Re: [qmailtoaster] DKIM

2024-03-23 Thread Gary Bowling 


  
  


Oh, and totally agree that using drop ins is much better than
  patching. 



Gary



On 3/23/2024 11:05 AM, Gary Bowling
  wrote:


  
  
  
  Thanks.
  Yes, spamassassin is working fine for the verification of
inbound DKIM. Looks like that's part of the stock spamassassin
install as long as you have the Mail::SpamAssassin::Plugin::DKIM
plugin installed. 
  
  
  
  
  
  On 3/23/2024 10:58 AM, Eric Broch
wrote:
  
  

Looks like there's an updated version of the script on
  Manuel's site, I'll put that on github
In lieu of patching qmail...again...I thought using drop ins
  was preferable. That said,
spamassassin can be used on the ingress side of your server
  to score dkim in messages.


On 3/23/2024 8:23 AM, Gary Bowling
  wrote:


  
  
  
  hmm, not sure. Maybe a weekend thing. Glad to know it's
still there though for future needs.
  
  
  
  
  
  On 3/23/2024 9:56 AM, ebroch
wrote:
  
  

Not sure why github is timing out on you but
  I can navigate right to the page







  Sent
from my Galaxy






   Original message 
  From: Gary Bowling 
  
  Date: 2024-03-23 7:49 a.m. (GMT-07:00) 
  To: qmailtoaster-list@qmailtoaster.com
  
  Subject: Re: [qmailtoaster] DKIM 
  
  



Ok, qmail-remote for use with DKIM signing outgoing
  messages is just a perl scrip written by Manuel Mausz way
  back in 2007 that just calls qmail-remote.orig. I'm not
  sure where the official toaster version is kept now, but
  you easily download it from here:
https://manuel.mausz.at/coding/qmail-dkim/qmail-dkim-0.3.pl
Change the name of your qmail-remote to qmail-remote.orig
  and change the name of the perl script to qmail-remote



I just copied it from my old server. 



Now my DKIM signing is working correctly. 



On 3/23/2024 9:24 AM, Gary
  Bowling wrote:


  
  
  Oops, got a bit confused there between signing and
verifying.. 
  
  For signing, it looks like we are still using a
modified qmail-remote. So back to my original question.

  
  Where do we get the qmail-remote for DKIM these days?


This page: http://wiki.qmailtoaster.org/index.php?title=How_to_Setup_DKIM_with_Qmail_Toaster

Shows to get it from here:

wget https://raw.githubusercontent.com/qmtoaster/dkim/master/qmail-remote


But that times out and doesn't work.
  
  
  Gary
  
  
  
  On 3/23/2024 8:31 AM, Gary
Bowling wrote:
  
  


Hmm, this line in the wiki says qmail-queue needs to
  be  "link" which mine is not.


4. DKIM verification (no patch):
  
     Assumes 'QMAILQUEUE="/var/qmail/bin/simscan"'
  defined in /etc/tcprules.d/tcp.smtp
     && /var/qmail/bin/qmail-queue is a
  link.
     Note: Spamassassin has DKIM verification making
  this unnecessary.


and it also says maybe we're now doing it in
  Spamassassin, but no instructions on how to do that.


What IS the best way to do DKIM with an
  updated server???


Gary



On 3/23/2024 8:24 AM, Gary
  Bowling wrote:


  
  
  I see, looks like we're using a combination of

Re: [qmailtoaster] DKIM

2024-03-23 Thread Gary Bowling 


  
  


Thanks.
Yes, spamassassin is working fine for the verification of inbound
  DKIM. Looks like that's part of the stock spamassassin install as
  long as you have the Mail::SpamAssassin::Plugin::DKIM plugin
  installed. 





On 3/23/2024 10:58 AM, Eric Broch
  wrote:


  
  Looks like there's an updated version of the script on Manuel's
site, I'll put that on github
  In lieu of patching qmail...again...I thought using drop ins
was preferable. That said,
  spamassassin can be used on the ingress side of your server to
score dkim in messages.
  
  
  On 3/23/2024 8:23 AM, Gary Bowling
wrote:
  
  



hmm, not sure. Maybe a weekend thing. Glad to know it's still
  there though for future needs.





On 3/23/2024 9:56 AM, ebroch wrote:


  
  Not sure why github is timing out on you but I
can navigate right to the page
  
  
  
  
  
  
  
Sent
  from my Galaxy
  
  
  
  
  
  
 Original message 
From: Gary Bowling 

Date: 2024-03-23 7:49 a.m. (GMT-07:00) 
To: qmailtoaster-list@qmailtoaster.com

Subject: Re: [qmailtoaster] DKIM 


  
  
  
  Ok, qmail-remote for use with DKIM signing outgoing
messages is just a perl scrip written by Manuel Mausz way
back in 2007 that just calls qmail-remote.orig. I'm not sure
where the official toaster version is kept now, but you
easily download it from here:
  https://manuel.mausz.at/coding/qmail-dkim/qmail-dkim-0.3.pl
  Change the name of your qmail-remote to qmail-remote.orig
and change the name of the perl script to qmail-remote
  
  
  
  I just copied it from my old server. 
  
  
  
  Now my DKIM signing is working correctly. 
  
  
  
  On 3/23/2024 9:24 AM, Gary
Bowling wrote:
  
  


Oops, got a bit confused there between signing and
  verifying.. 

For signing, it looks like we are still using a modified
  qmail-remote. So back to my original question. 

Where do we get the qmail-remote for DKIM these days?
  
  
  This page: http://wiki.qmailtoaster.org/index.php?title=How_to_Setup_DKIM_with_Qmail_Toaster
  
  Shows to get it from here:
  
  wget https://raw.githubusercontent.com/qmtoaster/dkim/master/qmail-remote
  
  
  But that times out and doesn't work.


Gary



On 3/23/2024 8:31 AM, Gary
  Bowling wrote:


  
  
  Hmm, this line in the wiki says qmail-queue needs to
be  "link" which mine is not.
  
  
  4. DKIM verification (no patch):

   Assumes 'QMAILQUEUE="/var/qmail/bin/simscan"'
defined in /etc/tcprules.d/tcp.smtp
   && /var/qmail/bin/qmail-queue is a link.
   Note: Spamassassin has DKIM verification making
this unnecessary.
  
  
  and it also says maybe we're now doing it in
Spamassassin, but no instructions on how to do that.
  
  
  What IS the best way to do DKIM with an updated
server???
  
  
  Gary
  
  
  
  On 3/23/2024 8:24 AM, Gary
Bowling wrote:
  
  


I see, looks like we're using a combination of
  simscan and modifying /var/qmail/supervise/smtp/run to
  do DKIM now and not modifying qmail-remote.






On 3/23/2024 7:57 AM, Gary
  Bowling wrote:


  
  
  Where do we get the qmail-remote for DKIM these
days?
  
  
  This page: http://wiki.qmai

Re: [qmailtoaster] DKIM

2024-03-23 Thread Eric Broch 
Looks like there's an updated version of the script on Manuel's site, 
I'll put that on github


In lieu of patching qmail...again...I thought using drop ins was 
preferable. That said,


spamassassin can be used on the ingress side of your server to score 
dkim in messages.



On 3/23/2024 8:23 AM, Gary Bowling wrote:



hmm, not sure. Maybe a weekend thing. Glad to know it's still there 
though for future needs.




On 3/23/2024 9:56 AM, ebroch wrote:
Not sure why github is timing out on you but I can navigate right to 
the page




Sent from my Galaxy


 Original message 
From: Gary Bowling 
Date: 2024-03-23 7:49 a.m. (GMT-07:00)
To: qmailtoaster-list@qmailtoaster.com
Subject: Re: [qmailtoaster] DKIM


Ok, qmail-remote for use with DKIM signing outgoing messages is just 
a perl scrip written by Manuel Mausz way back in 2007 that just calls 
qmail-remote.orig. I'm not sure where the official toaster version is 
kept now, but you easily download it from here:


https://manuel.mausz.at/coding/qmail-dkim/qmail-dkim-0.3.pl

Change the name of your qmail-remote to qmail-remote.orig and change 
the name of the perl script to qmail-remote



I just copied it from my old server.


Now my DKIM signing is working correctly.


On 3/23/2024 9:24 AM, Gary Bowling wrote:



Oops, got a bit confused there between signing and verifying..

For signing, it looks like we are still using a modified 
qmail-remote. So back to my original question.


Where do we get the qmail-remote for DKIM these days?


This page: 
http://wiki.qmailtoaster.org/index.php?title=How_to_Setup_DKIM_with_Qmail_Toaster


Shows to get it from here:

wget 
https://raw.githubusercontent.com/qmtoaster/dkim/master/qmail-remote



But that times out and doesn't work.


Gary


On 3/23/2024 8:31 AM, Gary Bowling wrote:



Hmm, this line in the wiki says qmail-queue needs to be "link" 
which mine is not.



4. DKIM verification (no patch):

   Assumes 'QMAILQUEUE="/var/qmail/bin/simscan"' defined in 
/etc/tcprules.d/tcp.smtp

   && /var/qmail/bin/qmail-queue is a link.
   Note: Spamassassin has DKIM verification making this 
unnecessary.



and it also says maybe we're now doing it in Spamassassin, but no 
instructions on how to do that.



What *IS* the best way to do DKIM with an updated server???


Gary


On 3/23/2024 8:24 AM, Gary Bowling wrote:



I see, looks like we're using a combination of simscan and 
modifying /var/qmail/supervise/smtp/run to do DKIM now and not 
modifying qmail-remote.





On 3/23/2024 7:57 AM, Gary Bowling wrote:



Where do we get the qmail-remote for DKIM these days?


This page: 
http://wiki.qmailtoaster.org/index.php?title=How_to_Setup_DKIM_with_Qmail_Toaster


Shows to get it from here:

wget 
https://raw.githubusercontent.com/qmtoaster/dkim/master/qmail-remote



But that times out and doesn't work.


Thanks, Gary

--

Gary Bowling
The Moderns on Spotify 
<https://distrokid.com/hyperfollow/themoderns/bbrs>


- 
To unsubscribe, e-mail: 
qmailtoaster-list-unsubscr...@qmailtoaster.com For additional 
commands, e-mail: qmailtoaster-list-h...@qmailtoaster.com 
- 
To unsubscribe, e-mail: 
qmailtoaster-list-unsubscr...@qmailtoaster.com For additional 
commands, e-mail: qmailtoaster-list-h...@qmailtoaster.com 
- 
To unsubscribe, e-mail: 
qmailtoaster-list-unsubscr...@qmailtoaster.com For additional 
commands, e-mail: qmailtoaster-list-h...@qmailtoaster.com 
- 
To unsubscribe, e-mail: 
qmailtoaster-list-unsubscr...@qmailtoaster.com For additional 
commands, e-mail: qmailtoaster-list-h...@qmailtoaster.com 
- 
To unsubscribe, e-mail: 
qmailtoaster-list-unsubscr...@qmailtoaster.com For additional 
commands, e-mail: qmailtoaster-list-h...@qmailtoaster.com 
- 
To unsubscribe, e-mail: qmailtoaster-list-unsubscr...@qmailtoaster.com 
For additional commands, e-mail: qmailtoaster-list-h...@qmailtoaster.com

Re: [qmailtoaster] DKIM

2024-03-23 Thread Gary Bowling 


  
  


hmm, not sure. Maybe a weekend thing. Glad to know it's still
  there though for future needs.





On 3/23/2024 9:56 AM, ebroch wrote:


  
  Not sure why github is timing out on you but I can
navigate right to the page
  
  
  
  
  
  
  
Sent from
  my Galaxy
  
  
  
  
  
  
 Original message 
From: Gary Bowling  
Date: 2024-03-23 7:49 a.m. (GMT-07:00) 
To: qmailtoaster-list@qmailtoaster.com 
Subject: Re: [qmailtoaster] DKIM 


  
  
  
  Ok, qmail-remote for use with DKIM signing outgoing messages is
just a perl scrip written by Manuel Mausz way back in 2007 that
just calls qmail-remote.orig. I'm not sure where the official
toaster version is kept now, but you easily download it from
here:
  https://manuel.mausz.at/coding/qmail-dkim/qmail-dkim-0.3.pl
  Change the name of your qmail-remote to qmail-remote.orig and
change the name of the perl script to qmail-remote
  
  
  
  I just copied it from my old server. 
  
  
  
  Now my DKIM signing is working correctly. 
  
  
  
  On 3/23/2024 9:24 AM, Gary Bowling
wrote:
  
  


Oops, got a bit confused there between signing and
  verifying.. 

For signing, it looks like we are still using a modified
  qmail-remote. So back to my original question. 

Where do we get the qmail-remote for DKIM these days?
  
  
  This page: http://wiki.qmailtoaster.org/index.php?title=How_to_Setup_DKIM_with_Qmail_Toaster
  
  Shows to get it from here:
  
  wget https://raw.githubusercontent.com/qmtoaster/dkim/master/qmail-remote
  
  
  But that times out and doesn't work.


Gary



On 3/23/2024 8:31 AM, Gary Bowling
  wrote:


  
  
  Hmm, this line in the wiki says qmail-queue needs to be 
"link" which mine is not.
  
  
  4. DKIM verification (no patch):

   Assumes 'QMAILQUEUE="/var/qmail/bin/simscan"' defined
in /etc/tcprules.d/tcp.smtp
   && /var/qmail/bin/qmail-queue is a link.
   Note: Spamassassin has DKIM verification making this
unnecessary.
  
  
  and it also says maybe we're now doing it in Spamassassin,
but no instructions on how to do that.
  
  
  What IS the best way to do DKIM with an updated
server???
  
  
  Gary
  
  
  
  On 3/23/2024 8:24 AM, Gary
Bowling wrote:
  
  


I see, looks like we're using a combination of simscan
  and modifying /var/qmail/supervise/smtp/run to do DKIM now
  and not modifying qmail-remote.






On 3/23/2024 7:57 AM, Gary
  Bowling wrote:


  
  
  Where do we get the qmail-remote for DKIM these days?
  
  
  This page: http://wiki.qmailtoaster.org/index.php?title=How_to_Setup_DKIM_with_Qmail_Toaster
  Shows to get it from here:
  
  wget https://raw.githubusercontent.com/qmtoaster/dkim/master/qmail-remote
  
  
  But that times out and doesn't work. 
  
  
  
  Thanks, Gary
  
  -- 

Gary Bowling
 The Moderns on Spotify 

  
- To
  unsubscribe, e-mail: qmailtoaster-list-unsubscr...@qmailtoaster.com
  For additional commands, e-mail: qmailtoaster-list-h...@qmailtoaster.com

- To
unsubscribe, e-mail: qmailtoaster-list-unsubscr...@qmailtoaster.com
For additional commands, e-mail: qmailtoaster-list-h...@qmailtoaster.com
  
- To
  unsubscribe, e-mail: qmailtoaster-list-unsubscr...@qmailtoaster.com
  For additional commands, e-mail: qmailtoaster-list-h...@qmailtoaster.com

- To

Re: [qmailtoaster] DKIM

2024-03-23 Thread ebroch 
Not sure why github is timing out on you but I can navigate right to the 
pageSent from my Galaxy
 Original message From: Gary Bowling  Date: 
2024-03-23  7:49 a.m.  (GMT-07:00) To: qmailtoaster-list@qmailtoaster.com 
Subject: Re: [qmailtoaster] DKIM 


Ok, qmail-remote for use with DKIM signing outgoing messages is
  just a perl scrip written by Manuel Mausz way back in 2007 that
  just calls qmail-remote.orig. I'm not sure where the official
  toaster version is kept now, but you easily download it from here:
https://manuel.mausz.at/coding/qmail-dkim/qmail-dkim-0.3.pl
Change the name of your qmail-remote to qmail-remote.orig and
  change the name of the perl script to qmail-remote



I just copied it from my old server. 



Now my DKIM signing is working correctly. 



On 3/23/2024 9:24 AM, Gary Bowling
  wrote:


  
  
  
  Oops, got a bit confused there between signing and verifying..

  
  For signing, it looks like we are still using a modified
qmail-remote. So back to my original question. 
  
  Where do we get the qmail-remote for DKIM these days?


This page:

http://wiki.qmailtoaster.org/index.php?title=How_to_Setup_DKIM_with_Qmail_Toaster

Shows to get it from here:

wget 
https://raw.githubusercontent.com/qmtoaster/dkim/master/qmail-remote


But that times out and doesn't work.
  
  
  Gary
  
  
  
  On 3/23/2024 8:31 AM, Gary Bowling
wrote:
  
  



Hmm, this line in the wiki says qmail-queue needs to be 
  "link" which mine is not.


4. DKIM verification (no patch):
  
     Assumes 'QMAILQUEUE="/var/qmail/bin/simscan"' defined
  in /etc/tcprules.d/tcp.smtp
     && /var/qmail/bin/qmail-queue is a link.
     Note: Spamassassin has DKIM verification making this
  unnecessary.


and it also says maybe we're now doing it in Spamassassin,
  but no instructions on how to do that.


What IS the best way to do DKIM with an updated
  server???


Gary



On 3/23/2024 8:24 AM, Gary Bowling
  wrote:


  
  
  
  I see, looks like we're using a combination of simscan and
modifying /var/qmail/supervise/smtp/run to do DKIM now and
not modifying qmail-remote.
  
  
  
  
  
  
  On 3/23/2024 7:57 AM, Gary
Bowling wrote:
  
  



Where do we get the qmail-remote for DKIM these days?


This page: 
http://wiki.qmailtoaster.org/index.php?title=How_to_Setup_DKIM_with_Qmail_Toaster
Shows to get it from here:

wget 
https://raw.githubusercontent.com/qmtoaster/dkim/master/qmail-remote


But that times out and doesn't work. 



Thanks, Gary

-- 
  
  Gary Bowling
   The Moderns on Spotify 
  

- To
unsubscribe, e-mail: qmailtoaster-list-unsubscr...@qmailtoaster.com
For additional commands, e-mail: 
qmailtoaster-list-h...@qmailtoaster.com
  
- To
  unsubscribe, e-mail: qmailtoaster-list-unsubscr...@qmailtoaster.com
  For additional commands, e-mail: 
qmailtoaster-list-h...@qmailtoaster.com

- To
unsubscribe, e-mail: qmailtoaster-list-unsubscr...@qmailtoaster.com
For additional commands, e-mail: qmailtoaster-list-h...@qmailtoaster.com
  
-
  To unsubscribe, e-mail:
  qmailtoaster-list-unsubscr...@qmailtoaster.com
  For additional commands, e-mail:
  qmailtoaster-list-h...@qmailtoaster.com

  


-
To unsubscribe, e-mail: qmailtoaster-list-unsubscr...@qmailtoaster.com
For additional commands, e-mail: qmailtoaster-list-h...@qmailtoaster.com

Re: [qmailtoaster] DKIM

2024-03-23 Thread Gary Bowling 


  
  


Ok, qmail-remote for use with DKIM signing outgoing messages is
  just a perl scrip written by Manuel Mausz way back in 2007 that
  just calls qmail-remote.orig. I'm not sure where the official
  toaster version is kept now, but you easily download it from here:
https://manuel.mausz.at/coding/qmail-dkim/qmail-dkim-0.3.pl
Change the name of your qmail-remote to qmail-remote.orig and
  change the name of the perl script to qmail-remote



I just copied it from my old server. 



Now my DKIM signing is working correctly. 



On 3/23/2024 9:24 AM, Gary Bowling
  wrote:


  
  
  
  Oops, got a bit confused there between signing and verifying..

  
  For signing, it looks like we are still using a modified
qmail-remote. So back to my original question. 
  
  Where do we get the qmail-remote for DKIM these days?


This page:
http://wiki.qmailtoaster.org/index.php?title=How_to_Setup_DKIM_with_Qmail_Toaster

Shows to get it from here:

wget https://raw.githubusercontent.com/qmtoaster/dkim/master/qmail-remote


But that times out and doesn't work.
  
  
  Gary
  
  
  
  On 3/23/2024 8:31 AM, Gary Bowling
wrote:
  
  



Hmm, this line in the wiki says qmail-queue needs to be 
  "link" which mine is not.


4. DKIM verification (no patch):
  
     Assumes 'QMAILQUEUE="/var/qmail/bin/simscan"' defined
  in /etc/tcprules.d/tcp.smtp
     && /var/qmail/bin/qmail-queue is a link.
     Note: Spamassassin has DKIM verification making this
  unnecessary.


and it also says maybe we're now doing it in Spamassassin,
  but no instructions on how to do that.


