Re: [qmailtoaster] Re: Strange Behavior of Domainkey
13) chmod 777 /var/qmail/bin/qmail-remote Yeah, no so sure about this line. [r...@wibble dkim]# ls -l /var/qmail/control/dkim/ total 12 -rw-r--r-- 1 root root 396 2011-01-03 13:31 global.key -rw-r--r-- 1 root root 140 2011-01-03 13:31 public.txt -rw-r--r-- 1 qmailr qmail 250 2011-01-03 13:30 signconf.xml Plus, all your keys are world readable. Is that how it should be? What should the proper ownership permissions be? From: Amit Dalia a...@ikf.co.in To: qmailtoaster-list@qmailtoaster.com qmailtoaster-list@qmailtoaster.com Sent: Wed, December 29, 2010 12:36:54 PM Subject: [qmailtoaster] Re: Strange Behavior of Domainkey Hi all, I was just going with mails after long time. So waiting for new version of qmail toaster. Anyway I had already posted a wiki page on how to setup DKIM with qmail toaster long time back. Please find the link for same below: http://wiki.qmailtoaster.com/index.php/How_to_Setup_DKIM_with_Qmail_Toaster -- Amit At Wednesday, 29-12-2010 on 22:54 Eric Shubert wrote: On 12/29/2010 12:59 AM, Martin Waschbüsch wrote: Hi all, The problem with the stock domainkey configuration is that it will only sign things when they enter the queue. If any application uses qmail as sendmail replacement (e.g. a locally installed squirrelmail or horde webmail can be configured to do it), then the message will not be signed. The DKIM replacement (there was a video Jake did on that) is much better - it will sign messages when they LEAVE the system and it can be configured to do DKIM and Domainkeys. I'd really recommend replacing the stock domainkeys config by the dkim enhancement. There should also be a page on the wiki about it. I agree. Anil, would you care to take on creating some wiki content for this? You needn't worry about making it polished - someone else may edit it once the initial draft is out there. -- -Eric 'shubes' - Qmailtoaster is sponsored by Vickers Consulting Group (www.vickersconsulting.com) Vickers Consulting Group offers Qmailtoaster support and installations. If you need professional help with your setup, contact them today! - Please visit qmailtoaster.com for the latest news, updates, and packages. To unsubscribe, e-mail: qmailtoaster-list-unsubscr...@qmailtoaster.com For additional commands, e-mail: qmailtoaster-list-h...@qmailtoaster.com
Re: [qmailtoaster] Re: Strange Behavior of Domainkey
So what's this dkim neutral bad format I'm getting? (domain and IP hidden for obvious reasons) Authentication-Results: mx.google.com; spf=pass (google.com: domain of ni...@nospamthanks.com designates xx.xx.202.194 as permitted sender) smtp.mail=ni...@nospamthanks.com; dkim=neutral (bad format) header...@nospamthanks.com From: Amit Dalia a...@ikf.co.in To: qmailtoaster-list@qmailtoaster.com qmailtoaster-list@qmailtoaster.com Sent: Wed, December 29, 2010 12:36:54 PM Subject: [qmailtoaster] Re: Strange Behavior of Domainkey Hi all, I was just going with mails after long time. So waiting for new version of qmail toaster. Anyway I had already posted a wiki page on how to setup DKIM with qmail toaster long time back. Please find the link for same below: http://wiki.qmailtoaster.com/index.php/How_to_Setup_DKIM_with_Qmail_Toaster -- Amit At Wednesday, 29-12-2010 on 22:54 Eric Shubert wrote: On 12/29/2010 12:59 AM, Martin Waschbüsch wrote: Hi all, The problem with the stock domainkey configuration is that it will only sign things when they enter the queue. If any application uses qmail as sendmail replacement (e.g. a locally installed squirrelmail or horde webmail can be configured to do it), then the message will not be signed. The DKIM replacement (there was a video Jake did on that) is much better - it will sign messages when they LEAVE the system and it can be configured to do DKIM and Domainkeys. I'd really recommend replacing the stock domainkeys config by the dkim enhancement. There should also be a page on the wiki about it. I agree. Anil, would you care to take on creating some wiki content for this? You needn't worry about making it polished - someone else may edit it once the initial draft is out there. -- -Eric 'shubes' - Qmailtoaster is sponsored by Vickers Consulting Group (www.vickersconsulting.com) Vickers Consulting Group offers Qmailtoaster support and installations. If you need professional help with your setup, contact them today! - Please visit qmailtoaster.com for the latest news, updates, and packages. To unsubscribe, e-mail: qmailtoaster-list-unsubscr...@qmailtoaster.com For additional commands, e-mail: qmailtoaster-list-h...@qmailtoaster.com
Re: [qmailtoaster] Re: Strange Behavior of Domainkey
