stock domainkeys config by the dkim 
enhancement. There should also be a page on the wiki about it.

Thanks,

Martin

--
Martin Waschbüsch
IT-Dienstleistungen
Lautensackstr. 16
80687 München

Telefon: +49 89 57005708
Fax: +49 89 57868023
Mobil: +49 170 2189794
mar...@waschbuesch.de
http://martin.waschbuesch.de

Am 28.12.2010 um 18:53 schrieb Eric Shubert:

 The stock qmail-dk is just plain broken. It sometimes works, but it also 
 fails to sign properly in some (unpredictable AFAICT) circumstances. I 
 recommmend using DKIM if you really need to sign messages with a key.
 -- 
 -Eric 'shubes'
 
 On 12/28/2010 10:34 AM, ya...@ardmail.com wrote:
 SPF is configured and not causing any problem in both cases.
 I was contemplating the possibility that it could be some difference in
 the config line for localhost vs anything else, but i made them identical
 as well. and it doesn't help :(
 
 127.:allow,RELAYCLIENT=,DKSIGN=/var/qmail/control/domainkeys/%/private,RBLSMTPD=,NOP0FCHECK=1
 192.168.1.60:allow,RELAYCLIENT=,DKSIGN=/var/qmail/control/domainkeys/%/private,RBLSMTPD=,NOP0FCHECK=1
 :allow,BADMIMETYPE=,BADLOADERTYPE=M,CHKUSER_RCPTLIMIT=50,CHKUSER_WRONGRCPTLIMIT=10,DKSIGN=/var/qmail/control/domainkeys/%/private
 
 
 
 
 On 12/28/2010 02:36 AM, Anil Aliyan wrote:
 Is your tcp.smtp configuration for localhost or mailserver and you
 client
 has the same configuration?
 
 This is on the right track. The 'stock' configuration for squirrelmail
 presently uses an open relay configuration for localhost, with no
 authentication (this will hopefully change in v2). For the sake of
 consistency (and a little better security), I change my SM config to
 submit via port 587 and authenticate, and remove the 127.: line from
 tcp.smtp. See http://wiki.qmailtoaster.com/index.php/Fetchmail for such
 SM configuration.
 
 I expect that this will not fix your problem, and will cause the problem
 to exist with SM as well as Outlook. There's something to be said for
 consistency. ;)
 
 How have you implemented DK? The 'stock' configuration is a bit flakey.
 I think that there is a DKIM implementation that works well, although I
 haven't used it personally yet. I would look into DKIM (as opposed to
 using DK) if you haven't already.
 
 Have you configured SPF records for your clients network in your DNS
 records?
 
 Shouldn't need this, as SPF has to do with the server which sends the
 message, not client (origin) addresses.
 
 Regards,
 
 Anil Aliyan
 
 Thanks for your input, Anil. I'll let you help Yuri on this further.
 
 -Original Message-
 From: ya...@ardmail.com [mailto:ya...@ardmail.com]
 Sent: 28 December 2010 14:36
 To: qmailtoaster-list@qmailtoaster.com
 Subject: [qmailtoaster] Strange Behavior of Domainkey
 
 
 Hello,
 
 I noticed very strange behavior of domainkey with yahoo :( if i am
 sending
 the mail from squirrelmail everything works and yahoo passing the
 signature.
 if i am sending the same mail from outlook client yahoo says the
 signature
 is bad.
 
 is this a problem of my configuration?
 Any help will be appreciated.
 
 Thanks,
 
 ~yuri
 
 
 
 
 -
 Qmailtoaster is sponsored by Vickers Consulting Group
 (www.vickersconsulting.com)
  Vickers Consulting Group offers Qmailtoaster support and
 installations.
If you need professional help with your setup, contact them
 today!
 
 -
   Please visit qmailtoaster.com for the latest news, updates, and
 packages.
 
To unsubscribe, e-mail:
 qmailtoaster-list-unsubscr...@qmailtoaster.com
   For additional commands, e-mail:
 qmailtoaster-list-h...@qmailtoaster.com
 
 
 
 
 -
 Qmailtoaster is sponsored by Vickers Consulting Group
 (www.vickersconsulting.com)
  Vickers Consulting Group offers Qmailtoaster support and
 installations.
If you need professional help with your setup, contact them
 today!
 
 
 --
 -Eric 'shubes'
 
 
 -
 Qmailtoaster is sponsored by Vickers Consulting Group
 (www.vickersconsulting.com)
 Vickers Consulting Group offers Qmailtoaster support and
 installations.
   If you need professional help with your setup, contact them today!