What IS the best way to do DKIM with an updated
  server???


Gary



On 3/23/2024 8:24 AM, Gary Bowling
  wrote:


  
  
  
  I see, looks like we're using a combination of simscan and
modifying /var/qmail/supervise/smtp/run to do DKIM now and
not modifying qmail-remote.
  
  
  
  
  
  
  On 3/23/2024 7:57 AM, Gary
Bowling wrote:
  
  



Where do we get the qmail-remote for DKIM these days?


This page: http://wiki.qmailtoaster.org/index.php?title=How_to_Setup_DKIM_with_Qmail_Toaster
Shows to get it from here:

wget https://raw.githubusercontent.com/qmtoaster/dkim/master/qmail-remote


But that times out and doesn't work. 



Thanks, Gary

-- 
  
  Gary Bowling
   The Moderns on Spotify 
  

- To
unsubscribe, e-mail: qmailtoaster-list-unsubscr...@qmailtoaster.com
For additional commands, e-mail: qmailtoaster-list-h...@qmailtoaster.com
  
- To
  unsubscribe, e-mail: qmailtoaster-list-unsubscr...@qmailtoaster.com
  For additional commands, e-mail: qmailtoaster-list-h...@qmailtoaster.com

- To
unsubscribe, e-mail: qmailtoaster-list-unsubscr...@qmailtoaster.com
For additional commands, e-mail: qmailtoaster-list-h...@qmailtoaster.com
  
-
  To unsubscribe, e-mail:
  qmailtoaster-list-unsubscr...@qmailtoaster.com
  For additional commands, e-mail:
  qmailtoaster-list-h...@qmailtoaster.com

  


-
To unsubscribe, e-mail: qmailtoaster-list-unsubscr...@qmailtoaster.com
For additional commands, e-mail: qmailtoaster-list-h...@qmailtoaster.com

Re: [qmailtoaster] DKIM

2024-03-23 Thread Gary Bowling 


  
  


Oops, got a bit confused there between signing and verifying.. 

For signing, it looks like we are still using a modified
  qmail-remote. So back to my original question. 

Where do we get the qmail-remote for DKIM these days?
  
  
  This page:
http://wiki.qmailtoaster.org/index.php?title=How_to_Setup_DKIM_with_Qmail_Toaster
  
  Shows to get it from here:
  
  wget
  https://raw.githubusercontent.com/qmtoaster/dkim/master/qmail-remote
  
  
  But that times out and doesn't work.


Gary



On 3/23/2024 8:31 AM, Gary Bowling
  wrote:


  
  
  
  Hmm, this line in the wiki says qmail-queue needs to be  "link"
which mine is not.
  
  
  4. DKIM verification (no patch):

   Assumes 'QMAILQUEUE="/var/qmail/bin/simscan"' defined in
/etc/tcprules.d/tcp.smtp
   && /var/qmail/bin/qmail-queue is a link.
   Note: Spamassassin has DKIM verification making this
unnecessary.
  
  
  and it also says maybe we're now doing it in Spamassassin, but
no instructions on how to do that.
  
  
  What IS the best way to do DKIM with an updated
server???
  
  
  Gary
  
  
  
  On 3/23/2024 8:24 AM, Gary Bowling
wrote:
  
  



I see, looks like we're using a combination of simscan and
  modifying /var/qmail/supervise/smtp/run to do DKIM now and not
  modifying qmail-remote.






On 3/23/2024 7:57 AM, Gary Bowling
  wrote:


  
  
  
  Where do we get the qmail-remote for DKIM these days?
  
  
  This page: http://wiki.qmailtoaster.org/index.php?title=How_to_Setup_DKIM_with_Qmail_Toaster
  Shows to get it from here:
  
  wget https://raw.githubusercontent.com/qmtoaster/dkim/master/qmail-remote
  
  
  But that times out and doesn't work. 
  
  
  
  Thanks, Gary
  
  -- 

Gary Bowling
 The Moderns on Spotify 

  
- To
  unsubscribe, e-mail: qmailtoaster-list-unsubscr...@qmailtoaster.com
  For additional commands, e-mail: qmailtoaster-list-h...@qmailtoaster.com

- To
unsubscribe, e-mail: qmailtoaster-list-unsubscr...@qmailtoaster.com
For additional commands, e-mail: qmailtoaster-list-h...@qmailtoaster.com
  
-
  To unsubscribe, e-mail:
  qmailtoaster-list-unsubscr...@qmailtoaster.com
  For additional commands, e-mail:
  qmailtoaster-list-h...@qmailtoaster.com

  


-
To unsubscribe, e-mail: qmailtoaster-list-unsubscr...@qmailtoaster.com
For additional commands, e-mail: qmailtoaster-list-h...@qmailtoaster.com

Re: [qmailtoaster] DKIM

2024-03-23 Thread Gary Bowling 


  
  


Hmm, this line in the wiki says qmail-queue needs to be  "link"
  which mine is not.


4. DKIM verification (no patch):
  
     Assumes 'QMAILQUEUE="/var/qmail/bin/simscan"' defined in
  /etc/tcprules.d/tcp.smtp
     && /var/qmail/bin/qmail-queue is a link.
     Note: Spamassassin has DKIM verification making this
  unnecessary.


and it also says maybe we're now doing it in Spamassassin, but no
  instructions on how to do that.


What IS the best way to do DKIM with an updated server???


Gary



On 3/23/2024 8:24 AM, Gary Bowling
  wrote:


  
  
  
  I see, looks like we're using a combination of simscan and
modifying /var/qmail/supervise/smtp/run to do DKIM now and not
modifying qmail-remote.
  
  
  
  
  
  
  On 3/23/2024 7:57 AM, Gary Bowling
wrote:
  
  



Where do we get the qmail-remote for DKIM these days?


This page: http://wiki.qmailtoaster.org/index.php?title=How_to_Setup_DKIM_with_Qmail_Toaster
Shows to get it from here:

wget https://raw.githubusercontent.com/qmtoaster/dkim/master/qmail-remote


But that times out and doesn't work. 



Thanks, Gary

-- 
  
  Gary Bowling
   The Moderns on Spotify 
  

- To
unsubscribe, e-mail: qmailtoaster-list-unsubscr...@qmailtoaster.com
For additional commands, e-mail: qmailtoaster-list-h...@qmailtoaster.com
  
-
  To unsubscribe, e-mail:
  qmailtoaster-list-unsubscr...@qmailtoaster.com
  For additional commands, e-mail:
  qmailtoaster-list-h...@qmailtoaster.com

  


-
To unsubscribe, e-mail: qmailtoaster-list-unsubscr...@qmailtoaster.com
For additional commands, e-mail: qmailtoaster-list-h...@qmailtoaster.com

Re: [qmailtoaster] DKIM

2024-03-23 Thread Gary Bowling 


  
  


I see, looks like we're using a combination of simscan and
  modifying /var/qmail/supervise/smtp/run to do DKIM now and not
  modifying qmail-remote.






On 3/23/2024 7:57 AM, Gary Bowling
  wrote:


  
  
  
  Where do we get the qmail-remote for DKIM these days?
  
  
  This page:
http://wiki.qmailtoaster.org/index.php?title=How_to_Setup_DKIM_with_Qmail_Toaster
  Shows to get it from here:
  
  wget https://raw.githubusercontent.com/qmtoaster/dkim/master/qmail-remote
  
  
  But that times out and doesn't work. 
  
  
  
  Thanks, Gary
  
  -- 

Gary Bowling
 The Moderns on Spotify 

  
-
  To unsubscribe, e-mail:
  qmailtoaster-list-unsubscr...@qmailtoaster.com
  For additional commands, e-mail:
  qmailtoaster-list-h...@qmailtoaster.com

  


-
To unsubscribe, e-mail: qmailtoaster-list-unsubscr...@qmailtoaster.com
For additional commands, e-mail: qmailtoaster-list-h...@qmailtoaster.com

[qmailtoaster] DKIM

2024-03-23 Thread Gary Bowling 


  
  


Where do we get the qmail-remote for DKIM these days?


This page:
http://wiki.qmailtoaster.org/index.php?title=How_to_Setup_DKIM_with_Qmail_Toaster
Shows to get it from here:

wget
  https://raw.githubusercontent.com/qmtoaster/dkim/master/qmail-remote


But that times out and doesn't work. 



Thanks, Gary

-- 
  
  Gary Bowling
   The
Moderns on Spotify 
  

  


-
To unsubscribe, e-mail: qmailtoaster-list-unsubscr...@qmailtoaster.com
For additional commands, e-mail: qmailtoaster-list-h...@qmailtoaster.com

Re: [qmailtoaster] DKIM new box

2021-09-16 Thread Remo Mattei 
Hello guys, 
I was able to fix this issue with the second domain. I use GoDaddy as DNS 
server, and the issue was the copy and paste. Therefore, if you do that make 
sure that the key pasted does not for some reason have spaces. I notice that 
the first key just got a space which broke the validation. It took a little bit 
to come down to that. I would suggest to exec a dig txt 
dkim._domainkey..com   and get the key 
and make sure it’s not broken. Once that’s good your DKIM should be valid. 

Hope this helps others. 

Remo 

> On Sep 12, 2021, at 9:35 AM, Remo Mattei  wrote:
> 
> X-IOL-DKIM: fail="signature verification failed” 
> 
> I am getting this on the remote box, Any suggestions on this?
> 
> Thanks

Re: [qmailtoaster] DKIM new box

2021-09-15 Thread Jim McNamara 
Without knowing what domain it is you're asking about, it is very hard 
to tell!


Off the top of my head, DKIM signature verification failed suggests that 
qmail is signing your mails with the wrong certificate? Is the qmail 
install new, where maybe there are new signature keys that are not 
published in the DNS for the domain you're sending email from, or 
something with a subdomain where you have a key for domain.com but are 
signing with a key from mail.domain.com?




On 9/12/21 12:35 PM, Remo Mattei wrote:

X-IOL-DKIM: fail="signature verification failed”

I am getting this on the remote box, Any suggestions on this?

Thanks


-
To unsubscribe, e-mail: qmailtoaster-list-unsubscr...@qmailtoaster.com
For additional commands, e-mail: qmailtoaster-list-h...@qmailtoaster.com

[qmailtoaster] DKIM new box

2021-09-12 Thread Remo Mattei 
X-IOL-DKIM: fail="signature verification failed” 

I am getting this on the remote box, Any suggestions on this?

Thanks 

smime.p7s
Description: S/MIME cryptographic signature

Re: [qmailtoaster] DKIM

2021-06-09 Thread Eric Broch 

Fixed.

Thank you, Finn!

On 6/7/2021 8:17 AM, Eric Broch wrote:

Thanks, Finn. I'll have a look.

On 6/7/2021 8:15 AM, Qmail wrote:

Hi Eric.

FYI

Just made an update of my Qmail running on Centos8.

This update which included qmail 1.03-3.3.1.qt-el8 did owerwrite my 
/var/qmail/bin/qmail-remote.


- I have downloaded 
raw.githubusercontent.com/qmtoaster/dkim/master/qmail-remote


- done the mv /var/qmail/bin/qmail-remote 
/var/qmail/bin/qmail-remote.orig


- copied the downloaded qmail-remote to /var/qmail/bin/qmail-remote

- chmod and changed user:group

and qmail with DKIM seems to work again according to my tests using 
verifier.port25.com


I guess that is all I have to do ?


Cheers,
Finn

-
To unsubscribe, e-mail: qmailtoaster-list-unsubscr...@qmailtoaster.com
For additional commands, e-mail: qmailtoaster-list-h...@qmailtoaster.com



-
To unsubscribe, e-mail: qmailtoaster-list-unsubscr...@qmailtoaster.com
For additional commands, e-mail: qmailtoaster-list-h...@qmailtoaster.com



-
To unsubscribe, e-mail: qmailtoaster-list-unsubscr...@qmailtoaster.com
For additional commands, e-mail: qmailtoaster-list-h...@qmailtoaster.com

Re: [qmailtoaster] DKIM

2021-06-07 Thread Eric Broch 

Thanks, Finn. I'll have a look.

On 6/7/2021 8:15 AM, Qmail wrote:

Hi Eric.

FYI

Just made an update of my Qmail running on Centos8.

This update which included qmail 1.03-3.3.1.qt-el8 did owerwrite my 
/var/qmail/bin/qmail-remote.


- I have downloaded 
raw.githubusercontent.com/qmtoaster/dkim/master/qmail-remote


- done the mv /var/qmail/bin/qmail-remote 
/var/qmail/bin/qmail-remote.orig


- copied the downloaded qmail-remote to /var/qmail/bin/qmail-remote

- chmod and changed user:group

and qmail with DKIM seems to work again according to my tests using 
verifier.port25.com


I guess that is all I have to do ?


Cheers,
Finn

-
To unsubscribe, e-mail: qmailtoaster-list-unsubscr...@qmailtoaster.com
For additional commands, e-mail: qmailtoaster-list-h...@qmailtoaster.com



-
To unsubscribe, e-mail: qmailtoaster-list-unsubscr...@qmailtoaster.com
For additional commands, e-mail: qmailtoaster-list-h...@qmailtoaster.com

[qmailtoaster] DKIM

2021-06-07 Thread Qmail 

Hi Eric.

FYI

Just made an update of my Qmail running on Centos8.

This update which included qmail 1.03-3.3.1.qt-el8 did owerwrite my 
/var/qmail/bin/qmail-remote.


- I have downloaded 
raw.githubusercontent.com/qmtoaster/dkim/master/qmail-remote


- done the mv /var/qmail/bin/qmail-remote /var/qmail/bin/qmail-remote.orig

- copied the downloaded qmail-remote to /var/qmail/bin/qmail-remote

- chmod and changed user:group

and qmail with DKIM seems to work again according to my tests using 
verifier.port25.com


I guess that is all I have to do ?


Cheers,
Finn

-
To unsubscribe, e-mail: qmailtoaster-list-unsubscr...@qmailtoaster.com
For additional commands, e-mail: qmailtoaster-list-h...@qmailtoaster.com

[qmailtoaster] dkim not signed

2021-04-10 Thread Tahnan Al Anas 
Hi,

On my new qmail setup on centos 7. I have found mail are not getting dkim
signed from webmail. DKIM test from server showing sign is ok but testing
from global website showing DKIM-Result: none (no signature). I am using
squirrelmail and roundcube.

[root@qmt2 squirrelmail]# opendkim-testkey - -d corporatefield.com  -k
/var/qmail/control/dkim/corporatefield.com.key -s dkim1
opendkim-testkey: using default configfile /etc/opendkim.conf
opendkim-testkey: /var/qmail/control/dkim/corporatefield.com.key: WARNING:
unsafe permissions
opendkim-testkey: key loaded from
/var/qmail/control/dkim/corporatefield.com.key
opendkim-testkey: checking key 'dkim1._domainkey.corporatefield.com'
opendkim-testkey: key OK


--
--

Best Regards
Muhammad Tahnan Al Anas

[qmailtoaster] DKIM Record

2020-11-17 Thread ChandranManikandan 
Hi Folks,

I have updated my dns record of my qmailtoaster record below from my email
server.

cat /var/qmail/control/dkim/public.txt


dkim1   IN  TXT   "k=rsa; p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNA ..."

But when i tried to send my gmail account it still showed DKIM Fail.

I have ran my standby server one week due to my production server down,
then i have up the production server,
Do i need to regenerate the new dkim record on our server

Appreciate your help.



-- 


*Regards,Manikandan.C*

RE: [qmailtoaster] dkim on qmailtoaster

2020-07-30 Thread Charles Amstutz 
Thanks everyone! I got it working with your help and used your openSSL commands 
(which I appreciate) / opendkim for the other domains.  I really appreciate 
your time and explanations.

> From: Eric Broch 

> The global entry is for everything not specified by domain entries and
> disabled domain entries, e.g.: , in the
> signconf.xml
> 
> On 7/30/2020 2:11 PM, Charles Amstutz wrote:
> > Thanks. That helps.   Is the global for the server? And the domains for each
> domain?
> >
> > From: Tahnan Al Anas 
> >
> > Hi,
> >
> > You need to write sig file for each domain. like see my below file. and you
> also need to put txt file content at your dns.
> >
> > 
> >    
> >     > keyfile="/var/qmail/control/dkim/global.key" method="simple"
> > selector="dkim1">
> >      
> >    
> >
> > 
> >      
> >      
> >    http://xyz.com>
> >
> > 
> >      
> >      
> >    http://abc.com>
> >
> > 
> >      
> >      
> >    http://bbc.com>
> >
> > 
> >
> > --
> > --
> >
> > Best Regards
> > Muhammad Tahnan Al Anas
> >
> >
> > On Fri, Jul 31, 2020 at 2:00 AM Charles Amstutz
>  wrote:
> > Thanks, I appreciate you taking the time to write this up. As I
> > understand the dkim doc (on the website)
> >
> > The globalkey is for all domains?  If I want to host multiple domains, I
> would need to create a key for each domain? And then put I in signconf.xml?
> >
> > Or do I need both?
> >
> > From: Eric Broch 
> >
> > # cd /var/qmail/control/dkim
> > # openssl genrsa -out ./global.key 2048 && openssl rsa -in
> > ./global.key -pubout -out ./temp.txt # cat ./temp.txt | grep -v - | tr
> > -d '\n' | sed '1s/^/dkim1 IN TXT "k=rsa; p=/' &> ./public.txt && echo "\""
> >> ./public.txt && rm ./temp.txt On 7/30/2020 12:33 PM, Eric Broch wrote:
> > You can generate a key with openssl
> > https://lxadm.com/Generating_DKIM_key_with_openssl
> > I'll do a write up for this. Sorry
> > On 7/30/2020 12:30 PM, Charles Amstutz wrote:
> > Hello,
> >
> > I'm trying to follow the steps on qmailtoaster's dkim steps.
> >
> > a. # dknewkey /var/qmail/control/dkim/global.key 1024 >
> > /var/qmail/control/dkim/public.txt
> > b. # perl -pi -e 's/global.key._domainkey/dkim1/'
> > /var/qmail/control/dkim/public.txt
> >
> >
> > I'm using centos 8. Everything is working fine except that I can't locate
> dknewkey and  not sure if /var/qmail/control/dkim/global.key was supposed
> to be generated beforehand. As it is not there. Is dknewkey depreciated?
> Also, is global.key supposed to be there? I saw in one mailing list archive
> from 2017 (something like libdomainkeys) to install this package that no
> longer exists.
> >
> > If it has been depreciated. Is there any replacement/updates.
> >
> > Thanks
> >
> > -
> > To unsubscribe, e-mail:
> > mailto:qmailtoaster-list-unsubscr...@qmailtoaster.com
> > For additional commands, e-mail:
> > mailto:qmailtoaster-list-h...@qmailtoaster.com
> >
> > -
> > To unsubscribe, e-mail: qmailtoaster-list-unsubscr...@qmailtoaster.com
> > For additional commands, e-mail:
> > qmailtoaster-list-h...@qmailtoaster.com
> >
> 
> -
> To unsubscribe, e-mail: qmailtoaster-list-unsubscr...@qmailtoaster.com
> For additional commands, e-mail: qmailtoaster-list-h...@qmailtoaster.com

Re: [qmailtoaster] dkim on qmailtoaster

2020-07-30 Thread Eric Broch 
The global entry is for everything not specified by domain entries and 
disabled domain entries, e.g.: , in the signconf.xml


On 7/30/2020 2:11 PM, Charles Amstutz wrote:

Thanks. That helps.   Is the global for the server? And the domains for each 
domain?

From: Tahnan Al Anas 

Hi,

You need to write sig file for each domain. like see my below file. and you 
also need to put txt file content at your dns.


   
   
     
   


     
     
   http://xyz.com>


     
     
   http://abc.com>


     
     
   http://bbc.com>



--
--

Best Regards
Muhammad Tahnan Al Anas


On Fri, Jul 31, 2020 at 2:00 AM Charles Amstutz  
wrote:
Thanks, I appreciate you taking the time to write this up. As I understand the 
dkim doc (on the website)

The globalkey is for all domains?  If I want to host multiple domains, I would 
need to create a key for each domain? And then put I in signconf.xml?

Or do I need both?
  