Thanks guys for the advices. I'll switch to dkim then, ~yuri On 12/29/2010 12:59 AM, Martin Waschbüsch wrote: Hi all, The problem with the stock domainkey configuration is that it will only sign things when they enter the queue. If any application uses qmail as sendmail replacement (e.g. a locally installed squirrelmail or horde webmail can be configured to do it), then the message will not be signed. The DKIM replacement (there was a video Jake did on that) is much better - it will sign messages when they LEAVE the system and it can be configured to do DKIM and Domainkeys. I'd really recommend replacing the stock domainkeys config by the dkim enhancement. There should also be a page on the wiki about it. I agree. Anil, would you care to take on creating some wiki content for this? You needn't worry about making it polished - someone else may edit it once the initial draft is out there. -- -Eric 'shubes' - Qmailtoaster is sponsored by Vickers Consulting Group (www.vickersconsulting.com) Vickers Consulting Group offers Qmailtoaster support and installations. If you need professional help with your setup, contact them today! - Please visit qmailtoaster.com for the latest news, updates, and packages. To unsubscribe, e-mail: qmailtoaster-list-unsubscr...@qmailtoaster.com For additional commands, e-mail: qmailtoaster-list-h...@qmailtoaster.com - Qmailtoaster is sponsored by Vickers Consulting Group (www.vickersconsulting.com) Vickers Consulting Group offers Qmailtoaster support and installations. If you need professional help with your setup, contact them today! - Please visit qmailtoaster.com for the latest news, updates, and packages. To unsubscribe, e-mail: qmailtoaster-list-unsubscr...@qmailtoaster.com For additional commands, e-mail: qmailtoaster-list-h...@qmailtoaster.com
Re: [qmailtoaster] Re: Strange Behavior of Domainkey
SPF is configured and not causing any problem in both cases. I was contemplating the possibility that it could be some difference in the config line for localhost vs anything else, but i made them identical as well. and it doesn't help :( 127.:allow,RELAYCLIENT=,DKSIGN=/var/qmail/control/domainkeys/%/private,RBLSMTPD=,NOP0FCHECK=1 192.168.1.60:allow,RELAYCLIENT=,DKSIGN=/var/qmail/control/domainkeys/%/private,RBLSMTPD=,NOP0FCHECK=1 :allow,BADMIMETYPE=,BADLOADERTYPE=M,CHKUSER_RCPTLIMIT=50,CHKUSER_WRONGRCPTLIMIT=10,DKSIGN=/var/qmail/control/domainkeys/%/private On 12/28/2010 02:36 AM, Anil Aliyan wrote: Is your tcp.smtp configuration for localhost or mailserver and you client has the same configuration? This is on the right track. The 'stock' configuration for squirrelmail presently uses an open relay configuration for localhost, with no authentication (this will hopefully change in v2). For the sake of consistency (and a little better security), I change my SM config to submit via port 587 and authenticate, and remove the 127.: line from tcp.smtp. See http://wiki.qmailtoaster.com/index.php/Fetchmail for such SM configuration. I expect that this will not fix your problem, and will cause the problem to exist with SM as well as Outlook. There's something to be said for consistency. ;) How have you implemented DK? The 'stock' configuration is a bit flakey. I think that there is a DKIM implementation that works well, although I haven't used it personally yet. I would look into DKIM (as opposed to using DK) if you haven't already. Have you configured SPF records for your clients network in your DNS records? Shouldn't need this, as SPF has to do with the server which sends the message, not client (origin) addresses. Regards, Anil Aliyan Thanks for your input, Anil. I'll let you help Yuri on this further. -Original Message- From: ya...@ardmail.com [mailto:ya...@ardmail.com] Sent: 28 December 2010 14:36 To: qmailtoaster-list@qmailtoaster.com Subject: [qmailtoaster] Strange Behavior of Domainkey Hello, I noticed very strange behavior of domainkey with yahoo :( if i am sending the mail from squirrelmail everything works and yahoo passing the signature. if i am sending the same mail from outlook client yahoo says the signature is bad. is this a problem of my configuration? Any help will be appreciated. Thanks, ~yuri - Qmailtoaster is sponsored by Vickers Consulting Group (www.vickersconsulting.com) Vickers Consulting Group offers Qmailtoaster support and installations. If you need professional help with your setup, contact them today! - Please visit qmailtoaster.com for the latest news, updates, and packages. To unsubscribe, e-mail: qmailtoaster-list-unsubscr...@qmailtoaster.com For additional commands, e-mail: qmailtoaster-list-h...