From: Eric Broch 


# cd /var/qmail/control/dkim
# openssl genrsa -out ./global.key 2048 && openssl rsa -in ./global.key -pubout 
-out ./temp.txt
# cat ./temp.txt | grep -v - | tr -d '\n' | sed '1s/^/dkim1 IN TXT "k=rsa; p=/' &> ./public.txt && echo 
"\"" >> ./public.txt && rm ./temp.txt
On 7/30/2020 12:33 PM, Eric Broch wrote:
You can generate a key with openssl
https://lxadm.com/Generating_DKIM_key_with_openssl
I'll do a write up for this. Sorry
On 7/30/2020 12:30 PM, Charles Amstutz wrote:
Hello,
  
I'm trying to follow the steps on qmailtoaster's dkim steps.
  
a. # dknewkey /var/qmail/control/dkim/global.key 1024 > /var/qmail/control/dkim/public.txt

b. # perl -pi -e 's/global.key._domainkey/dkim1/' 
/var/qmail/control/dkim/public.txt
  
  
I'm using centos 8. Everything is working fine except that I can't locate dknewkey and  not sure if /var/qmail/control/dkim/global.key was supposed to be generated beforehand. As it is not there. Is dknewkey depreciated? Also, is global.key supposed to be there? I saw in one mailing list archive from 2017 (something like libdomainkeys) to install this package that no longer exists.
  
If it has been depreciated. Is there any replacement/updates.
  
Thanks


-
To unsubscribe, e-mail: mailto:qmailtoaster-list-unsubscr...@qmailtoaster.com
For additional commands, e-mail: mailto:qmailtoaster-list-h...@qmailtoaster.com

-
To unsubscribe, e-mail: qmailtoaster-list-unsubscr...@qmailtoaster.com
For additional commands, e-mail: qmailtoaster-list-h...@qmailtoaster.com



-
To unsubscribe, e-mail: qmailtoaster-list-unsubscr...@qmailtoaster.com
For additional commands, e-mail: qmailtoaster-list-h...@qmailtoaster.com

RE: [qmailtoaster] dkim on qmailtoaster

2020-07-30 Thread Charles Amstutz 
Thanks. That helps.   Is the global for the server? And the domains for each 
domain?

From: Tahnan Al Anas  

Hi, 

You need to write sig file for each domain. like see my below file. and you 
also need to put txt file content at your dns.


  
  
    
  


    
    
  http://xyz.com>


    
    
  http://abc.com>


    
    
  http://bbc.com>



--
--

Best Regards
Muhammad Tahnan Al Anas


On Fri, Jul 31, 2020 at 2:00 AM Charles Amstutz  
wrote:
Thanks, I appreciate you taking the time to write this up. As I understand the 
dkim doc (on the website)

The globalkey is for all domains?  If I want to host multiple domains, I would 
need to create a key for each domain? And then put I in signconf.xml?

Or do I need both?  
 
From: Eric Broch  

# cd /var/qmail/control/dkim
# openssl genrsa -out ./global.key 2048 && openssl rsa -in ./global.key -pubout 
-out ./temp.txt
# cat ./temp.txt | grep -v - | tr -d '\n' | sed '1s/^/dkim1 IN TXT "k=rsa; p=/' 
&> ./public.txt && echo "\"" >> ./public.txt && rm ./temp.txt
On 7/30/2020 12:33 PM, Eric Broch wrote:
You can generate a key with openssl
https://lxadm.com/Generating_DKIM_key_with_openssl
I'll do a write up for this. Sorry
On 7/30/2020 12:30 PM, Charles Amstutz wrote:
Hello,
 
I'm trying to follow the steps on qmailtoaster's dkim steps.
 
a. # dknewkey /var/qmail/control/dkim/global.key 1024 > 
/var/qmail/control/dkim/public.txt
b. # perl -pi -e 's/global.key._domainkey/dkim1/' 
/var/qmail/control/dkim/public.txt
 
 
I'm using centos 8. Everything is working fine except that I can't locate 
dknewkey and  not sure if /var/qmail/control/dkim/global.key was supposed to be 
generated beforehand. As it is not there. Is dknewkey depreciated? Also, is 
global.key supposed to be there? I saw in one mailing list archive from 2017 
(something like libdomainkeys) to install this package that no longer exists. 
 
If it has been depreciated. Is there any replacement/updates.
 
Thanks

-
To unsubscribe, e-mail: mailto:qmailtoaster-list-unsubscr...@qmailtoaster.com
For additional commands, e-mail: mailto:qmailtoaster-list-h...@qmailtoaster.com

-
To unsubscribe, e-mail: qmailtoaster-list-unsubscr...@qmailtoaster.com
For additional commands, e-mail: qmailtoaster-list-h...@qmailtoaster.com

Re: [qmailtoaster] dkim on qmailtoaster

2020-07-30 Thread Tahnan Al Anas 
Hi,

You need to write sig file for each domain. like see my below file. and you
also need to put txt file content at your dns.


  
  

  




  




  




  




--
--

Best Regards
Muhammad Tahnan Al Anas


On Fri, Jul 31, 2020 at 2:00 AM Charles Amstutz  wrote:

> Thanks, I appreciate you taking the time to write this up. As I understand
> the dkim doc (on the website)
>
> The globalkey is for all domains?  If I want to host multiple domains, I
> would need to create a key for each domain? And then put I in signconf.xml?
>
> Or do I need both?
>
> From: Eric Broch 
>
> # cd /var/qmail/control/dkim
> # openssl genrsa -out ./global.key 2048 && openssl rsa -in ./global.key
> -pubout -out ./temp.txt
> # cat ./temp.txt | grep -v - | tr -d '\n' | sed '1s/^/dkim1 IN TXT "k=rsa;
> p=/' &> ./public.txt && echo "\"" >> ./public.txt && rm ./temp.txt
> On 7/30/2020 12:33 PM, Eric Broch wrote:
> You can generate a key with openssl
> https://lxadm.com/Generating_DKIM_key_with_openssl
> I'll do a write up for this. Sorry
> On 7/30/2020 12:30 PM, Charles Amstutz wrote:
> Hello,
>
> I'm trying to follow the steps on qmailtoaster's dkim steps.
>
> a. # dknewkey /var/qmail/control/dkim/global.key 1024 >
> /var/qmail/control/dkim/public.txt
> b. # perl -pi -e 's/global.key._domainkey/dkim1/'
> /var/qmail/control/dkim/public.txt
>
>
> I'm using centos 8. Everything is working fine except that I can't locate
> dknewkey and  not sure if /var/qmail/control/dkim/global.key was supposed
> to be generated beforehand. As it is not there. Is dknewkey depreciated?
> Also, is global.key supposed to be there? I saw in one mailing list archive
> from 2017 (something like libdomainkeys) to install this package that no
> longer exists.
>
> If it has been depreciated. Is there any replacement/updates.
>
> Thanks
>
> -
> To unsubscribe, e-mail: qmailtoaster-list-unsubscr...@qmailtoaster.com
> For additional commands, e-mail: qmailtoaster-list-h...@qmailtoaster.com
>
>

RE: [qmailtoaster] dkim on qmailtoaster

2020-07-30 Thread Charles Amstutz 
Thanks, I appreciate you taking the time to write this up. As I understand the 
dkim doc (on the website)

The globalkey is for all domains?  If I want to host multiple domains, I would 
need to create a key for each domain? And then put I in signconf.xml?

Or do I need both?  
 
From: Eric Broch  

# cd /var/qmail/control/dkim
# openssl genrsa -out ./global.key 2048 && openssl rsa -in ./global.key -pubout 
-out ./temp.txt
# cat ./temp.txt | grep -v - | tr -d '\n' | sed '1s/^/dkim1 IN TXT "k=rsa; p=/' 
&> ./public.txt && echo "\"" >> ./public.txt && rm ./temp.txt
On 7/30/2020 12:33 PM, Eric Broch wrote:
You can generate a key with openssl
https://lxadm.com/Generating_DKIM_key_with_openssl
I'll do a write up for this. Sorry
On 7/30/2020 12:30 PM, Charles Amstutz wrote:
Hello,
 
I'm trying to follow the steps on qmailtoaster's dkim steps.
 
a. # dknewkey /var/qmail/control/dkim/global.key 1024 > 
/var/qmail/control/dkim/public.txt
b. # perl -pi -e 's/global.key._domainkey/dkim1/' 
/var/qmail/control/dkim/public.txt
 
 
I'm using centos 8. Everything is working fine except that I can't locate 
dknewkey and  not sure if /var/qmail/control/dkim/global.key was supposed to be 
generated beforehand. As it is not there. Is dknewkey depreciated? Also, is 
global.key supposed to be there? I saw in one mailing list archive from 2017 
(something like libdomainkeys) to install this package that no longer exists. 
 
If it has been depreciated. Is there any replacement/updates.
 
Thanks

-
To unsubscribe, e-mail: qmailtoaster-list-unsubscr...@qmailtoaster.com
For additional commands, e-mail: qmailtoaster-list-h...@qmailtoaster.com

Re: [qmailtoaster] dkim on qmailtoaster

2020-07-30 Thread Eric Broch 

# cd /var/qmail/control/dkim
# openssl genrsa -out ./global.key 2048 && openssl rsa -in ./global.key 
-pubout -out ./temp.txt
# cat ./temp.txt | grep -v - | tr -d '\n' | sed '1s/^/dkim1 IN TXT 
"k=rsa; p=/' &> ./public.txt && echo "\"" >> ./public.txt && rm ./temp.txt


On 7/30/2020 12:33 PM, Eric Broch wrote:


You can generate a key with openssl

https://lxadm.com/Generating_DKIM_key_with_openssl

I'll do a write up for this. Sorry

On 7/30/2020 12:30 PM, Charles Amstutz wrote:


Hello,

I’m trying to follow the steps on qmailtoaster’s dkim steps.

a.# dknewkey /var/qmail/control/dkim/global.key 1024 > 
/var/qmail/control/dkim/public.txt


b.# perl -pi -e 's/global.key._domainkey/dkim1/' 
/var/qmail/control/dkim/public.txt


I’m using centos 8. Everything is working fine except that I can’t 
locate dknewkey and  not sure if /var/qmail/control/dkim/global.key 
was supposed to be generated beforehand. As it is not there. Is 
dknewkey depreciated? Also, is global.key supposed to be there? I saw 
in one mailing list archive from 2017 (something like libdomainkeys) 
to install this package that no longer exists.


If it has been depreciated. Is there any replacement/updates.

Thanks

Re: [qmailtoaster] dkim on qmailtoaster

2020-07-30 Thread Eric Broch 

You can generate a key with openssl

https://lxadm.com/Generating_DKIM_key_with_openssl

I'll do a write up for this. Sorry

On 7/30/2020 12:30 PM, Charles Amstutz wrote:


Hello,

I’m trying to follow the steps on qmailtoaster’s dkim steps.

a.# dknewkey /var/qmail/control/dkim/global.key 1024 > 
/var/qmail/control/dkim/public.txt


b.# perl -pi -e 's/global.key._domainkey/dkim1/' 
/var/qmail/control/dkim/public.txt


I’m using centos 8. Everything is working fine except that I can’t 
locate dknewkey and  not sure if /var/qmail/control/dkim/global.key 
was supposed to be generated beforehand. As it is not there. Is 
dknewkey depreciated? Also, is global.key supposed to be there? I saw 
in one mailing list archive from 2017 (something like libdomainkeys) 
to install this package that no longer exists.


If it has been depreciated. Is there any replacement/updates.

Thanks

[qmailtoaster] dkim on qmailtoaster

2020-07-30 Thread Charles Amstutz 
Hello,

I'm trying to follow the steps on qmailtoaster's dkim steps.

a.  # dknewkey /var/qmail/control/dkim/global.key 1024 > 
/var/qmail/control/dkim/public.txt
b.  # perl -pi -e 's/global.key._domainkey/dkim1/' 
/var/qmail/control/dkim/public.txt


I'm using centos 8. Everything is working fine except that I can't locate 
dknewkey and  not sure if /var/qmail/control/dkim/global.key was supposed to be 
generated beforehand. As it is not there. Is dknewkey depreciated? Also, is 
global.key supposed to be there? I saw in one mailing list archive from 2017 
(something like libdomainkeys) to install this package that no longer exists.

If it has been depreciated. Is there any replacement/updates.

Thanks

Re: [qmailtoaster] DKIM on CentOS 8

2020-07-20 Thread Angus McIntyre 

Thanks for the quick response, but this is a little ambiguous. Do you mean:

  1. CentOS 8 + qmailtoaster is stable enough that you were planning
 to convert your existing mailserver ('my system') to C8, or
  2. CentOS 8 is stable enough that you were planning to convert all
 your qmailtoaster install scripts ('my system') to C8?

If it's (1), that sounds like a recommendation for doing new installs on 
CentOS 8; if it's (2), that sounds like I should wait.


Thanks for any clarification,

Angus


Eric Broch wrote on 7/20/20 9:17 AM:
I was going to convert my system over to it, just haven't gotten around 
to it yet.


On 7/20/2020 7:10 AM, Angus McIntyre wrote:

What's the status of qmailtoaster on CentOS 8?

Is it stable enough that you'd recommend new installs to be built on 
CentOS 8, or should we stay with the tried and tested CentOS 7?


Thanks,

Angus



Eric Broch wrote on 7/19/20 11:02 PM:

https://lxadm.com/Generating_DKIM_key_with_openssl

On 7/19/2020 7:36 PM, Remo Mattei wrote:
Hello guys, I am building a new box, has anyone installed and 
configure the DKIM ? Looks like the docs are only on CentOS 7 and 
the gen is for the lib which is not on CentOS 8


Thanks,
Remo
-
To unsubscribe, e-mail: qmailtoaster-list-unsubscr...@qmailtoaster.com
For additional commands, e-mail: 
qmailtoaster-list-h...@qmailtoaster.com




-
To unsubscribe, e-mail: qmailtoaster-list-unsubscr...@qmailtoaster.com
For additional commands, e-mail: qmailtoaster-list-h...@qmailtoaster.com



-
To unsubscribe, e-mail: qmailtoaster-list-unsubscr...@qmailtoaster.com
For additional commands, e-mail: qmailtoaster-list-h...@qmailtoaster.com



-
To unsubscribe, e-mail: qmailtoaster-list-unsubscr...@qmailtoaster.com
For additional commands, e-mail: qmailtoaster-list-h...@qmailtoaster.com



-
To unsubscribe, e-mail: qmailtoaster-list-unsubscr...@qmailtoaster.com
For additional commands, e-mail: qmailtoaster-list-h...@qmailtoaster.com

Re: [qmailtoaster] DKIM on CentOS 8

2020-07-20 Thread Eric Broch 
I was going to convert my system over to it, just haven't gotten around 
to it yet.


On 7/20/2020 7:10 AM, Angus McIntyre wrote:

What's the status of qmailtoaster on CentOS 8?

Is it stable enough that you'd recommend new installs to be built on 
CentOS 8, or should we stay with the tried and tested CentOS 7?


Thanks,

Angus



Eric Broch wrote on 7/19/20 11:02 PM:

https://lxadm.com/Generating_DKIM_key_with_openssl

On 7/19/2020 7:36 PM, Remo Mattei wrote:
Hello guys, I am building a new box, has anyone installed and 
configure the DKIM ? Looks like the docs are only on CentOS 7 and 
the gen is for the lib which is not on CentOS 8


Thanks,
Remo
-
To unsubscribe, e-mail: qmailtoaster-list-unsubscr...@qmailtoaster.com
For additional commands, e-mail: 
qmailtoaster-list-h...@qmailtoaster.com




-
To unsubscribe, e-mail: qmailtoaster-list-unsubscr...@qmailtoaster.com
For additional commands, e-mail: qmailtoaster-list-h...@qmailtoaster.com



-
To unsubscribe, e-mail: qmailtoaster-list-unsubscr...@qmailtoaster.com
For additional commands, e-mail: qmailtoaster-list-h...@qmailtoaster.com



-
To unsubscribe, e-mail: qmailtoaster-list-unsubscr...@qmailtoaster.com
For additional commands, e-mail: qmailtoaster-list-h...@qmailtoaster.com

Re: [qmailtoaster] DKIM on CentOS 8

2020-07-20 Thread Angus McIntyre 

What's the status of qmailtoaster on CentOS 8?

Is it stable enough that you'd recommend new installs to be built on 
CentOS 8, or should we stay with the tried and tested CentOS 7?


Thanks,

Angus



Eric Broch wrote on 7/19/20 11:02 PM:

https://lxadm.com/Generating_DKIM_key_with_openssl

On 7/19/2020 7:36 PM, Remo Mattei wrote:
Hello guys, I am building a new box, has anyone installed and 
configure the DKIM ? Looks like the docs are only on CentOS 7 and the 
gen is for the lib which is not on CentOS 8


Thanks,
Remo
-
To unsubscribe, e-mail: qmailtoaster-list-unsubscr...@qmailtoaster.com
For additional commands, e-mail: qmailtoaster-list-h...@qmailtoaster.com



-
To unsubscribe, e-mail: qmailtoaster-list-unsubscr...@qmailtoaster.com
For additional commands, e-mail: qmailtoaster-list-h...@qmailtoaster.com



-
To unsubscribe, e-mail: qmailtoaster-list-unsubscr...@qmailtoaster.com
For additional commands, e-mail: qmailtoaster-list-h...@qmailtoaster.com

Re: [qmailtoaster] DKIM on CentOS 8

2020-07-19 Thread Eric Broch 

https://lxadm.com/Generating_DKIM_key_with_openssl

On 7/19/2020 7:36 PM, Remo Mattei wrote:

Hello guys, I am building a new box, has anyone installed and configure the 
DKIM ? Looks like the docs are only on CentOS 7 and the gen is for the lib 
which is not on CentOS 8

Thanks,
Remo
-
To unsubscribe, e-mail: qmailtoaster-list-unsubscr...@qmailtoaster.com
For additional commands, e-mail: qmailtoaster-list-h...@qmailtoaster.com



-
To unsubscribe, e-mail: qmailtoaster-list-unsubscr...@qmailtoaster.com
For additional commands, e-mail: qmailtoaster-list-h...@qmailtoaster.com

[qmailtoaster] DKIM on CentOS 8

2020-07-19 Thread Remo Mattei 
Hello guys, I am building a new box, has anyone installed and configure the 
DKIM ? Looks like the docs are only on CentOS 7 and the gen is for the lib 
which is not on CentOS 8

Thanks, 
Remo
-
To unsubscribe, e-mail: qmailtoaster-list-unsubscr...@qmailtoaster.com
For additional commands, e-mail: qmailtoaster-list-h...@qmailtoaster.com

Re: [qmailtoaster] DKIM Verification Question

2020-06-03 Thread Gary Bowling 

  
  


To save you some searching. Here's a page with a lot of good
  info. It's about how to do all this on postfix, so it's not a
  cookie cutter for doing it on our toaster, but good info
  nonetheless. He also uses "opendmarc" to process DMARC things, but
  spamasssassin also has it built in as per my previous note. 



https://www.skelleton.net/2015/03/21/how-to-eliminate-spam-and-protect-your-name-with-dmarc/


Gary


On 6/3/2020 11:12 AM, Eric Broch wrote:


  
  Thanks, Gary.
  I'll have a look
  
  On 6/3/2020 8:52 AM, Gary Bowling
wrote:
  
  

 

Further to this subject. I am learning that there are more
  pieces that can help us out. Spamassassin gives us a way to
  assign a spam score to messages with various DKIM results. But
  it doesn't know what the original sender wanted us to do with
  messages that have DKIM problems, therefore we just default to
  giving scores with some predetermined weighting.


There are two more tools, ADSP (Author Domain Signing
  Practices), and DMARC (Domain based Message Authentication,
  Reporting and Conformance). Which are both fancy ways of
  saying, "I want to tell other servers that messages from MY
  server should have DKIM and what to do if they don't"


For outbound mail, both ADSP and DMARC simply require you to
  set up DNS TXT records telling remote servers how to handle
  messages received from your server. If you want to use either
  of these, do a search for them and you'll find info on how to
  set up the DNS records. Without explanation of all the fields,
  here's what I put in my bind DNS.