@qmailtoaster.com - Qmailtoaster is sponsored by Vickers Consulting Group (www.vickersconsulting.com) Vickers Consulting Group offers Qmailtoaster support and installations. If you need professional help with your setup, contact them today! -- -Eric 'shubes' - Qmailtoaster is sponsored by Vickers Consulting Group (www.vickersconsulting.com) Vickers Consulting Group offers Qmailtoaster support and installations. If you need professional help with your setup, contact them today! - Please visit qmailtoaster.com for the latest news, updates, and packages. To unsubscribe, e-mail: qmailtoaster-list-unsubscr...@qmailtoaster.com For additional commands, e-mail: qmailtoaster-list-h...@qmailtoaster.com - Qmailtoaster is sponsored by Vickers Consulting Group (www.vickersconsulting.com) Vickers Consulting Group offers Qmailtoaster support and installations. If you need professional help with your setup, contact them today! - Please visit qmailtoaster.com for the latest news, updates, and packages. To unsubscribe, e-mail: qmailtoaster-list-unsubscr...@qmailtoaster.com For additional commands, e-mail: qmailtoaster-list-h...@qmailtoaster.com
RE: [qmailtoaster] Re: Strange Behavior of Domainkey
I agree. SPF has nothing to do with signing of the mail by Domainkeys or DKIM. If need any help in setting up DKIM please let me know. I have 5 servers and all are configured with DKIM and working without any issue. Regards, Anil Aliyan -Original Message- From: Eric Shubert [mailto:e...@shubes.net] Sent: 28 December 2010 23:24 To: qmailtoaster-list@qmailtoaster.com Subject: [qmailtoaster] Re: Strange Behavior of Domainkey The stock qmail-dk is just plain broken. It sometimes works, but it also fails to sign properly in some (unpredictable AFAICT) circumstances. I recommmend using DKIM if you really need to sign messages with a key. -- -Eric 'shubes' On 12/28/2010 10:34 AM, ya...@ardmail.com wrote: SPF is configured and not causing any problem in both cases. I was contemplating the possibility that it could be some difference in the config line for localhost vs anything else, but i made them identical as well. and it doesn't help :( 127.:allow,RELAYCLIENT=,DKSIGN=/var/qmail/control/domainkeys/%/private,R BLSMTPD=,NOP0FCHECK=1 192.168.1.60:allow,RELAYCLIENT=,DKSIGN=/var/qmail/control/domainkeys/%/pr ivate,RBLSMTPD=,NOP0FCHECK=1 :allow,BADMIMETYPE=,BADLOADERTYPE=M,CHKUSER_RCPTLIMIT=50,CHKUSER_WRONG RCPTLIMIT=10,DKSIGN=/var/qmail/control/domainkeys/%/private On 12/28/2010 02:36 AM, Anil Aliyan wrote: Is your tcp.smtp configuration for localhost or mailserver and you client has the same configuration? This is on the right track. The 'stock' configuration for squirrelmail presently uses an open relay configuration for localhost, with no authentication (this will hopefully change in v2). For the sake of consistency (and a little better security), I change my SM config to submit via port 587 and authenticate, and remove the 127.: line from tcp.smtp. See http://wiki.qmailtoaster.com/index.php/Fetchmail for such SM configuration. I expect that this will not fix your problem, and will cause the problem to exist with SM as well as Outlook. There's something to be said for consistency. ;) How have you implemented DK? The 'stock' configuration is a bit flakey. I think that there is a DKIM implementation that works well, although I haven't used it personally yet. I would look into DKIM (as opposed to using DK) if you haven't already. Have you configured SPF records for your clients network in your DNS records? Shouldn't need this, as SPF has to do with the server which sends the message, not client (origin) addresses. Regards, Anil Aliyan Thanks for your input, Anil. I'll let you help Yuri on this further. -Original Message- From: ya...@ardmail.com [mailto:ya...@ardmail.com] Sent: 28 December 2010 14:36 To: qmailtoaster-list@qmailtoaster.com Subject: [qmailtoaster] Strange Behavior of Domainkey Hello, I noticed very strange behavior of domainkey with yahoo :( if i am sending the mail from squirrelmail everything works and yahoo passing the signature. if i am sending the same mail from outlook client yahoo says the signature is bad. is this a problem of my configuration? Any help will be appreciated. Thanks, ~yuri - Qmailtoaster is sponsored by Vickers Consulting Group (www.vickersconsulting.com) Vickers Consulting Group offers Qmailtoaster support and installations. If you need professional help with your setup, contact them today! - Please visit qmailtoaster.com for the latest news, updates, and packages. To unsubscribe, e-mail: qmailtoaster-list-unsubscr...@qmailtoaster.com For additional commands, e-mail: qmailtoaster-list-h...@qmailtoaster.com - Qmailtoaster is sponsored by Vickers Consulting Group (www.vickersconsulting.com) Vickers Consulting Group offers Qmailtoaster support and installations. If you need professional help with your setup, contact them today! -- -Eric 'shubes' - Qmailtoaster is sponsored by Vickers Consulting Group (www.vickersconsulting.com) Vickers Consulting Group offers Qmailtoaster support and installations. If you need professional help with your setup, contact them today! - Please visit qmailtoaster.com for the latest news, updates, and packages. To unsubscribe, e-mail: qmailtoaster-list-unsubscr...@qmailtoaster.com For additional commands, e-mail: qmailtoaster-list-h...@qmailtoaster.com -- --- Qmailtoaster is sponsored by Vickers Consulting Group