_adsp._domainkey.mail  IN TXT    "dkim=all"

_demarc.mail    IN   TXT   "v=DMARC1; p=quarantine; rua=mailto:postmas...@example.com;
  ruf=mailto:postmas...@example.com;
  fo=1; adkim=r; aspf=r; pct=100; rf=afrf; ri=86400;
  sp=quarantine"



For inbound mail, we can set up spamassassin to query DNS
  records for inbound mail and score them based on info that
  others might have configured in DMARC. It requires a plugin
  called AskDNS, but that looks to already be available in our
  spamassassin and also in the EPEL version of spamassassin, so
  it should just require us to assign scores. Here's what I have
  configured in my /etc/spamassassin/local.cf



ifplugin Mail::SpamAssassin::Plugin::AskDNS
  askdns __DMARC_POLICY_NONE _dmarc._AUTHORDOMAIN_ TXT
  /^v=DMARC1;.*\bp=none;/
  askdns __DMARC_POLICY_QUAR _dmarc._AUTHORDOMAIN_ TXT
  /^v=DMARC1;.*\bp=quarantine;/
  askdns __DMARC_POLICY_REJECT _dmarc._AUTHORDOMAIN_ TXT
  /^v=DMARC1;.*\bp=reject;/
  
  meta DMARC_REJECT !(DKIM_VALID_AU || SPF_PASS) &&
  __DMARC_POLICY_REJECT
  score DMARC_REJECT 10
  meta DMARC_QUAR !(DKIM_VALID_AU || SPF_PASS) &&
  __DMARC_POLICY_QUAR
  score DMARC_QUAR 5
  meta DMARC_NONE !(DKIM_VALID_AU || SPF_PASS) &&
  __DMARC_POLICY_NONE
  score DMARC_NONE 0.1
  endif # Mail::SpamAssassin::Plugin::AskDNS










On 6/2/2020 5:12 PM, Gary Bowling
  wrote:


  
  
  
  Yea, I had already looked in there, they aren't there. I
eventually found them in 
  
  
  
  /usr/share/perl5/vendor_perl/Mail/SpamAssassin/Plugin/DKIM.pm
  
  
  Looks like the defaults are, 
  
    score DKIM_ADSP_ALL  2.5
  score DKIM_ADSP_DISCARD 25
  score DKIM_ADSP_NXDOMAIN 3

  score DKIM_ADSP_CUSTOM_LOW   1
  score DKIM_ADSP_CUSTOM_MED   3.5
  score DKIM_ADSP_CUSTOM_HIGH  8
  
  
  For right now, I'm going to adjust a few of these and also
adjust some of the SPF settings. Here's what I'm trying
right now in my /etc/spamassassin/local.cf
  
  
  
  
#Adjust scores for SPF FAIL
score SPF_FAIL 4.0
score SPF_HELO_FAIL 4.0
score SPF_HELO_SOFTFAIL 3.0
score SPF_SOFTFAIL 3.0
 
#adjust DKIM scores
score DKIM_ADSP_ALL 3.0
score DKIM_ADSP_DISCARD  10.0
score DKIM_ADSP_NXDOMAIN 3.0

  

  
Thanks, Gary

Re: [qmailtoaster] DKIM Verification Question

2020-06-03 Thread Eric Broch 

Thanks, Gary.

I'll have a look

On 6/3/2020 8:52 AM, Gary Bowling wrote:



Further to this subject. I am learning that there are more pieces that 
can help us out. Spamassassin gives us a way to assign a spam score to 
messages with various DKIM results. But it doesn't know what the 
original sender wanted us to do with messages that have DKIM problems, 
therefore we just default to giving scores with some predetermined 
weighting.



There are two more tools, ADSP (Author Domain Signing Practices), and 
DMARC (Domain based Message Authentication, Reporting and 
Conformance). Which are both fancy ways of saying, "I want to tell 
other servers that messages from MY server should have DKIM and what 
to do if they don't"



For outbound mail, both ADSP and DMARC simply require you to set up 
DNS TXT records telling remote servers how to handle messages received 
from your server. If you want to use either of these, do a search for 
them and you'll find info on how to set up the DNS records. Without 
explanation of all the fields, here's what I put in my bind DNS.



_adsp._domainkey.mail  IN TXT    "dkim=all"

_demarc.mail    IN   TXT   "v=DMARC1; p=quarantine; 
rua=mailto:postmas...@example.com; ruf=mailto:postmas...@example.com; 
fo=1; adkim=r; aspf=r; pct=100; rf=afrf; ri=86400; sp=quarantine"



For inbound mail, we can set up spamassassin to query DNS records for 
inbound mail and score them based on info that others might have 
configured in DMARC. It requires a plugin called AskDNS, but that 
looks to already be available in our spamassassin and also in the EPEL 
version of spamassassin, so it should just require us to assign 
scores. Here's what I have configured in my /etc/spamassassin/local.cf



ifplugin Mail::SpamAssassin::Plugin::AskDNS
askdns __DMARC_POLICY_NONE _dmarc._AUTHORDOMAIN_ TXT 
/^v=DMARC1;.*\bp=none;/
askdns __DMARC_POLICY_QUAR _dmarc._AUTHORDOMAIN_ TXT 
/^v=DMARC1;.*\bp=quarantine;/
askdns __DMARC_POLICY_REJECT _dmarc._AUTHORDOMAIN_ TXT 
/^v=DMARC1;.*\bp=reject;/


meta DMARC_REJECT !(DKIM_VALID_AU || SPF_PASS) && __DMARC_POLICY_REJECT
score DMARC_REJECT 10
meta DMARC_QUAR !(DKIM_VALID_AU || SPF_PASS) && __DMARC_POLICY_QUAR
score DMARC_QUAR 5
meta DMARC_NONE !(DKIM_VALID_AU || SPF_PASS) && __DMARC_POLICY_NONE
score DMARC_NONE 0.1
endif # Mail::SpamAssassin::Plugin::AskDNS






On 6/2/2020 5:12 PM, Gary Bowling wrote:



Yea, I had already looked in there, they aren't there. I eventually 
found them in



/usr/share/perl5/vendor_perl/Mail/SpamAssassin/Plugin/DKIM.pm


Looks like the defaults are,

  score DKIM_ADSP_ALL  2.5
  score DKIM_ADSP_DISCARD 25
  score DKIM_ADSP_NXDOMAIN 3

  score DKIM_ADSP_CUSTOM_LOW   1
  score DKIM_ADSP_CUSTOM_MED   3.5
  score DKIM_ADSP_CUSTOM_HIGH  8


For right now, I'm going to adjust a few of these and also adjust 
some of the SPF settings. Here's what I'm trying right now in my 
/etc/spamassassin/local.cf



|#Adjust scores for SPF FAIL|
|score SPF_FAIL 4.0|
|score SPF_HELO_FAIL 4.0|
|score SPF_HELO_SOFTFAIL 3.0|
|score SPF_SOFTFAIL 3.0|
|#adjust DKIM scores|
|score DKIM_ADSP_ALL 3.0|
|score DKIM_ADSP_DISCARD  10.0|
|score DKIM_ADSP_NXDOMAIN 3.0|
|
|
|
|
|Thanks, Gary
|



On 6/2/2020 12:29 PM, Eric Broch wrote:


Gary,

The stock scores for spamassassin are in /usr/share/spamassassin/*.cf.

# grep DKIM /usr/share/spamassassin/*.cf

For your local configuration you can override the scores in 
/etc/mail/spamassassin/local.cf on COS8 or 
/etc/spamassassin/local.cf on COS7. I know THAT one can manipulate 
scores to fit their needs with spamassassin, however, I have NEVER 
done it. This is me sloughing it off. ;-) The reason I like 
spamassassin DKIM verification is because it doesn't just reject bad 
DKIM which as you mentioned can have bad effects but scores it with 
other things for rejection.


If you find some configuration that suits you and your system I'd we 
willing to post in on the QMT web as a stock 'QMT' setting.


Eric

On 6/2/2020 10:11 AM, Gary Bowling wrote:



Thanks Eric. What is the config setting in local.cf to change the 
DKIM scoring? I don't find any setting in my /etc/spamassassin/ 
directories that sets that score. Is the scoring for the stock EPEL 
local.cf different from what we have? I assume not since you said 
you didn't tailor any of that in QMT.



I think that's a good move to use the stock spamassassin from EPEL.


As DKIM seems to be more pervasive these days, I might be tempted 
to increase the score in spamassassin if I can find the local.cf 
setting.



Thanks, Gary


On 6/2/2020 11:56 AM, Eric Broch wrote:


Hi Gary,

My intent, which I articulated in another email on the list and 
instead of reinventing the wheel, was exactly as you deduced in 
your email, that is, to allow spamassassin to score DKIM which it 
does; however, I have not done anything as far as a tailoring 
configuration for QMT and was content to allow users that scoring 
decision. My goal is to drop the specially created

Re: [qmailtoaster] DKIM Verification Question

2020-06-03 Thread Gary Bowling 

  
  
 

Further to this subject. I am learning that there are more pieces
  that can help us out. Spamassassin gives us a way to assign a spam
  score to messages with various DKIM results. But it doesn't know
  what the original sender wanted us to do with messages that have
  DKIM problems, therefore we just default to giving scores with
  some predetermined weighting.


There are two more tools, ADSP (Author Domain Signing Practices),
  and DMARC (Domain based Message Authentication, Reporting and
  Conformance). Which are both fancy ways of saying, "I want to tell
  other servers that messages from MY server should have DKIM and
  what to do if they don't"


For outbound mail, both ADSP and DMARC simply require you to set
  up DNS TXT records telling remote servers how to handle messages
  received from your server. If you want to use either of these, do
  a search for them and you'll find info on how to set up the DNS
  records. Without explanation of all the fields, here's what I put
  in my bind DNS.


_adsp._domainkey.mail  IN TXT    "dkim=all"

_demarc.mail    IN   TXT   "v=DMARC1; p=quarantine;
  rua=mailto:postmas...@example.com;
  ruf=mailto:postmas...@example.com; fo=1; adkim=r; aspf=r; pct=100;
  rf=afrf; ri=86400; sp=quarantine"



For inbound mail, we can set up spamassassin to query DNS records
  for inbound mail and score them based on info that others might
  have configured in DMARC. It requires a plugin called AskDNS, but
  that looks to already be available in our spamassassin and also in
  the EPEL version of spamassassin, so it should just require us to
  assign scores. Here's what I have configured in my
  /etc/spamassassin/local.cf



ifplugin Mail::SpamAssassin::Plugin::AskDNS
  askdns __DMARC_POLICY_NONE _dmarc._AUTHORDOMAIN_ TXT
  /^v=DMARC1;.*\bp=none;/
  askdns __DMARC_POLICY_QUAR _dmarc._AUTHORDOMAIN_ TXT
  /^v=DMARC1;.*\bp=quarantine;/
  askdns __DMARC_POLICY_REJECT _dmarc._AUTHORDOMAIN_ TXT
  /^v=DMARC1;.*\bp=reject;/
  
  meta DMARC_REJECT !(DKIM_VALID_AU || SPF_PASS) &&
  __DMARC_POLICY_REJECT
  score DMARC_REJECT 10
  meta DMARC_QUAR !(DKIM_VALID_AU || SPF_PASS) &&
  __DMARC_POLICY_QUAR
  score DMARC_QUAR 5
  meta DMARC_NONE !(DKIM_VALID_AU || SPF_PASS) &&
  __DMARC_POLICY_NONE
  score DMARC_NONE 0.1
  endif # Mail::SpamAssassin::Plugin::AskDNS










On 6/2/2020 5:12 PM, Gary Bowling
  wrote:


  
  
  
  Yea, I had already looked in there, they aren't there. I
eventually found them in 
  
  
  
  /usr/share/perl5/vendor_perl/Mail/SpamAssassin/Plugin/DKIM.pm
  
  
  Looks like the defaults are, 
  
    score DKIM_ADSP_ALL  2.5
  score DKIM_ADSP_DISCARD 25
  score DKIM_ADSP_NXDOMAIN 3

  score DKIM_ADSP_CUSTOM_LOW   1
  score DKIM_ADSP_CUSTOM_MED   3.5
  score DKIM_ADSP_CUSTOM_HIGH  8
  
  
  For right now, I'm going to adjust a few of these and also
adjust some of the SPF settings. Here's what I'm trying right
now in my /etc/spamassassin/local.cf
  
  
  
  
#Adjust scores for SPF FAIL
score
SPF_FAIL 4.0
score
SPF_HELO_FAIL 4.0
score
SPF_HELO_SOFTFAIL 3.0
score
SPF_SOFTFAIL 3.0
 
#adjust DKIM scores
score
DKIM_ADSP_ALL 3.0
score
DKIM_ADSP_DISCARD  10.0
score
DKIM_ADSP_NXDOMAIN 3.0

  

  
Thanks,
Gary
  
  
  
  
  
  
  On 6/2/2020 12:29 PM, Eric Broch
wrote:
  
  

Gary,
The stock scores for spamassassin are in
  /usr/share/spamassassin/*.cf. 

# grep DKIM /usr/share/spamassassin/*.cf
For your local configuration you can override the scores in
  /etc/mail/spamassassin/local.cf on COS8 or
  /etc/spamassassin/local.cf on COS7. I know THAT one can
  manipulate scores to fit their needs with spamassassin,
  however, I have NEVER done it. This is me sloughing it off.
  ;-) The reason I like spamassassin DKIM verification is
  because it doesn't just reject bad DKIM which as you mentioned
  can have bad effects but scores it with other things for
  rejection.

If you find some configuration that suits you and your system
  I'd we willing to post in on the QMT web as a stock 'QMT'
  setting.
Eric

On 6/2/2020 10:11 AM, Gary Bowling
  wrote:

Re: [qmailtoaster] DKIM Verification Question

2020-06-02 Thread Gary Bowling 

  
  


Yea, I had already looked in there, they aren't there. I
  eventually found them in 



/usr/share/perl5/vendor_perl/Mail/SpamAssassin/Plugin/DKIM.pm


Looks like the defaults are, 

  score DKIM_ADSP_ALL  2.5
    score DKIM_ADSP_DISCARD 25
    score DKIM_ADSP_NXDOMAIN 3
  
    score DKIM_ADSP_CUSTOM_LOW   1
    score DKIM_ADSP_CUSTOM_MED   3.5
    score DKIM_ADSP_CUSTOM_HIGH  8


For right now, I'm going to adjust a few of these and also adjust
  some of the SPF settings. Here's what I'm trying right now in my
  /etc/spamassassin/local.cf




  #Adjust
  scores for SPF FAIL
  score
  SPF_FAIL 4.0
  score
  SPF_HELO_FAIL 4.0
  score
  SPF_HELO_SOFTFAIL 3.0
  score
  SPF_SOFTFAIL 3.0
   
  #adjust
  DKIM scores
  score
  DKIM_ADSP_ALL 3.0
  score
  DKIM_ADSP_DISCARD  10.0
  score
  DKIM_ADSP_NXDOMAIN 3.0
  

  

  Thanks,
  Gary






On 6/2/2020 12:29 PM, Eric Broch wrote:


  
  Gary,
  The stock scores for spamassassin are in
/usr/share/spamassassin/*.cf. 
  
  # grep DKIM /usr/share/spamassassin/*.cf
  For your local configuration you can override the scores in
/etc/mail/spamassassin/local.cf on COS8 or
/etc/spamassassin/local.cf on COS7. I know THAT one can
manipulate scores to fit their needs with spamassassin, however,
I have NEVER done it. This is me sloughing it off. ;-) The
reason I like spamassassin DKIM verification is because it
doesn't just reject bad DKIM which as you mentioned can have bad
effects but scores it with other things for rejection.
  
  If you find some configuration that suits you and your system
I'd we willing to post in on the QMT web as a stock 'QMT'
setting.
  Eric
  
  On 6/2/2020 10:11 AM, Gary Bowling
wrote:
  
  


  Thanks Eric. What is the config setting in local.cf to change
  the DKIM scoring? I don't find any setting in my
  /etc/spamassassin/ directories that sets that score. Is the
  scoring for the stock EPEL local.cf different from what we
  have? I assume not since you said you didn't tailor any of
  that in QMT. 



I think that's a good move to use the stock spamassassin from
  EPEL.


As DKIM seems to be more pervasive these days, I might be
  tempted to increase the score in spamassassin if I can find
  the local.cf setting.



Thanks, Gary 



On 6/2/2020 11:56 AM, Eric Broch
  wrote:


  
  Hi Gary,
  My intent, which I articulated in another email on the list
and instead of reinventing the wheel, was exactly as you
deduced in your email, that is, to allow spamassassin to
score DKIM which it does; however, I have not done anything
as far as a tailoring configuration for QMT and was content
to allow users that scoring decision. My goal is to drop the
specially created QMT spamassassin (and clamav) rpm, which
I've done in CentOS 8, and use the stock rpm from EPEL.
  I think you can override default scoring for DKIM in
/etc/spamassassin/local.cf on COS7 and
/etc/mail/spamassassin/local.cf on COS8.
  Eric
  
  On 6/2/2020 8:09 AM, Gary Bowling
wrote:
  
  

What is everyone doing these days for DKIM verification,
  i.e. checking incoming mail for DKIM signatures?


Background
Many years ago, when DKIM was first introduced to the
  toaster (maybe it was even in the Shupp's toaster days), I
  installed and turned on incoming DKIM verification.
  Initially I set it to "reject" unsigned email and of
  course that was a disaster as it blocked most everything.


Back then, the choice was to have it verify emails, but
  not block them, or remove verification. I made the
  decision that checking without doing anything was a waste
  of resources, so I removed any DKIM verification. I don't
  remember how I did all this, as it was years ago.


Then at some point DKIM verification was added to
  spamassassin, or maybe it was always there but we didn't
  implement the plugin. At any rate, spamassassin DKIM

Re: [qmailtoaster] DKIM Verification Question

2020-06-02 Thread Eric Broch 

Gary,

The stock scores for spamassassin are in /usr/share/spamassassin/*.cf.

# grep DKIM /usr/share/spamassassin/*.cf

For your local configuration you can override the scores in 
/etc/mail/spamassassin/local.cf on COS8 or /etc/spamassassin/local.cf on 
COS7. I know THAT one can manipulate scores to fit their needs with 
spamassassin, however, I have NEVER done it. This is me sloughing it 
off. ;-) The reason I like spamassassin DKIM verification is because it 
doesn't just reject bad DKIM which as you mentioned can have bad effects 
but scores it with other things for rejection.


If you find some configuration that suits you and your system I'd we 
willing to post in on the QMT web as a stock 'QMT' setting.


Eric

On 6/2/2020 10:11 AM, Gary Bowling wrote:



Thanks Eric. What is the config setting in local.cf to change the DKIM 
scoring? I don't find any setting in my /etc/spamassassin/ directories 
that sets that score. Is the scoring for the stock EPEL local.cf 
different from what we have? I assume not since you said you didn't 
tailor any of that in QMT.



I think that's a good move to use the stock spamassassin from EPEL.


As DKIM seems to be more pervasive these days, I might be tempted to 
increase the score in spamassassin if I can find the local.cf setting.



Thanks, Gary


On 6/2/2020 11:56 AM, Eric Broch wrote:


Hi Gary,

My intent, which I articulated in another email on the list and 
instead of reinventing the wheel, was exactly as you deduced in your 
email, that is, to allow spamassassin to score DKIM which it does; 
however, I have not done anything as far as a tailoring configuration 
for QMT and was content to allow users that scoring decision. My goal 
is to drop the specially created QMT spamassassin (and clamav) rpm, 
which I've done in CentOS 8, and use the stock rpm from EPEL.


I think you can override default scoring for DKIM in 
/etc/spamassassin/local.cf on COS7 and 
/etc/mail/spamassassin/local.cf on COS8.


Eric

On 6/2/2020 8:09 AM, Gary Bowling wrote:


What is everyone doing these days for DKIM verification, i.e. 
checking incoming mail for DKIM signatures?



Background

Many years ago, when DKIM was first introduced to the toaster (maybe 
it was even in the Shupp's toaster days), I installed and turned on 
incoming DKIM verification. Initially I set it to "reject" unsigned 
email and of course that was a disaster as it blocked most everything.



Back then, the choice was to have it verify emails, but not block 
them, or remove verification. I made the decision that checking 
without doing anything was a waste of resources, so I removed any 
DKIM verification. I don't remember how I did all this, as it was 
years ago.



Then at some point DKIM verification was added to spamassassin, or 
maybe it was always there but we didn't implement the plugin. At any 
rate, spamassassin DKIM verification was added to the toaster.



Which seems like a good thing as spamassassin can assign a score to 
DKIM verification which plays into whether a msg is marked as spam 
or not. The problem with it though, is the score for NOT being 
verified is very low, something like .01, which essentially does 
nothing. I can't find any "user" added parameter that would increase 
that score and don't really know if that's a good thing to try to 
do. If it were a good thing, I would think it would be a commonly 
used setting, which doesn't appear to be the case.