Re: [qmailtoaster] Re: Strange Behavior of Domainkey
Hi all, The problem with the stock domainkey configuration is that it will only sign things when they enter the queue. If any application uses qmail as sendmail replacement (e.g. a locally installed squirrelmail or horde webmail can be configured to do it), then the message will not be signed. The DKIM replacement (there was a video Jake did on that) is much better - it will sign messages when they LEAVE the system and it can be configured to do DKIM and Domainkeys. I'd really recommend replacing the stock domainkeys config by the dkim enhancement. There should also be a page on the wiki about it. Thanks, Martin -- Martin Waschbüsch IT-Dienstleistungen Lautensackstr. 16 80687 München Telefon: +49 89 57005708 Fax: +49 89 57868023 Mobil: +49 170 2189794 mar...@waschbuesch.de http://martin.waschbuesch.de Am 28.12.2010 um 18:53 schrieb Eric Shubert: The stock qmail-dk is just plain broken. It sometimes works, but it also fails to sign properly in some (unpredictable AFAICT) circumstances. I recommmend using DKIM if you really need to sign messages with a key. -- -Eric 'shubes' On 12/28/2010 10:34 AM, ya...@ardmail.com wrote: SPF is configured and not causing any problem in both cases. I was contemplating the possibility that it could be some difference in the config line for localhost vs anything else, but i made them identical as well. and it doesn't help :( 127.:allow,RELAYCLIENT=,DKSIGN=/var/qmail/control/domainkeys/%/private,RBLSMTPD=,NOP0FCHECK=1 192.168.1.60:allow,RELAYCLIENT=,DKSIGN=/var/qmail/control/domainkeys/%/private,RBLSMTPD=,NOP0FCHECK=1 :allow,BADMIMETYPE=,BADLOADERTYPE=M,CHKUSER_RCPTLIMIT=50,CHKUSER_WRONGRCPTLIMIT=10,DKSIGN=/var/qmail/control/domainkeys/%/private On 12/28/2010 02:36 AM, Anil Aliyan wrote: Is your tcp.smtp configuration for localhost or mailserver and you client has the same configuration? This is on the right track. The 'stock' configuration for squirrelmail presently uses an open relay configuration for localhost, with no authentication (this will hopefully change in v2). For the sake of consistency (and a little better security), I change my SM config to submit via port 587 and authenticate, and remove the 127.: line from tcp.smtp. See http://wiki.qmailtoaster.com/index.php/Fetchmail for such SM configuration. I expect that this will not fix your problem, and will cause the problem to exist with SM as well as Outlook. There's something to be said for consistency. ;) How have you implemented DK? The 'stock' configuration is a bit flakey. I think that there is a DKIM implementation that works well, although I haven't used it personally yet. I would look into DKIM (as opposed to using DK) if you haven't already. Have you configured SPF records for your clients network in your DNS records? Shouldn't need this, as SPF has to do with the server which sends the message, not client (origin) addresses. Regards, Anil Aliyan Thanks for your input, Anil. I'll let you help Yuri on this further. -Original Message- From: ya...@ardmail.com [mailto:ya...@ardmail.com] Sent: 28 December 2010 14:36 To: qmailtoaster-list@qmailtoaster.com Subject: [qmailtoaster] Strange Behavior of Domainkey Hello, I noticed very strange behavior of domainkey with yahoo :( if i am sending the mail from squirrelmail everything works and yahoo passing the signature. if i am sending the same mail from outlook client yahoo says the signature is bad. is this a problem of my configuration? Any help will be appreciated. Thanks, ~yuri - Qmailtoaster is sponsored by Vickers Consulting Group (www.vickersconsulting.com) Vickers Consulting Group offers Qmailtoaster support and installations. If you need professional help with your setup, contact them today! - Please visit qmailtoaster.com for the latest news, updates, and packages. To unsubscribe, e-mail: qmailtoaster-list-unsubscr...@qmailtoaster.com For additional commands, e-mail: qmailtoaster-list-h...@qmailtoaster.com - Qmailtoaster is sponsored by Vickers Consulting Group (www.vickersconsulting.com) Vickers Consulting Group offers Qmailtoaster support and installations. If you need professional help with your setup, contact them today! -- -Eric 'shubes' - Qmailtoaster is sponsored by Vickers Consulting Group (www.vickersconsulting.com) Vickers Consulting Group offers Qmailtoaster support and installations. If you need professional help with your setup, contact them today!