What to do in 2020?

So the question is, what to do about DKIM verification in 2020? From 
the way my server is configured it appears to be useless. But maybe 
that's because I don't know how to best configure it.



Side Note

On a side note, I do use outbound DKIM and have DNS set up, etc. I 
have no idea if this is useful or not, but I'll leave it, hoping 
that somehow this reduces my probability of being rejected by some 
server out there. But from what I can tell, it really does nothing. 
Seems to me DKIM is nothing more than an exercise in futility and 
extra work for postmasters :)



--

Gary Bowling
The Moderns on Spotify 



- 
To unsubscribe, e-mail: 
qmailtoaster-list-unsubscr...@qmailtoaster.com For additional 
commands, e-mail: qmailtoaster-list-h...@qmailtoaster.com 
- 
To unsubscribe, e-mail: qmailtoaster-list-unsubscr...@qmailtoaster.com 
For additional commands, e-mail: qmailtoaster-list-h...@qmailtoaster.com

Re: [qmailtoaster] DKIM Verification Question

2020-06-02 Thread Gary Bowling 

  
  

  Thanks Eric. What is the config setting in local.cf to change the
  DKIM scoring? I don't find any setting in my /etc/spamassassin/
  directories that sets that score. Is the scoring for the stock
  EPEL local.cf different from what we have? I assume not since you
  said you didn't tailor any of that in QMT. 



I think that's a good move to use the stock spamassassin from
  EPEL.


As DKIM seems to be more pervasive these days, I might be tempted
  to increase the score in spamassassin if I can find the local.cf
  setting.



Thanks, Gary 



On 6/2/2020 11:56 AM, Eric Broch wrote:


  
  Hi Gary,
  My intent, which I articulated in another email on the list and
instead of reinventing the wheel, was exactly as you deduced in
your email, that is, to allow spamassassin to score DKIM which
it does; however, I have not done anything as far as a tailoring
configuration for QMT and was content to allow users that
scoring decision. My goal is to drop the specially created QMT
spamassassin (and clamav) rpm, which I've done in CentOS 8, and
use the stock rpm from EPEL.
  I think you can override default scoring for DKIM in
/etc/spamassassin/local.cf on COS7 and
/etc/mail/spamassassin/local.cf on COS8.
  Eric
  
  On 6/2/2020 8:09 AM, Gary Bowling
wrote:
  
  

What is everyone doing these days for DKIM verification, i.e.
  checking incoming mail for DKIM signatures?


Background
Many years ago, when DKIM was first introduced to the toaster
  (maybe it was even in the Shupp's toaster days), I installed
  and turned on incoming DKIM verification. Initially I set it
  to "reject" unsigned email and of course that was a disaster
  as it blocked most everything.


Back then, the choice was to have it verify emails, but not
  block them, or remove verification. I made the decision that
  checking without doing anything was a waste of resources, so I
  removed any DKIM verification. I don't remember how I did all
  this, as it was years ago.


Then at some point DKIM verification was added to
  spamassassin, or maybe it was always there but we didn't
  implement the plugin. At any rate, spamassassin DKIM
  verification was added to the toaster.


Which seems like a good thing as spamassassin can assign a
  score to DKIM verification which plays into whether a msg is
  marked as spam or not. The problem with it though, is the
  score for NOT being verified is very low, something like .01,
  which essentially does nothing. I can't find any "user" added
  parameter that would increase that score and don't really know
  if that's a good thing to try to do. If it were a good thing,
  I would think it would be a commonly used setting, which
  doesn't appear to be the case.


What to do in 2020?
So the question is, what to do about DKIM verification in
  2020? From the way my server is configured it appears to be
  useless. But maybe that's because I don't know how to best
  configure it.


Side Note
On a side note, I do use outbound DKIM and have DNS set up,
  etc. I have no idea if this is useful or not, but I'll leave
  it, hoping that somehow this reduces my probability of being
  rejected by some server out there. But from what I can tell,
  it really does nothing. Seems to me DKIM is nothing more than
  an exercise in futility and extra work for postmasters :)



-- 
  
  Gary Bowling
   The Moderns on Spotify 
  

- To
unsubscribe, e-mail: qmailtoaster-list-unsubscr...@qmailtoaster.com
For additional commands, e-mail: qmailtoaster-list-h...@qmailtoaster.com
  

  


-
To unsubscribe, e-mail: qmailtoaster-list-unsubscr...@qmailtoaster.com
For additional commands, e-mail: qmailtoaster-list-h...@qmailtoaster.com

Re: [qmailtoaster] DKIM Verification Question

2020-06-02 Thread Eric Broch 

Hi Gary,

My intent, which I articulated in another email on the list and instead 
of reinventing the wheel, was exactly as you deduced in your email, that 
is, to allow spamassassin to score DKIM which it does; however, I have 
not done anything as far as a tailoring configuration for QMT and was 
content to allow users that scoring decision. My goal is to drop the 
specially created QMT spamassassin (and clamav) rpm, which I've done in 
CentOS 8, and use the stock rpm from EPEL.


I think you can override default scoring for DKIM in 
/etc/spamassassin/local.cf on COS7 and /etc/mail/spamassassin/local.cf 
on COS8.


Eric

On 6/2/2020 8:09 AM, Gary Bowling wrote:


What is everyone doing these days for DKIM verification, i.e. checking 
incoming mail for DKIM signatures?



Background

Many years ago, when DKIM was first introduced to the toaster (maybe 
it was even in the Shupp's toaster days), I installed and turned on 
incoming DKIM verification. Initially I set it to "reject" unsigned 
email and of course that was a disaster as it blocked most everything.



Back then, the choice was to have it verify emails, but not block 
them, or remove verification. I made the decision that checking 
without doing anything was a waste of resources, so I removed any DKIM 
verification. I don't remember how I did all this, as it was years ago.



Then at some point DKIM verification was added to spamassassin, or 
maybe it was always there but we didn't implement the plugin. At any 
rate, spamassassin DKIM verification was added to the toaster.



Which seems like a good thing as spamassassin can assign a score to 
DKIM verification which plays into whether a msg is marked as spam or 
not. The problem with it though, is the score for NOT being verified 
is very low, something like .01, which essentially does nothing. I 
can't find any "user" added parameter that would increase that score 
and don't really know if that's a good thing to try to do. If it were 
a good thing, I would think it would be a commonly used setting, which 
doesn't appear to be the case.



What to do in 2020?

So the question is, what to do about DKIM verification in 2020? From 
the way my server is configured it appears to be useless. But maybe 
that's because I don't know how to best configure it.



Side Note

On a side note, I do use outbound DKIM and have DNS set up, etc. I 
have no idea if this is useful or not, but I'll leave it, hoping that 
somehow this reduces my probability of being rejected by some server 
out there. But from what I can tell, it really does nothing. Seems to 
me DKIM is nothing more than an exercise in futility and extra work 
for postmasters :)



--

Gary Bowling
The Moderns on Spotify 

- 
To unsubscribe, e-mail: qmailtoaster-list-unsubscr...@qmailtoaster.com 
For additional commands, e-mail: qmailtoaster-list-h...@qmailtoaster.com

[qmailtoaster] DKIM Verification Question

2020-06-02 Thread Gary Bowling 

  
  
What is everyone doing these days for DKIM verification, i.e.
  checking incoming mail for DKIM signatures?


Background
Many years ago, when DKIM was first introduced to the toaster
  (maybe it was even in the Shupp's toaster days), I installed and
  turned on incoming DKIM verification. Initially I set it to
  "reject" unsigned email and of course that was a disaster as it
  blocked most everything.


Back then, the choice was to have it verify emails, but not block
  them, or remove verification. I made the decision that checking
  without doing anything was a waste of resources, so I removed any
  DKIM verification. I don't remember how I did all this, as it was
  years ago.


Then at some point DKIM verification was added to spamassassin,
  or maybe it was always there but we didn't implement the plugin.
  At any rate, spamassassin DKIM verification was added to the
  toaster.


Which seems like a good thing as spamassassin can assign a score
  to DKIM verification which plays into whether a msg is marked as
  spam or not. The problem with it though, is the score for NOT
  being verified is very low, something like .01, which essentially
  does nothing. I can't find any "user" added parameter that would
  increase that score and don't really know if that's a good thing
  to try to do. If it were a good thing, I would think it would be a
  commonly used setting, which doesn't appear to be the case.


What to do in 2020?
So the question is, what to do about DKIM verification in 2020?
  From the way my server is configured it appears to be useless. But
  maybe that's because I don't know how to best configure it.


Side Note
On a side note, I do use outbound DKIM and have DNS set up, etc.
  I have no idea if this is useful or not, but I'll leave it, hoping
  that somehow this reduces my probability of being rejected by some
  server out there. But from what I can tell, it really does
  nothing. Seems to me DKIM is nothing more than an exercise in
  futility and extra work for postmasters :)



-- 
  
  Gary Bowling
   The
Moderns on Spotify 
  

  


-
To unsubscribe, e-mail: qmailtoaster-list-unsubscr...@qmailtoaster.com
For additional commands, e-mail: qmailtoaster-list-h...@qmailtoaster.com

Re: [qmailtoaster] DKIM problem.

2020-03-18 Thread Eric Broch 
I believe it is the way in which the mail client formats the header. 
I've not been able to figure it out although I haven't put much time 
into it.


On 3/18/2020 10:12 AM, Erald (nnservices) wrote:
Actually I did.. Tested it again with webmail and this is working. Is 
there any way to get this working correctly with apple mail? Are there 
any other mail programs which do not work (I know about round cube text)


Thank you

On Mar 17, 2020, at 9:28 AM, Remo Mattei > wrote:


Hello if you are using Apple Mail it will fail.

Remo

On Mar 17, 2020, at 09:08, Erald Non > wrote:


I used both tests test one gave me back Result: fail 
(signature doesn't verify)

Checking the dkim key it was using the right one
Test two gave me Key ok




Sent from my iPad

On Mar 17, 2020, at 8:16 AM, Eric Broch > wrote:




What methods did you use to test that domain. There are 2 on the 
link http://www.qmailtoaster.com/dkim.html


1) In order to test your settings, simply send an email 
to:check-a...@verifier.port25.com  and/orcheck-au...@verifier.port25.com
with the suject of "test" (without the quotes) and "Just testing" in the 
body (also without quotes). It is best but not required
to have a subject and body because this service will also show you how 
spamassassin rated your email. If you have a GMAIL or Yahoo
email account sending to either or both accounts DKIM signatures could be 
verified.
Click to test  
2) To test your DKIM signature wiith OpenDKIM's 'opendkim-testkey' utility 
install opendkim and run the utility:
a) # yum install epel-release opendkim
b) # opendkim-testkey - -dotherdomain.com     
-k /var/qmail/control/dkim/otherdomain.com.key -s dkim1

   opendkim-testkey: using default configfile /etc/opendkim.conf 
opendkim-testkey: /var/qmail/control/dkim/otherdomain.com.key: 
WARNING: unsafe permissions opendkim-testkey: key loaded from 
/var/qmail/control/dkim/otherdomain.com.key opendkim-testkey: 
checking key 'dkim1._domainkey.otherdomain.com 
' opendkim-testkey: key OK



On 3/17/2020 9:04 AM, Erald Non wrote:
Ok that is clear thank you but remains the problem that the dkim 
for a specific domain is not working. See my original posting what 
am I missing


Sent from my iPad


On Mar 16, 2020, at 11:04 PM, ebr...@whitehorsetc.com wrote:


DKIM is the successor to domainkeys (DK).

Have a look here for an explanation: 
https://stackoverflow.com/questions/5580136/differences-between-domainkeys-vs-dkim/5668081#5668081


There are other ways of testing besides yahoo. Look in the notes 
on the qmailtoaster.com  DKIM link.


Get Outlook for Android 




On Mon, Mar 16, 2020 at 11:25 PM -0600, "Erald Non" 
mailto:er...@nn-services.com>> wrote:


Ok can I use domain keys with dkim? Am confused about the two.
Yes I do have the dkim keys in the dns and as said the global works but 
since I have a lot of domains yahoo is sometimes not accepting due to domain 
mismatch so wanted to setup the keys per domain but there a
I always get the fail signature doesn’t verify
I did setup the dns with the new key

Sent from my iPad

> On Mar 16, 2020, at 8:13 PM, Eric Broch wrote: > > The DK* settings in 
tcp.smtp are for domainkeys
which is different than domain keys identified mail (dkim). >
> If you don't use domainkeys you can remove DKSIGN and
DKVERIFY from tcp.smtp and rebuild. > > Also, do you have
your DKIM key set up in your DNS settings? >  On
3/16/2020 5:09 PM, Erald (nnservices) wrote: >> I have
followed the instructions on the page
http://www.qmailtoaster.net/dkim.html >> The global domain
keys are working but when I add an domain key for one of my
domains it indicates me a fail (signature doesn't verify)
when testing. The key is there but seems it cannot verify. >>
My config >> >> >> >> >> >> >> >> >> >> >> Am confused about
the smtp.tcp and think something is wrong there >>
127.:allow,RELAYCLIENT="",DKSIGN="/var/qmail/control/domainkeys/%/private"
>>

:allow,BADMIMETYPE="",BADLOADERTYPE="M",CHKUSER_RCPTLIMIT="50",CHKUSER_WRONGRCPTLIMIT="10",NOP0FCHECK="1",QMAILQUEUE="/var/qmail/bin/simscan",DKQUEUE="/var/qmail/bin/qmail-queue.orig",DKVERIFY="DEGIJKfh",DKSIGN="/var/qmail/control/domainkeys/%/private"
>> This because I have an old
/var/qmail/control/domainkeys/%/ directory but not for the
domain I am trying to get working. >> What am I missing > >
-
> To unsubscribe, e-mail:
qmailtoaster-list-unsubscr...@qmailtoaster.com > For
additional commands, e-mail:
qmailtoaster-list-h...@qmailtoaster.com
-
To unsubscribe, e-mail:

Re: [qmailtoaster] DKIM problem.

2020-03-18 Thread Erald (nnservices) 
Actually I did.. Tested it again with webmail and this is working. Is there any 
way to get this working correctly with apple mail? Are there any other mail 
programs which do not work (I know about round cube text)

Thank you

> On Mar 17, 2020, at 9:28 AM, Remo Mattei  wrote:
> 
> Hello if you are using Apple Mail it will fail.
> 
> Remo
> 
>> On Mar 17, 2020, at 09:08, Erald Non > > wrote:
>> 
>> I used both tests test one gave me back Result: fail (signature 
>> doesn't verify)
>> Checking the dkim key it was using the right one
>> Test two gave me Key ok
>> 
>> 
>> 
>> 
>> Sent from my iPad
>> 
>>> On Mar 17, 2020, at 8:16 AM, Eric Broch >> > wrote:
>>> 
>>> 
>>> What methods did you use to test that domain. There are 2 on the link 
>>> http://www.qmailtoaster.com/dkim.html 
>>> 
>>> 1) In order to test your settings, simply send an email to: 
>>> check-a...@verifier.port25.com  
>>> and/or check-au...@verifier.port25.com 
>>> 
>>>with the suject of "test" (without the quotes) and "Just testing" in the 
>>> body (also without quotes). It is best but not required
>>>to have a subject and body because this service will also show you how 
>>> spamassassin rated your email. If you have a GMAIL or Yahoo
>>>email account sending to either or both accounts DKIM signatures could 
>>> be verified.
>>>Click to test >> check-a...@verifier.port25.com?subject=test=Just%20testing>
>>> 2) To test your DKIM signature wiith OpenDKIM's 'opendkim-testkey' utility 
>>> install opendkim and run the utility:
>>>a) # yum install epel-release opendkim
>>>b) # opendkim-testkey - -d otherdomain.com  
>>>  -k /var/qmail/control/dkim/otherdomain.com.key -s dkim1
>>> 
>>>   opendkim-testkey: using default configfile /etc/opendkim.conf
>>>   opendkim-testkey: /var/qmail/control/dkim/otherdomain.com.key: 
>>> WARNING: unsafe permissions
>>>   opendkim-testkey: key loaded from 
>>> /var/qmail/control/dkim/otherdomain.com.key
>>>   opendkim-testkey: checking key 'dkim1._domainkey.otherdomain.com 
>>> '
>>>   opendkim-testkey: key OK
>>> 
>>> 
>>> On 3/17/2020 9:04 AM, Erald Non wrote:
 Ok that is clear thank you but remains the problem that the dkim for a 
 specific domain is not working. See my original posting what am I missing
 
 Sent from my iPad
 
> On Mar 16, 2020, at 11:04 PM, ebr...@whitehorsetc.com 
>  wrote:
> 
> 
> DKIM is the successor to domainkeys (DK). 
> 
> Have a look here for an explanation: 
> https://stackoverflow.com/questions/5580136/differences-between-domainkeys-vs-dkim/5668081#5668081
>  
> 
> 
> There are other ways of testing besides yahoo. Look in the notes on the 
> qmailtoaster.com  DKIM link. 
> 
> Get Outlook for Android 
> 
> 
> 
> On Mon, Mar 16, 2020 at 11:25 PM -0600, "Erald Non" 
> mailto:er...@nn-services.com>> wrote:
> 
> Ok can I use domain keys with dkim? Am confused about the two.
> Yes I do have the dkim keys in the dns and as said the global works but 
> since I have a lot of domains yahoo is sometimes not accepting due to 
> domain mismatch so wanted to setup the keys per domain but there a
> I always get the fail signature doesn’t verify
> I did setup the dns with the new key 
> 
> Sent from my iPad
> 
> > On Mar 16, 2020, at 8:13 PM, Eric Broch  wrote:
> > 
> > The DK* settings in tcp.smtp are for domainkeys which is different 
> > than domain keys identified mail (dkim).
> > 
> > If you don't use domainkeys you can remove DKSIGN and DKVERIFY from 
> > tcp.smtp and rebuild.
> > 
> > Also, do you have your DKIM key set up in your DNS settings?
> > 
>  On 3/16/2020 5:09 PM, Erald (nnservices) wrote:
> >> I have followed the instructions on the page 
> >> http://www.qmailtoaster.net/dkim.html 
> >> 
> >> The global domain keys are working but when I add an domain key for 
> >> one of my domains it indicates me a fail  (signature doesn't verify) 
> >> when testing. The key is there but seems it cannot verify.
> >> My config
> >> 
> >> 
> >> 
> >>   
> >> 
> >> 
> >>   
> >>   
> >> 
> >> 
> >> Am confused about the smtp.tcp and think something is wrong there
> >> 127.:allow,RELAYCLIENT="",DKSIGN="/var/qmail/control/domainkeys/%/private"
> >>

Re: [qmailtoaster] DKIM problem.

2020-03-17 Thread Remo Mattei 
Hello if you are using Apple Mail it will fail.

Remo

> On Mar 17, 2020, at 09:08, Erald Non  wrote:
> 
> I used both tests test one gave me back Result: fail (signature 
> doesn't verify)
> Checking the dkim key it was using the right one
> Test two gave me Key ok
> 
> 
> 
> 
> Sent from my iPad
> 
>> On Mar 17, 2020, at 8:16 AM, Eric Broch  wrote:
>> 
>> 
>> What methods did you use to test that domain. There are 2 on the link 
>> http://www.qmailtoaster.com/dkim.html 
>> 1) In order to test your settings, simply send an email to: 
>> check-a...@verifier.port25.com  
>> and/or check-au...@verifier.port25.com 
>> 
>>with the suject of "test" (without the quotes) and "Just testing" in the 
>> body (also without quotes). It is best but not required
>>to have a subject and body because this service will also show you how 
>> spamassassin rated your email. If you have a GMAIL or Yahoo
>>email account sending to either or both accounts DKIM signatures could be 
>> verified.
>>Click to test > check-a...@verifier.port25.com?subject=test=Just%20testing>
>> 2) To test your DKIM signature wiith OpenDKIM's 'opendkim-testkey' utility 
>> install opendkim and run the utility:
>>a) # yum install epel-release opendkim
>>b) # opendkim-testkey - -d otherdomain.com  -k 
>> /var/qmail/control/dkim/otherdomain.com.key -s dkim1
>> 
>>   opendkim-testkey: using default configfile /etc/opendkim.conf
>>   opendkim-testkey: /var/qmail/control/dkim/otherdomain.com.key: 
>> WARNING: unsafe permissions
>>   opendkim-testkey: key loaded from 
>> /var/qmail/control/dkim/otherdomain.com.key
>>   opendkim-testkey: checking key 'dkim1._domainkey.otherdomain.com'
>>   opendkim-testkey: key OK
>> 
>> 
>> On 3/17/2020 9:04 AM, Erald Non wrote:
>>> Ok that is clear thank you but remains the problem that the dkim for a 
>>> specific domain is not working. See my original posting what am I missing
>>> 
>>> Sent from my iPad
>>> 
 On Mar 16, 2020, at 11:04 PM, ebr...@whitehorsetc.com 
  wrote:
 
 
 DKIM is the successor to domainkeys (DK). 
 
 Have a look here for an explanation: 
 https://stackoverflow.com/questions/5580136/differences-between-domainkeys-vs-dkim/5668081#5668081
  
 
 
 There are other ways of testing besides yahoo. Look in the notes on the 
 qmailtoaster.com DKIM link. 
 
 Get Outlook for Android 
 
 
 
 On Mon, Mar 16, 2020 at 11:25 PM -0600, "Erald Non" >>> > wrote:
 
 Ok can I use domain keys with dkim? Am confused about the two.
 Yes I do have the dkim keys in the dns and as said the global works but 
 since I have a lot of domains yahoo is sometimes not accepting due to 
 domain mismatch so wanted to setup the keys per domain but there a
 I always get the fail signature doesn’t verify
 I did setup the dns with the new key 
 
 Sent from my iPad
 
 > On Mar 16, 2020, at 8:13 PM, Eric Broch  wrote:
 > 
 > The DK* settings in tcp.smtp are for domainkeys which is different than 
 > domain keys identified mail (dkim).
 > 
 > If you don't use domainkeys you can remove DKSIGN and DKVERIFY from 
 > tcp.smtp and rebuild.
 > 
 > Also, do you have your DKIM key set up in your DNS settings?
 > 
  On 3/16/2020 5:09 PM, Erald (nnservices) wrote:
 >> I have followed the instructions on the page 
 >> http://www.qmailtoaster.net/dkim.html 
 >> 
 >> The global domain keys are working but when I add an domain key for one 
 >> of my domains it indicates me a fail  (signature doesn't verify) when 
 >> testing. The key is there but seems it cannot verify.
 >> My config
 >> 
 >> 
 >> 
 >>   
 >> 
 >> 
 >>   
 >>   
 >> 
 >> 
 >> Am confused about the smtp.tcp and think something is wrong there
 >> 127.:allow,RELAYCLIENT="",DKSIGN="/var/qmail/control/domainkeys/%/private"
 >> :allow,BADMIMETYPE="",BADLOADERTYPE="M",CHKUSER_RCPTLIMIT="50",CHKUSER_WRONGRCPTLIMIT="10",NOP0FCHECK="1",QMAILQUEUE="/var/qmail/bin/simscan",DKQUEUE="/var/qmail/bin/qmail-queue.orig",DKVERIFY="DEGIJKfh",DKSIGN="/var/qmail/control/domainkeys/%/private"
 >> This because I have an old /var/qmail/control/domainkeys/%/ directory 
 >> but not for the domain I am trying to get working.
 >> What am I missing
 > 
 > -
 > To unsubscribe, e-mail: qmailtoaster-list-unsubscr...@qmailtoaster.com 
 >

Re: [qmailtoaster] DKIM problem.

2020-03-17 Thread Erald Non 
I used both tests test one gave me back Result: fail (signature doesn't 
verify)
Checking the dkim key it was using the right one
Test two gave me Key ok




Sent from my iPad

> On Mar 17, 2020, at 8:16 AM, Eric Broch  wrote:
> 
> 
> What methods did you use to test that domain. There are 2 on the link 
> http://www.qmailtoaster.com/dkim.html
> 
> 1) In order to test your settings, simply send an email to: 
> check-a...@verifier.port25.com and/or check-au...@verifier.port25.com
>with the suject of "test" (without the quotes) and "Just testing" in the 
> body (also without quotes). It is best but not required
>to have a subject and body because this service will also show you how 
> spamassassin rated your email. If you have a GMAIL or Yahoo
>email account sending to either or both accounts DKIM signatures could be 
> verified.
>Click to test
> 2) To test your DKIM signature wiith OpenDKIM's 'opendkim-testkey' utility 
> install opendkim and run the utility:
>a) # yum install epel-release opendkim
>b) # opendkim-testkey - -d otherdomain.com  -k 
> /var/qmail/control/dkim/otherdomain.com.key -s dkim1
> 
>   opendkim-testkey: using default configfile /etc/opendkim.conf
>   opendkim-testkey: /var/qmail/control/dkim/otherdomain.com.key: WARNING: 
> unsafe permissions
>   opendkim-testkey: key loaded from 
> /var/qmail/control/dkim/otherdomain.com.key
>   opendkim-testkey: checking key 'dkim1._domainkey.otherdomain.com'
>   opendkim-testkey: key OK
> 
> 
>> On 3/17/2020 9:04 AM, Erald Non wrote:
>> Ok that is clear thank you but remains the problem that the dkim for a 
>> specific domain is not working. See my original posting what am I missing
>> 
>> Sent from my iPad
>> 
>>> On Mar 16, 2020, at 11:04 PM, ebr...@whitehorsetc.com wrote:
>>> 
>>> 
>>> DKIM is the successor to domainkeys (DK). 
>>> 
>>> Have a look here for an explanation: 
>>> https://stackoverflow.com/questions/5580136/differences-between-domainkeys-vs-dkim/5668081#5668081
>>> 
>>> There are other ways of testing besides yahoo. Look in the notes on the 
>>> qmailtoaster.com DKIM link. 
>>> 
>>> Get Outlook for Android
>>> 
>>> 
>>> 
>>> 
>>> On Mon, Mar 16, 2020 at 11:25 PM -0600, "Erald Non"  
>>> wrote:
>>> 
 Ok can I use domain keys with dkim? Am confused about the two.
 Yes I do have the dkim keys in the dns and as said the global works but 
 since I have a lot of domains yahoo is sometimes not accepting due to 
 domain mismatch so wanted to setup the keys per domain but there a
 I always get the fail signature doesn’t verify
 I did setup the dns with the new key 
 
 Sent from my iPad
 
 > On Mar 16, 2020, at 8:13 PM, Eric Broch  wrote:
 > 
 > The DK* settings in tcp.smtp are for domainkeys which is different than 
 > domain keys identified mail (dkim).
 > 
 > If you don't use domainkeys you can remove DKSIGN and DKVERIFY from 
 > tcp.smtp and rebuild.
 > 
 > Also, do you have your DKIM key set up in your DNS settings?
 > 
  On 3/16/2020 5:09 PM, Erald (nnservices) wrote:
 >> I have followed the instructions on the page 
 >> http://www.qmailtoaster.net/dkim.html
 >> The global domain keys are working but when I add an domain key for one 
 >> of my domains it indicates me a fail  (signature doesn't verify) when 
 >> testing. The key is there but seems it cannot verify.
 >> My config
 >> 
 >> 
 >> 
 >>   
 >> 
 >> 
 >>   
 >>   
 >> 
 >> 
 >> Am confused about the smtp.tcp and think something is wrong there
 >> 127.:allow,RELAYCLIENT="",DKSIGN="/var/qmail/control/domainkeys/%/private"
 >> :allow,BADMIMETYPE="",BADLOADERTYPE="M",CHKUSER_RCPTLIMIT="50",CHKUSER_WRONGRCPTLIMIT="10",NOP0FCHECK="1",QMAILQUEUE="/var/qmail/bin/simscan",DKQUEUE="/var/qmail/bin/qmail-queue.orig",DKVERIFY="DEGIJKfh",DKSIGN="/var/qmail/control/domainkeys/%/private"
 >> This because I have an old /var/qmail/control/domainkeys/%/ directory 
 >> but not for the domain I am trying to get working.
 >> What am I missing
 > 
 > -
 > To unsubscribe, e-mail: qmailtoaster-list-unsubscr...@qmailtoaster.com
 > For additional commands, e-mail: qmailtoaster-list-h...@qmailtoaster.com
 
 
 -
 To unsubscribe, e-mail: qmailtoaster-list-unsubscr...@qmailtoaster.com
 For additional commands, e-mail: qmailtoaster-list-h...@qmailtoaster.com

Re: [qmailtoaster] DKIM problem.

2020-03-17 Thread Eric Broch 
What methods did you use to test that domain. There are 2 on the link 
http://www.qmailtoaster.com/dkim.html


1) In order to test your settings, simply send an email to: 
check-a...@verifier.port25.com and/or check-au...@verifier.port25.com
   with the suject of "test" (without the quotes) and "Just testing" in the 
body (also without quotes). It is best but not required
   to have a subject and body because this service will also show you how 
spamassassin rated your email. If you have a GMAIL or Yahoo
   email account sending to either or both accounts DKIM signatures could be 
verified.
   Click to test  
2) To test your DKIM signature wiith OpenDKIM's 'opendkim-testkey' utility 
install opendkim and run the utility:
   a) # yum install epel-release opendkim
   b) # opendkim-testkey - -d otherdomain.com  -k 
/var/qmail/control/dkim/otherdomain.com.key -s dkim1

  opendkim-testkey: using default configfile /etc/opendkim.conf 
opendkim-testkey: /var/qmail/control/dkim/otherdomain.com.key: WARNING: 
unsafe permissions opendkim-testkey: key loaded from 
/var/qmail/control/dkim/otherdomain.com.key opendkim-testkey: checking 
key 'dkim1._domainkey.otherdomain.com' opendkim-testkey: key OK



On 3/17/2020 9:04 AM, Erald Non wrote:
Ok that is clear thank you but remains the problem that the dkim for a 
specific domain is not working. See my original posting what am I missing


Sent from my iPad


On Mar 16, 2020, at 11:04 PM, ebr...@whitehorsetc.com wrote:


DKIM is the successor to domainkeys (DK).

Have a look here for an explanation: 
https://stackoverflow.com/questions/5580136/differences-between-domainkeys-vs-dkim/5668081#5668081


There are other ways of testing besides yahoo. Look in the notes on 
the qmailtoaster.com DKIM link.


Get Outlook for Android 




On Mon, Mar 16, 2020 at 11:25 PM -0600, "Erald Non" 
mailto:er...@nn-services.com>> wrote:


Ok can I use domain keys with dkim? Am confused about the two.
Yes I do have the dkim keys in the dns and as said the global works but 
since I have a lot of domains yahoo is sometimes not accepting due to domain 
mismatch so wanted to setup the keys per domain but there a
I always get the fail signature doesn’t verify
I did setup the dns with the new key

Sent from my iPad

> On Mar 16, 2020, at 8:13 PM, Eric Broch wrote: > > The DK* settings in 
tcp.smtp are for domainkeys which
is different than domain keys identified mail (dkim). > > If you
don't use domainkeys you can remove DKSIGN and DKVERIFY from
tcp.smtp and rebuild. > > Also, do you have your DKIM key set up
in your DNS settings? >  On 3/16/2020 5:09 PM, Erald
(nnservices) wrote: >> I have followed the instructions on the
page http://www.qmailtoaster.net/dkim.html >> The global domain
keys are working but when I add an domain key for one of my
domains it indicates me a fail (signature doesn't verify) when
testing. The key is there but seems it cannot verify. >> My
config >> >> >> >> >> >> >> >> >> >> >> Am confused about the
smtp.tcp and think something is wrong there >>
127.:allow,RELAYCLIENT="",DKSIGN="/var/qmail/control/domainkeys/%/private"
>>

:allow,BADMIMETYPE="",BADLOADERTYPE="M",CHKUSER_RCPTLIMIT="50",CHKUSER_WRONGRCPTLIMIT="10",NOP0FCHECK="1",QMAILQUEUE="/var/qmail/bin/simscan",DKQUEUE="/var/qmail/bin/qmail-queue.orig",DKVERIFY="DEGIJKfh",DKSIGN="/var/qmail/control/domainkeys/%/private"
>> This because I have an old /var/qmail/control/domainkeys/%/
directory but not for the domain I am trying to get working. >>
What am I missing > >
-
> To unsubscribe, e-mail:
qmailtoaster-list-unsubscr...@qmailtoaster.com > For additional
commands, e-mail: qmailtoaster-list-h...@qmailtoaster.com
-
To unsubscribe, e-mail:
qmailtoaster-list-unsubscr...@qmailtoaster.com For additional
commands, e-mail: qmailtoaster-list-h...@qmailtoaster.com

Re: [qmailtoaster] DKIM problem.

2020-03-17 Thread Erald Non 
Ok that is clear thank you but remains the problem that the dkim for a specific 
domain is not working. See my original posting what am I missing

Sent from my iPad

> On Mar 16, 2020, at 11:04 PM, ebr...@whitehorsetc.com wrote:
> 
> 
> DKIM is the successor to domainkeys (DK). 
> 
> Have a look here for an explanation: 
> https://stackoverflow.com/questions/5580136/differences-between-domainkeys-vs-dkim/5668081#5668081
> 
> There are other ways of testing besides yahoo. Look in the notes on the 
> qmailtoaster.com DKIM link. 
> 
> Get Outlook for Android
> 
> 
> 
> 
>> On Mon, Mar 16, 2020 at 11:25 PM -0600, "Erald Non"  
>> wrote:
>> 
>> Ok can I use domain keys with dkim? Am confused about the two.
>> Yes I do have the dkim keys in the dns and as said the global works but 
>> since I have a lot of domains yahoo is sometimes not accepting due to domain 
>> mismatch so wanted to setup the keys per domain but there a
>> I always get the fail signature doesn’t verify
>> I did setup the dns with the new key 
>> 
>> Sent from my iPad
>> 
>> > On Mar 16, 2020, at 8:13 PM, Eric Broch  wrote:
>> > 
>> > The DK* settings in tcp.smtp are for domainkeys which is different than 
>> > domain keys identified mail (dkim).
>> > 
>> > If you don't use domainkeys you can remove DKSIGN and DKVERIFY from 
>> > tcp.smtp and rebuild.
>> > 
>> > Also, do you have your DKIM key set up in your DNS settings?
>> > 
>>  On 3/16/2020 5:09 PM, Erald (nnservices) wrote:
>> >> I have followed the instructions on the page 
>> >> http://www.qmailtoaster.net/dkim.html
>> >> The global domain keys are working but when I add an domain key for one 
>> >> of my domains it indicates me a fail  (signature doesn't verify) when 
>> >> testing. The key is there but seems it cannot verify.
>> >> My config
>> >> 
>> >> 
>> >> 
>> >>   
>> >> 
>> >> 
>> >>   
>> >>   
>> >> 
>> >> 
>> >> Am confused about the smtp.tcp and think something is wrong there
>> >> 127.:allow,RELAYCLIENT="",DKSIGN="/var/qmail/control/domainkeys/%/private"
>> >> :allow,BADMIMETYPE="",BADLOADERTYPE="M",CHKUSER_RCPTLIMIT="50",CHKUSER_WRONGRCPTLIMIT="10",NOP0FCHECK="1",QMAILQUEUE="/var/qmail/bin/simscan",DKQUEUE="/var/qmail/bin/qmail-queue.orig",DKVERIFY="DEGIJKfh",DKSIGN="/var/qmail/control/domainkeys/%/private"
>> >> This because I have an old /var/qmail/control/domainkeys/%/ directory but 
>> >> not for the domain I am trying to get working.
>> >> What am I missing
>> > 
>> > -
>> > To unsubscribe, e-mail: qmailtoaster-list-unsubscr...@qmailtoaster.com
>> > For additional commands, e-mail: qmailtoaster-list-h...@qmailtoaster.com
>> 
>> 
>> -
>> To unsubscribe, e-mail: qmailtoaster-list-unsubscr...@qmailtoaster.com
>> For additional commands, e-mail: qmailtoaster-list-h...@qmailtoaster.com
>>

Re: [qmailtoaster] DKIM problem.

2020-03-17 Thread Eric"s mail 
DKIM is the successor to domainkeys (DK). 




Have a look here for an explanation: 
https://stackoverflow.com/questions/5580136/differences-between-domainkeys-vs-dkim/5668081#5668081




There are other ways of testing besides yahoo. Look in the notes on the 
qmailtoaster.com DKIM link. 




Get Outlook for Android







On Mon, Mar 16, 2020 at 11:25 PM -0600, "Erald Non"  
wrote:










Ok can I use domain keys with dkim? Am confused about the two.
Yes I do have the dkim keys in the dns and as said the global works but since I 
have a lot of domains yahoo is sometimes not accepting due to domain mismatch 
so wanted to setup the keys per domain but there a
I always get the fail signature doesn’t verify
I did setup the dns with the new key 

Sent from my iPad

> On Mar 16, 2020, at 8:13 PM, Eric Broch  wrote:
> 
> The DK* settings in tcp.smtp are for domainkeys which is different than 
> domain keys identified mail (dkim).
> 
> If you don't use domainkeys you can remove DKSIGN and DKVERIFY from tcp.smtp 
> and rebuild.
> 
> Also, do you have your DKIM key set up in your DNS settings?
> 
 On 3/16/2020 5:09 PM, Erald (nnservices) wrote:
>> I have followed the instructions on the page 
>> http://www.qmailtoaster.net/dkim.html
>> The global domain keys are working but when I add an domain key for one of 
>> my domains it indicates me a fail  (signature doesn't verify) when testing. 
>> The key is there but seems it cannot verify.
>> My config
>> 
>> 
>> 
>>   
>> 
>> 
>>   
>>   
>> 
>> 
>> Am confused about the smtp.tcp and think something is wrong there
>> 127.:allow,RELAYCLIENT="",DKSIGN="/var/qmail/control/domainkeys/%/private"
>> :allow,BADMIMETYPE="",BADLOADERTYPE="M",CHKUSER_RCPTLIMIT="50",CHKUSER_WRONGRCPTLIMIT="10",NOP0FCHECK="1",QMAILQUEUE="/var/qmail/bin/simscan",DKQUEUE="/var/qmail/bin/qmail-queue.orig",DKVERIFY="DEGIJKfh",DKSIGN="/var/qmail/control/domainkeys/%/private"
>> This because I have an old /var/qmail/control/domainkeys/%/ directory but 
>> not for the domain I am trying to get working.
>> What am I missing
> 
> -
> To unsubscribe, e-mail: qmailtoaster-list-unsubscr...@qmailtoaster.com
> For additional commands, e-mail: qmailtoaster-list-h...@qmailtoaster.com


-
To unsubscribe, e-mail: qmailtoaster-list-unsubscr...@qmailtoaster.com
For additional commands, e-mail: qmailtoaster-list-h...@qmailtoaster.com

Re: [qmailtoaster] DKIM problem.

2020-03-16 Thread Erald Non 
Ok can I use domain keys with dkim? Am confused about the two.
Yes I do have the dkim keys in the dns and as said the global works but since I 
have a lot of domains yahoo is sometimes not accepting due to domain mismatch 
so wanted to setup the keys per domain but there a
I always get the fail signature doesn’t verify
I did setup the dns with the new key 

Sent from my iPad

> On Mar 16, 2020, at 8:13 PM, Eric Broch  wrote:
> 
> The DK* settings in tcp.smtp are for domainkeys which is different than 
> domain keys identified mail (dkim).
> 
> If you don't use domainkeys you can remove DKSIGN and DKVERIFY from tcp.smtp 
> and rebuild.
> 
> Also, do you have your DKIM key set up in your DNS settings?
> 
 On 3/16/2020 5:09 PM, Erald (nnservices) wrote:
>> I have followed the instructions on the page 
>> http://www.qmailtoaster.net/dkim.html
>> The global domain keys are working but when I add an domain key for one of 
>> my domains it indicates me a fail  (signature doesn't verify) when testing. 
>> The key is there but seems it cannot verify.
>> My config
>> 
>> 
>> > keyfile="/var/qmail/control/dkim/global.key" method="simple" 
>> selector="dkim1">
>>   
>> 
>> > selector="dkim1">
>>   
>>   
>> 
>> 
>> Am confused about the smtp.tcp and think something is wrong there
>> 127.:allow,RELAYCLIENT="",DKSIGN="/var/qmail/control/domainkeys/%/private"
>> :allow,BADMIMETYPE="",BADLOADERTYPE="M",CHKUSER_RCPTLIMIT="50",CHKUSER_WRONGRCPTLIMIT="10",NOP0FCHECK="1",QMAILQUEUE="/var/qmail/bin/simscan",DKQUEUE="/var/qmail/bin/qmail-queue.orig",DKVERIFY="DEGIJKfh",DKSIGN="/var/qmail/control/domainkeys/%/private"
>> This because I have an old /var/qmail/control/domainkeys/%/ directory but 
>> not for the domain I am trying to get working.
>> What am I missing
> 
> -
> To unsubscribe, e-mail: qmailtoaster-list-unsubscr...@qmailtoaster.com
> For additional commands, e-mail: qmailtoaster-list-h...@qmailtoaster.com


-
To unsubscribe, e-mail: qmailtoaster-list-unsubscr...@qmailtoaster.com
For additional commands, e-mail: qmailtoaster-list-h...@qmailtoaster.com

Re: [qmailtoaster] DKIM problem.

2020-03-16 Thread Eric Broch 
The DK* settings in tcp.smtp are for domainkeys which is different than 
domain keys identified mail (dkim).


If you don't use domainkeys you can remove DKSIGN and DKVERIFY from 
tcp.smtp and rebuild.


Also, do you have your DKIM key set up in your DNS settings?

On 3/16/2020 5:09 PM, Erald (nnservices) wrote:
I have followed the instructions on the page 
http://www.qmailtoaster.net/dkim.html
The global domain keys are working but when I add an domain key for 
one of my domains it indicates me a fail  (signature doesn't verify) 
when testing. The key is there but seems it cannot verify.


My config
 
  
  keyfile="/var/qmail/control/dkim/global.key" method="simple" 
selector="dkim1">

    
  
  selector="dkim1">

    
    
  


Am confused about the smtp.tcp and think something is wrong there
127.:allow,RELAYCLIENT="",DKSIGN="/var/qmail/control/domainkeys/%/private"
:allow,BADMIMETYPE="",BADLOADERTYPE="M",CHKUSER_RCPTLIMIT="50",CHKUSER_WRONGRCPTLIMIT="10",NOP0FCHECK="1",QMAILQUEUE="/var/qmail/bin/simscan",DKQUEUE="/var/qmail/bin/qmail-queue.orig",DKVERIFY="DEGIJKfh",DKSIGN="/var/qmail/control/domainkeys/%/private"

This because I have an old /var/qmail/control/domainkeys/%/ directory 
but not for the domain I am trying to get working.


What am I missing



-
To unsubscribe, e-mail: qmailtoaster-list-unsubscr...@qmailtoaster.com
For additional commands, e-mail: qmailtoaster-list-h...@qmailtoaster.com

[qmailtoaster] DKIM problem.

2020-03-16 Thread Erald (nnservices) 
I have followed the instructions on the page 
http://www.qmailtoaster.net/dkim.html 
The global domain keys are working but when I add an domain key for one of my 
domains it indicates me a fail  (signature doesn't verify) when testing. The 
key is there but seems it cannot verify.

My config
 
  
  

  
  


  


Am confused about the smtp.tcp and think something is wrong there
127.:allow,RELAYCLIENT="",DKSIGN="/var/qmail/control/domainkeys/%/private"
:allow,BADMIMETYPE="",BADLOADERTYPE="M",CHKUSER_RCPTLIMIT="50",CHKUSER_WRONGRCPTLIMIT="10",NOP0FCHECK="1",QMAILQUEUE="/var/qmail/bin/simscan",DKQUEUE="/var/qmail/bin/qmail-queue.orig",DKVERIFY="DEGIJKfh",DKSIGN="/var/qmail/control/domainkeys/%/private"

This because I have an old /var/qmail/control/domainkeys/%/ directory but not 
for the domain I am trying to get working.

What am I missing

Re: [qmailtoaster] Dkim failed for bad signature

2020-03-04 Thread Jaime Lerner 
For your text record you need to have "v=DKIM1;" followed by the rest of
what you have for your key (k=rsa; etc)

So, you should have "v=DKIM1; k=rsa;
p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDbIxryNG17mGqSsZoc1b89dziWmhcXLixrBy
ZGkRIuJRAkLkzSjmYORixUNRp9JgXBKK4HTCq51iw4V3FljOXqV4sq2hHQnUO42bVQHP9QLxpLw9
qipYFLoYs7jyj/lGqDuCUUM5MUH2kzWXWPj/Gg4pNlycMCZmdvq88s0YPbQQIDAQAB;"

Add that and test again. :)

From:  Tahnan Al Anas 
Reply-To:  
Date:  Wednesday, March 4, 2020 at 1:33 AM
To:  Eric Broch ,

Subject:  [qmailtoaster] Dkim failed for bad signature

Dear Eric,

Please check below issue as goggle find dkim settings as bad signature

DKIM-Signature: v=1; a=rsa-sha1; c=simple; d=agranidoer.com
<http://agranidoer.com> ; h=
mime-version:content-type:content-transfer-encoding:date:from:to
:subject:message-id; s=dkim1; bh=tWYREcvKIIojGl0dYjSIeVwhexo=; b=
JdpDEUaLDyZ8MZlEJTfeoT7MNOE04L3kQG7SA8mbwh6e7+UOJYpq4Q3r9opTCMyn
BYiV2GdMnjOwXks8/q1qvzeuGshQTDZbg0DH4ozK3KIaHOwl9tgOQfJWBr6+gPt7
ztzsswTNSsJeopgzsSRpqknnA9i2NPxeIes1RTs00qc=
Signed-by: 52555...@agranidoer.com
Expected-Body-Hash: tWYREcvKIIojGl0dYjSIeVwhexo=
Public-Key: k=rsa; 
p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDbIxryNG17mGqSsZoc1b89dziWmhcXLixrBy
ZGkRIuJRAkLkzSjmYORixUNRp9JgXBKK4HTCq51iw4V3FljOXqV4sq2hHQnUO42bVQHP9QLxpLw9
qipYFLoYs7jyj/lGqDuCUUM5MUH2kzWXWPj/Gg4pNlycMCZmdvq88s0YPbQQIDAQAB;

DKIM-Result: fail (bad signature)
DMARC: pass
DomainKey: pass
PTR: ExistsRecord
RBL: NotListed
Download Report <https://www.appmaildev.com/en/dkim#>



--
--

Best Regards
Muhammad Tahnan Al Anas

[qmailtoaster] Dkim failed for bad signature

2020-03-03 Thread Tahnan Al Anas 
Dear Eric,

Please check below issue as goggle find dkim settings as bad signature

DKIM-Signature: v=1; a=rsa-sha1; c=simple; d=agranidoer.com; h=
mime-version:content-type:content-transfer-encoding:date:from:to
:subject:message-id; s=dkim1; bh=tWYREcvKIIojGl0dYjSIeVwhexo=; b=
JdpDEUaLDyZ8MZlEJTfeoT7MNOE04L3kQG7SA8mbwh6e7+UOJYpq4Q3r9opTCMyn
BYiV2GdMnjOwXks8/q1qvzeuGshQTDZbg0DH4ozK3KIaHOwl9tgOQfJWBr6+gPt7
ztzsswTNSsJeopgzsSRpqknnA9i2NPxeIes1RTs00qc=
Signed-by: 52555...@agranidoer.com
Expected-Body-Hash: tWYREcvKIIojGl0dYjSIeVwhexo=
Public-Key: k=rsa;
p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDbIxryNG17mGqSsZoc1b89dziWmhcXLixrByZGkRIuJRAkLkzSjmYORixUNRp9JgXBKK4HTCq51iw4V3FljOXqV4sq2hHQnUO42bVQHP9QLxpLw9qipYFLoYs7jyj/lGqDuCUUM5MUH2kzWXWPj/Gg4pNlycMCZmdvq88s0YPbQQIDAQAB;

DKIM-Result: fail (bad signature)

DMARC: pass
DomainKey: pass
PTR: ExistsRecord
RBL: NotListed
Download Report 



--
--

Best Regards
Muhammad Tahnan Al Anas

Re: [qmailtoaster] DKIM not signed?

2019-12-16 Thread Jaime Lerner 
Thank you so much Eric! Appreciate your quick help!

It's showing it is signed with v=1 now...

DKIM-Signature: v=1; a=rsa-sha1; c=simple; d=geekgoddess.com; h=date
:subject:from:to:message-id:mime-version:content-type; s=dkim1;
 bh=9sA6PYXljO64Lmr7hUa3XFZHkFo=; b=Biqw0M5pY2ecwqjEtDykJHKvWtmk
VXejz9cQzUph59geqcPhcvnQIrAdSm91IbnJzNkz8E2e0/NTDYZVabuHQrirMoSc
QhB/X5MtE4Fr8JZ3N3tuerxS9dEf+yql1/5T9SAxFmiuBatUZRDuRmgUiwdL9aia
5FdNBkZtv3iCCgE=

And I tested by sending to port25.com:

This message is an automatic response from Port25's authentication verifier
service at verifier.port25.com.  The service allows email senders to perform
a simple check of various sender authentication mechanisms.  It is provided
free of charge, in the hope that it is useful to the email community.  While
it is not officially supported, we welcome any feedback you may have at
.

Thank you for using the verifier,

The Port25 Solutions, Inc. team

==
Summary of Results
==
SPF check:  pass
"iprev" check:  pass
DKIM check: pass
SpamAssassin check: ham


From:  Eric Broch 
Reply-To:  
Date:  Monday, December 16, 2019 at 1:33 PM
To:  
Subject:  Re: [qmailtoaster] DKIM not signed?


 

Observations on your system:
 

1) qmail-remote is a binary (should be a perl script)
 
 

2) qmail-remote is newer than qmail-remote.orig (qmail-remote.orig is not
being used at all)
 
 

3) qmail-remote with QMT DKIM setup should be a perl script and is not. I
can tell that qmail-remote is a binary by the size of the file
 

Save qmail-remote.orig to qmail-remote.orig.bak and go through the process I
outlined in the previous email.
 


 
 
On 12/16/2019 11:26 AM, Jaime Lerner wrote:
 
 
>   
> Sorry, it's there:
>  
> 
>  
>  
>  
> 
> -rws--x--x  1 qmailq qmail  27040 Apr 20  2017 qmail-queue.orig
>  
> 
> -rwx--x--x  1 root   qmail  56080 Apr 20  2017 qmail-remote
>  
> 
> -rwx--x--x  1 root   qmail  56080 Feb  6  2015 qmail-remote.orig
>  
>  
> 
>  
>  
> 
>  
>   
> From:  Eric Broch 
>  Reply-To:  
>  Date:  Monday, December 16, 2019 at 1:18 PM
>  To:  
>  Subject:  Re: [qmailtoaster] DKIM not signed?
>  
>  
> 
>  
>  
>   
>  
> 
> Jamie,
>  
> 
> From the looks of your setup I'd recommend the following procedure (In a
> directory other than /var/qmail/bin) :
>  
>  
> 1. # wget https://raw.githubusercontent.com/qmtoaster/dkim/master/qmail-remote
> 2. # qmailctl stop
> 3. # mv /var/qmail/bin/qmail-remote /var/qmail/bin/qmail-remote.orig
> 4. # mv qmail-remote /var/qmail/bin
> 5. # chmod 777 /var/qmail/bin/qmail-remote
> 6. # chown root:qmail /var/qmail/bin/qmail-remote
> 7. # qmailctl start
>  
> Eric
>  
> 
>  
>  
> On 12/16/2019 10:41 AM, Eric's mail wrote:
>  
>  
>>   
>> qmail-remote should be the perl script and the original remote renamed to
>> qmail-remote.orig
>>  
>>  
>>  
>>  
>> Eric's email, phone
>>  
>>  
>>  
>>  
>>  
>>  
>> On Mon, Dec 16, 2019 at 9:28 AM -0700, "Jaime Lerner"
>>  wrote:
>>  
>>  
>>>  
>>>  
>>>  
>>> 
>>> [root@mail bin]# ls -al
>>>  
>>> 
>>> total 1452
>>>  
>>> 
>>> drwxr-xr-x  2 root   qmail   4096 Dec 16 10:36 .
>>>  
>>> 
>>> drwxr-xr-x 12 root   qmail   4096 Apr  8  2019 ..
>>>  
>>> 
>>> -rwxr-xr-x  1 root   qmail  14480 Apr 20  2017 bouncesaying
>>>  
>>> 
>>> -rwxr-xr-x  1 root   qmail  31184 Apr 20  2017 condredirect
>>>  
>>> 
>>> -rwxr-xr-x  1 root   qmail   1087 Apr 20  2017 config-fast
>>>  
>>> 
>>> -rwxr-xr-x  1 root   qmail126 Apr 20  2017 datemail
>>>  
>>> 
>>> -rwxr-xr-x  1 root   qmail928 Apr 20  2017 dh_key
>>>  
>>> 
>>> -rwxr-xr-x  1 root   qmail114 Apr 20  2017 elq
>>>  
>>> 
>>> -rwxr-xr-x  1 root   qmail  14480 Apr 20  2017 except
>>>  
>>> 
>>> -rwxr-xr-x  1 root   qmail  31152 Apr 20  2017 forward
>>>  
>>> 
>>> -rwxr-xr-x  1 root   qmail  26824 Apr 20  2017 instcheck
>>>  
>>> 
>>> -rwxr-xr-x  1 root   qmail  26920 Apr 20  2017 maildir2mbox
>>>  
>>> 
>>> -rwxr-xr-x  1 root   qmail  14504 Apr 20  2017 maildirmake
>>>  
>>> 
>>> -rwxr-xr-x  1 root   qmail  22856 Apr 20  2017 maildirwatch
>>>  
>>> 
>>> -rwxr-xr-x  1 root   qmail179 Apr 20  2017 mailsubj
>>&g

Re: [qmailtoaster] DKIM not signed?

2019-12-16 Thread Eric Broch 

Observations on your system:

1) qmail-remote is a binary (should be a perl script)

2) qmail-remote is newer than qmail-remote.orig (qmail-remote.orig is 
not being used at all)


3) qmail-remote with QMT DKIM setup should be a perl script and is not. 
I can tell that qmail-remote is a binary by the size of the file


Save qmail-remote.orig to qmail-remote.orig.bak and go through the 
process I outlined in the previous email.



On 12/16/2019 11:26 AM, Jaime Lerner wrote:

Sorry, it's there:

-rws--x--x  1 qmailq qmail  27040 Apr 20  2017 qmail-queue.orig

-rwx--x--x  1 root   qmail  56080 Apr 20  2017 qmail-remote

-rwx--x--x  1 root   qmail  56080 Feb 6  2015 qmail-remote.orig



From: Eric Broch <mailto:ebr...@whitehorsetc.com>>
Reply-To: <mailto:qmailtoaster-list@qmailtoaster.com>>

Date: Monday, December 16, 2019 at 1:18 PM
To: <mailto:qmailtoaster-list@qmailtoaster.com>>

Subject: Re: [qmailtoaster] DKIM not signed?

Jamie,

From the looks of your setup I'd recommend the following procedure (In 
a directory other than /var/qmail/bin) :


 1. # wget
https://raw.githubusercontent.com/qmtoaster/dkim/master/qmail-remote
 2. # qmailctl stop
 3. # mv /var/qmail/bin/qmail-remote /var/qmail/bin/qmail-remote.orig
 4. # mv qmail-remote /var/qmail/bin
 5. # chmod 777 /var/qmail/bin/qmail-remote
 6. # chown root:qmail /var/qmail/bin/qmail-remote
 7. # qmailctl start

Eric

On 12/16/2019 10:41 AM, Eric's mail wrote:
qmail-remote should be the perl script and the original remote 
renamed to qmail-remote.orig


Eric's email, phone




On Mon, Dec 16, 2019 at 9:28 AM -0700, "Jaime Lerner" 
mailto:jaimeler...@geekgoddess.com>> wrote:


[root@mail bin]# ls -al

total 1452

drwxr-xr-x  2 root qmail   4096 Dec 16 10:36 .

drwxr-xr-x 12 root qmail   4096 Apr  8  2019 ..

-rwxr-xr-x  1 root qmail  14480 Apr 20  2017 bouncesaying

-rwxr-xr-x  1 root qmail  31184 Apr 20  2017 condredirect

-rwxr-xr-x  1 root qmail   1087 Apr 20  2017 config-fast

-rwxr-xr-x  1 root qmail    126 Apr 20  2017 datemail

-rwxr-xr-x  1 root qmail    928 Apr 20  2017 dh_key

-rwxr-xr-x  1 root qmail    114 Apr 20  2017 elq

-rwxr-xr-x  1 root qmail  14480 Apr 20  2017 except

-rwxr-xr-x  1 root qmail  31152 Apr 20  2017 forward

-rwxr-xr-x  1 root qmail  26824 Apr 20  2017 instcheck

-rwxr-xr-x  1 root qmail  26920 Apr 20  2017 maildir2mbox

-rwxr-xr-x  1 root qmail  14504 Apr 20  2017 maildirmake

-rwxr-xr-x  1 root qmail  22856 Apr 20  2017 maildirwatch

-rwxr-xr-x  1 root qmail    179 Apr 20  2017 mailsubj

-rwxr-xr-x  1 root qmail   8259 Apr 20  2017 makecert.sh

-rwxr-xr-x  1 root qmail    115 Apr 20  2017 pinq

-rwxr-xr-x  1 root qmail  18824 Apr 20  2017 predate

-rwxr-xr-x  1 root qmail  18760 Apr 20  2017 preline

-rwxr-xr-x  1 root qmail    115 Apr 20  2017 qail

-rwxr-xr-x  1 root qmail  18728 Apr 20  2017 qbiff

-rwxr-xr-x  1 root qmail  18672 Apr 20  2017 qmail-badloadertypes

-rwxr-xr-x  1 root qmail  18672 Apr 20  2017 qmail-badmimetypes

-rwx--x--x  1 root qmail  14680 Apr 20  2017 qmail-clean

-rws--x--x  1 qmailq qmail  52096 Apr 20  2017 qmail-dk

-rwx--x--x  1 root qmail  10416 Apr 20  2017 qmail-getpw

-rwxr-xr-x  1 root qmail  51728 Apr 20  2017 qmail-inject

-rwx--x--x  1 root qmail  64120 Apr 20  2017 qmail-local

-rwx--  1 root qmail  22848 Apr 20  2017 qmail-lspawn

-rwx--  1 root qmail  18672 Apr 20  2017 qmail-newmrh

-rwx--  1 root qmail  14576 Apr 20  2017 qmail-newu

-rwx--x--x  1 root qmail  22904 Apr 20  2017 qmail-pw2u

-rwxr-xr-x  1 root qmail  18744 Apr 20  2017 qmail-qmqpc

-rwxr-xr-x  1 root qmail  22832 Apr 20  2017 qmail-qmqpd

-rwxr-xr-x  1 root qmail  31032 Apr 20  2017 qmail-qmtpd

-rwxr-xr-x  1 root qmail  22776 Apr 20  2017 qmail-qread

-rwxr-xr-x  1 root qmail    371 Apr 20  2017 qmail-qstat

lrwxrwxrwx  1 root root      23 Apr  8  2019 qmail-queue->
/var/qmail/bin/qmail-dk

-rws--x--x  1 qmailq qmail  27040 Apr 20  2017 qmail-queue.orig

-rwx--x--x  1 root qmail  56080 Apr 20  2017 qmail-remote

-rwx--x--x  1 root qmail  18704 Apr 20  2017 qmail-rspawn

-rwx--x--x  1 root qmail  59936 Apr 20  2017 qmail-send

-rwxr-xr-x  1 root qmail  22816 Apr 20  2017 qmail-showctl

-rwxr-xr-x  1 root qmail 205680 Apr 20  2017 qmail-smtpd

-rwx--  1 root qmail  10424 Apr 20  2017 qmail-start

-rwxr-xr-x  1 root qmail  14512 Apr 20  2017 qmail-tcpok

-rwxr-xr-x  1 root qmail  14544 Apr 20  2017 qmail-tcpto

-rwxr-xr-x  1 root qmail  31152 Apr 20  2017 qreceipt

-rwxr-xr-x  1 root qmail  14568 Apr 20  2017 qsmhook

-rwxr-xr-x  1 root qmail  14576 Apr 20  2017 sendmail

-rws--x--x  1 clamav root   34774 Apr  6  2016 simscan

-rwsr-xr-x  1 root   root   24461 Apr  6  2016 simscanmk

-rwxr-xr-x  1 root qmail  35528 Apr 20  2017 spf

Re: [qmailtoaster] DKIM not signed?

2019-12-16 Thread Jaime Lerner 
Sorry, it's there:

-rws--x--x  1 qmailq qmail  27040 Apr 20  2017 qmail-queue.orig

-rwx--x--x  1 root   qmail  56080 Apr 20  2017 qmail-remote

-rwx--x--x  1 root   qmail  56080 Feb  6  2015 qmail-remote.orig



From:  Eric Broch 
Reply-To:  
Date:  Monday, December 16, 2019 at 1:18 PM
To:  
Subject:  Re: [qmailtoaster] DKIM not signed?


 

Jamie,
 

>From the looks of your setup I'd recommend the following procedure (In a
directory other than /var/qmail/bin) :
 
 
1. # wget 
https://raw.githubusercontent.com/qmtoaster/dkim/master/qmail-remote
2. # qmailctl stop 
3. # mv /var/qmail/bin/qmail-remote /var/qmail/bin/qmail-remote.orig
4. # mv qmail-remote /var/qmail/bin
5. # chmod 777 /var/qmail/bin/qmail-remote
6. # chown root:qmail /var/qmail/bin/qmail-remote
7. # qmailctl start
 
Eric
 

 
 
On 12/16/2019 10:41 AM, Eric's mail wrote:
 
 
>   
> qmail-remote should be the perl script and the original remote renamed to
> qmail-remote.orig
>  
>  
>  
>  
> Eric's email, phone
>  
>  
>  
>  
>  
>  
> On Mon, Dec 16, 2019 at 9:28 AM -0700, "Jaime Lerner"
>  wrote:
>  
>  
>>  
>>  
>>  
>> 
>> [root@mail bin]# ls -al
>>  
>> 
>> total 1452
>>  
>> 
>> drwxr-xr-x  2 root   qmail   4096 Dec 16 10:36 .
>>  
>> 
>> drwxr-xr-x 12 root   qmail   4096 Apr  8  2019 ..
>>  
>> 
>> -rwxr-xr-x  1 root   qmail  14480 Apr 20  2017 bouncesaying
>>  
>> 
>> -rwxr-xr-x  1 root   qmail  31184 Apr 20  2017 condredirect
>>  
>> 
>> -rwxr-xr-x  1 root   qmail   1087 Apr 20  2017 config-fast
>>  
>> 
>> -rwxr-xr-x  1 root   qmail126 Apr 20  2017 datemail
>>  
>> 
>> -rwxr-xr-x  1 root   qmail928 Apr 20  2017 dh_key
>>  
>> 
>> -rwxr-xr-x  1 root   qmail114 Apr 20  2017 elq
>>  
>> 
>> -rwxr-xr-x  1 root   qmail  14480 Apr 20  2017 except
>>  
>> 
>> -rwxr-xr-x  1 root   qmail  31152 Apr 20  2017 forward
>>  
>> 
>> -rwxr-xr-x  1 root   qmail  26824 Apr 20  2017 instcheck
>>  
>> 
>> -rwxr-xr-x  1 root   qmail  26920 Apr 20  2017 maildir2mbox
>>  
>> 
>> -rwxr-xr-x  1 root   qmail  14504 Apr 20  2017 maildirmake
>>  
>> 
>> -rwxr-xr-x  1 root   qmail  22856 Apr 20  2017 maildirwatch
>>  
>> 
>> -rwxr-xr-x  1 root   qmail179 Apr 20  2017 mailsubj
>>  
>> 
>> -rwxr-xr-x  1 root   qmail   8259 Apr 20  2017 makecert.sh
>>  
>> 
>> -rwxr-xr-x  1 root   qmail115 Apr 20  2017 pinq
>>  
>> 
>> -rwxr-xr-x  1 root   qmail  18824 Apr 20  2017 predate
>>  
>> 
>> -rwxr-xr-x  1 root   qmail  18760 Apr 20  2017 preline
>>  
>> 
>> -rwxr-xr-x  1 root   qmail115 Apr 20  2017 qail
>>  
>> 
>> -rwxr-xr-x  1 root   qmail  18728 Apr 20  2017 qbiff
>>  
>> 
>> -rwxr-xr-x  1 root   qmail  18672 Apr 20  2017 qmail-badloadertypes
>>  
>> 
>> -rwxr-xr-x  1 root   qmail  18672 Apr 20  2017 qmail-badmimetypes
>>  
>> 
>> -rwx--x--x  1 root   qmail  14680 Apr 20  2017 qmail-clean
>>  
>> 
>> -rws--x--x  1 qmailq qmail  52096 Apr 20  2017 qmail-dk
>>  
>> 
>> -rwx--x--x  1 root   qmail  10416 Apr 20  2017 qmail-getpw
>>  
>> 
>> -rwxr-xr-x  1 root   qmail  51728 Apr 20  2017 qmail-inject
>>  
>> 
>> -rwx--x--x  1 root   qmail  64120 Apr 20  2017 qmail-local
>>  
>> 
>> -rwx--  1 root   qmail  22848 Apr 20  2017 qmail-lspawn
>>  
>> 
>> -rwx--  1 root   qmail  18672 Apr 20  2017 qmail-newmrh
>>  
>> 
>> -rwx--  1 root   qmail  14576 Apr 20  2017 qmail-newu
>>  
>> 
>> -rwx--x--x  1 root   qmail  22904 Apr 20  2017 qmail-pw2u
>>  
>> 
>> -rwxr-xr-x  1 root   qmail  18744 Apr 20  2017 qmail-qmqpc
>>  
>> 
>> -rwxr-xr-x  1 root   qmail  22832 Apr 20  2017 qmail-qmqpd
>>  
>> 
>> -rwxr-xr-x  1 root   qmail  31032 Apr 20  2017 qmail-qmtpd
>>  
>> 
>> -rwxr-xr-x  1 root   qmail  22776 Apr 20  2017 qmail-qread
>>  
>> 
>> -rwxr-xr-x  1 root   qmail371 Apr 20  2017 qmail-qstat
>>  
>> 
>> lrwxrwxrwx  1 root   root  23 Apr  8  2019 qmail-queue ->
>> /var/qmail/bin/qmail-dk
>>  
>> 
>> -rws--x--x  1 qmailq qmail  27040 Apr 20  2017 qmail-queue.orig
>>  
>> 
>> -rwx--x--x  1 root   qmail  56080 Apr 20  2017 qmail-remote
>>  
>> 
>> -rwx--x--x  1 root   qmail  18704 Apr 20  2017 qmail-rspawn
>>  
>> 
>> -rwx--x--x  1 root   qmail  59936 Apr 20  2017 qmail-se

Re: [qmailtoaster] DKIM not signed?

2019-12-16 Thread Eric Broch 

Jamie,

From the looks of your setup I'd recommend the following procedure (In 
a directory other than /var/qmail/bin) :


1. # wget
   https://raw.githubusercontent.com/qmtoaster/dkim/master/qmail-remote
2. # qmailctl stop
3. # mv /var/qmail/bin/qmail-remote /var/qmail/bin/qmail-remote.orig
4. # mv qmail-remote /var/qmail/bin
5. # chmod 777 /var/qmail/bin/qmail-remote
6. # chown root:qmail /var/qmail/bin/qmail-remote
7. # qmailctl start

Eric

On 12/16/2019 10:41 AM, Eric's mail wrote:
qmail-remote should be the perl script and the original remote renamed 
to qmail-remote.orig


Eric's email, phone




On Mon, Dec 16, 2019 at 9:28 AM -0700, "Jaime Lerner" 
mailto:jaimeler...@geekgoddess.com>> wrote:


[root@mail bin]# ls -al

total 1452

drwxr-xr-x 2 root   qmail   4096 Dec 16 10:36 .

drwxr-xr-x 12 root   qmail   4096 Apr  8  2019 ..

-rwxr-xr-x 1 root   qmail  14480 Apr 20  2017 bouncesaying

-rwxr-xr-x 1 root   qmail  31184 Apr 20  2017 condredirect

-rwxr-xr-x 1 root   qmail   1087 Apr 20  2017 config-fast

-rwxr-xr-x 1 root   qmail    126 Apr 20  2017 datemail

-rwxr-xr-x 1 root   qmail    928 Apr 20  2017 dh_key

-rwxr-xr-x 1 root   qmail    114 Apr 20  2017 elq

-rwxr-xr-x 1 root   qmail  14480 Apr 20  2017 except

-rwxr-xr-x 1 root   qmail  31152 Apr 20  2017 forward

-rwxr-xr-x 1 root   qmail  26824 Apr 20  2017 instcheck

-rwxr-xr-x 1 root   qmail  26920 Apr 20  2017 maildir2mbox

-rwxr-xr-x 1 root   qmail  14504 Apr 20  2017 maildirmake

-rwxr-xr-x 1 root   qmail  22856 Apr 20  2017 maildirwatch

-rwxr-xr-x 1 root   qmail    179 Apr 20  2017 mailsubj

-rwxr-xr-x 1 root   qmail   8259 Apr 20  2017 makecert.sh

-rwxr-xr-x 1 root   qmail    115 Apr 20  2017 pinq

-rwxr-xr-x 1 root   qmail  18824 Apr 20  2017 predate

-rwxr-xr-x 1 root   qmail  18760 Apr 20  2017 preline

-rwxr-xr-x 1 root   qmail    115 Apr 20  2017 qail

-rwxr-xr-x 1 root   qmail  18728 Apr 20  2017 qbiff

-rwxr-xr-x 1 root   qmail  18672 Apr 20  2017 qmail-badloadertypes

-rwxr-xr-x 1 root   qmail  18672 Apr 20  2017 qmail-badmimetypes

-rwx--x--x 1 root   qmail  14680 Apr 20  2017 qmail-clean

-rws--x--x 1 qmailq qmail  52096 Apr 20  2017 qmail-dk

-rwx--x--x 1 root   qmail  10416 Apr 20  2017 qmail-getpw

-rwxr-xr-x 1 root   qmail  51728 Apr 20  2017 qmail-inject

-rwx--x--x 1 root   qmail  64120 Apr 20  2017 qmail-local

-rwx-- 1 root   qmail  22848 Apr 20  2017 qmail-lspawn

-rwx-- 1 root   qmail  18672 Apr 20  2017 qmail-newmrh

-rwx-- 1 root   qmail  14576 Apr 20  2017 qmail-newu

-rwx--x--x 1 root   qmail  22904 Apr 20  2017 qmail-pw2u

-rwxr-xr-x 1 root   qmail  18744 Apr 20  2017 qmail-qmqpc

-rwxr-xr-x 1 root   qmail  22832 Apr 20  2017 qmail-qmqpd

-rwxr-xr-x 1 root   qmail  31032 Apr 20  2017 qmail-qmtpd

-rwxr-xr-x 1 root   qmail  22776 Apr 20  2017 qmail-qread

-rwxr-xr-x 1 root   qmail    371 Apr 20  2017 qmail-qstat

lrwxrwxrwx 1 root   root      23 Apr  8  2019 qmail-queue->
/var/qmail/bin/qmail-dk

-rws--x--x 1 qmailq qmail  27040 Apr 20  2017 qmail-queue.orig

-rwx--x--x 1 root   qmail  56080 Apr 20  2017 qmail-remote

-rwx--x--x 1 root   qmail  18704 Apr 20  2017 qmail-rspawn

-rwx--x--x 1 root   qmail  59936 Apr 20  2017 qmail-send

-rwxr-xr-x 1 root   qmail  22816 Apr 20  2017 qmail-showctl

-rwxr-xr-x 1 root   qmail 205680 Apr 20  2017 qmail-smtpd

-rwx-- 1 root   qmail  10424 Apr 20  2017 qmail-start

-rwxr-xr-x 1 root   qmail  14512 Apr 20  2017 qmail-tcpok

-rwxr-xr-x 1 root   qmail  14544 Apr 20  2017 qmail-tcpto

-rwxr-xr-x 1 root   qmail  31152 Apr 20  2017 qreceipt

-rwxr-xr-x 1 root   qmail  14568 Apr 20  2017 qsmhook

-rwxr-xr-x 1 root   qmail  14576 Apr 20  2017 sendmail

-rws--x--x 1 clamav root   34774 Apr  6  2016 simscan

-rwsr-xr-x 1 root   root   24461 Apr  6  2016 simscanmk

-rwxr-xr-x 1 root   qmail  35528 Apr 20  2017 spfquery

-rwx--x--x 1 root   qmail  10504 Apr 20  2017 splogger

-rwxr-xr-x 1 root   qmail  31152 Apr 20  2017 srsfilter

-rwxr-xr-x 1 root   qmail  26864 Apr 20  2017 tcp-env

-rwxr-xr-x 1 root   root     618 Dec 24  2013 update-simscan



From: Eric's mail mailto:ebr...@whitehorsetc.com>>
Reply-To: mailto:qmailtoaster-list@qmailtoaster.com>>
Date: Monday, December 16, 2019 at 11:03 AM
To: mailto:qmailtoaster-list@qmailtoaster.com>>
Subject: Re: [qmailtoaster] DKIM not signed?

Soory list bin dir as well

Eric's email, phone




On Mon, Dec 16, 2019 at 8:46 AM -0700, "Jaime Lerner"
mailto:jaimeler...@geekgoddess.com>>
wrote:

Not sure what you mean by "dump qmail-remote"? You mean just
do a hexdump? (hex and ascii side by side?)


[root@mail control]# ls -al

total 180

drwxr

Re: [qmailtoaster] DKIM not signed?

2019-12-16 Thread Eric's mail 
qmail-remote should be the perl script and the original remote renamed to 
qmail-remote.orig




Eric's email, phone







On Mon, Dec 16, 2019 at 9:28 AM -0700, "Jaime Lerner" 
 wrote:












[root@mail bin]# ls -al


total 1452


drwxr-xr-x  2 root   qmail   4096 Dec 16 10:36 .


drwxr-xr-x 12 root   qmail   4096 Apr  8  2019 ..


-rwxr-xr-x  1 root   qmail  14480 Apr 20  2017 bouncesaying


-rwxr-xr-x  1 root   qmail  31184 Apr 20  2017 condredirect


-rwxr-xr-x  1 root   qmail   1087 Apr 20  2017 config-fast


-rwxr-xr-x  1 root   qmail    126 Apr 20  2017 datemail


-rwxr-xr-x  1 root   qmail    928 Apr 20  2017 dh_key


-rwxr-xr-x  1 root   qmail    114 Apr 20  2017 elq


-rwxr-xr-x  1 root   qmail  14480 Apr 20  2017 except


-rwxr-xr-x  1 root   qmail  31152 Apr 20  2017 forward


-rwxr-xr-x  1 root   qmail  26824 Apr 20  2017 instcheck


-rwxr-xr-x  1 root   qmail  26920 Apr 20  2017 maildir2mbox


-rwxr-xr-x  1 root   qmail  14504 Apr 20  2017 maildirmake


-rwxr-xr-x  1 root   qmail  22856 Apr 20  2017 maildirwatch


-rwxr-xr-x  1 root   qmail    179 Apr 20  2017 mailsubj


-rwxr-xr-x  1 root   qmail   8259 Apr 20  2017 makecert.sh


-rwxr-xr-x  1 root   qmail    115 Apr 20  2017 pinq


-rwxr-xr-x  1 root   qmail  18824 Apr 20  2017 predate


-rwxr-xr-x  1 root   qmail  18760 Apr 20  2017 preline


-rwxr-xr-x  1 root   qmail    115 Apr 20  2017 qail


-rwxr-xr-x  1 root   qmail  18728 Apr 20  2017 qbiff


-rwxr-xr-x  1 root   qmail  18672 Apr 20  2017 qmail-badloadertypes


-rwxr-xr-x  1 root   qmail  18672 Apr 20  2017 qmail-badmimetypes


-rwx--x--x  1 root   qmail  14680 Apr 20  2017 qmail-clean


-rws--x--x  1 qmailq qmail  52096 Apr 20  2017 qmail-dk


-rwx--x--x  1 root   qmail  10416 Apr 20  2017 qmail-getpw


-rwxr-xr-x  1 root   qmail  51728 Apr 20  2017 qmail-inject


-rwx--x--x  1 root   qmail  64120 Apr 20  2017 qmail-local


-rwx--  1 root   qmail  22848 Apr 20  2017 qmail-lspawn


-rwx--  1 root   qmail  18672 Apr 20  2017 qmail-newmrh


-rwx--  1 root   qmail  14576 Apr 20  2017 qmail-newu


-rwx--x--x  1 root   qmail  22904 Apr 20  2017 qmail-pw2u


-rwxr-xr-x  1 root   qmail  18744 Apr 20  2017 qmail-qmqpc


-rwxr-xr-x  1 root   qmail  22832 Apr 20  2017 qmail-qmqpd


-rwxr-xr-x  1 root   qmail  31032 Apr 20  2017 qmail-qmtpd


-rwxr-xr-x  1 root   qmail  22776 Apr 20  2017 qmail-qread


-rwxr-xr-x  1 root   qmail    371 Apr 20  2017 qmail-qstat


lrwxrwxrwx  1 root   root      23 Apr  8  2019 qmail-queue -> 
/var/qmail/bin/qmail-dk


-rws--x--x  1 qmailq qmail  27040 Apr 20  2017 qmail-queue.orig


-rwx--x--x  1 root   qmail  56080 Apr 20  2017 qmail-remote


-rwx--x--x  1 root   qmail  18704 Apr 20  2017 qmail-rspawn


-rwx--x--x  1 root   qmail  59936 Apr 20  2017 qmail-send


-rwxr-xr-x  1 root   qmail  22816 Apr 20  2017 qmail-showctl


-rwxr-xr-x  1 root   qmail 205680 Apr 20  2017 qmail-smtpd


-rwx--  1 root   qmail  10424 Apr 20  2017 qmail-start


-rwxr-xr-x  1 root   qmail  14512 Apr 20  2017 qmail-tcpok


-rwxr-xr-x  1 root   qmail  14544 Apr 20  2017 qmail-tcpto


-rwxr-xr-x  1 root   qmail  31152 Apr 20  2017 qreceipt


-rwxr-xr-x  1 root   qmail  14568 Apr 20  2017 qsmhook


-rwxr-xr-x  1 root   qmail  14576 Apr 20  2017 sendmail


-rws--x--x  1 clamav root   34774 Apr  6  2016 simscan


-rwsr-xr-x  1 root   root   24461 Apr  6  2016 simscanmk


-rwxr-xr-x  1 root   qmail  35528 Apr 20  2017 spfquery


-rwx--x--x  1 root   qmail  10504 Apr 20  2017 splogger


-rwxr-xr-x  1 root   qmail  31152 Apr 20  2017 srsfilter


-rwxr-xr-x  1 root   qmail  26864 Apr 20  2017 tcp-env


-rwxr-xr-x  1 root   root     618 Dec 24  2013 update-simscan

From:  Eric's mail 
Reply-To:  
Date:  Monday, December 16, 2019 at 11:03 AM
To:  
Subject:  Re: [qmailtoaster] DKIM not signed?

Soory list bin dir as well

Eric's email, phone



On Mon, Dec 16, 2019 at 8:46 AM -0700, "Jaime Lerner" 
 wrote:

Not sure what you mean by "dump qmail-remote"? You mean just do a hexdump? (hex 
and ascii side by side?)



[root@mail control]# ls -al

total 180

drwxr-xr-x  4 root   qmail  4096 Dec 16 06:21 .

drwxr-xr-x 12 root   qmail  4096 Apr  8  2019 ..

-rw-r--r--  1 root   qmail    32 Apr 20  2017 badloadertypes

-rw-r--r--  1 root   root   2048 Apr  8  2019 badloadertypes.cdb

-rw-r--r--  1 root   qmail    39 Jun 20  2016 badmailfrom

-rw-r--r--  1 root   qmail   123 Jun 11  2016 badmailto

-rw-r--r--  1 root   qmail   360 Apr 20  2017 badmimetypes

-rw-r--r--  1 root   root   2048 Apr  8  2019 badmimetypes.cdb

lrwxrwxrwx  1 root   qmail    14 Apr  8  2019 clientcert.pem -> servercert.pem

-rw-r--r--  1 root   qmail     4 Apr 20  2017 concurrencyincoming

-rw-r--r--  1 root   qmail     3 Apr 20  2017 concurrencyremote

-rw-r--r--  1 root   qmail     9 May 18  2016 databytes

-rw-r--r--  1 root   qmail    11 Apr 20  2017 defaultdelivery

-rw-r--r--  1 root   qmail    16 May 17  2016 defaultdomain

-rw-r--r--  1 root   qmail    16 May 17 

Re: [qmailtoaster] DKIM not signed?

2019-12-16 Thread Jaime Lerner 
[root@mail bin]# ls -al

total 1452

drwxr-xr-x  2 root   qmail   4096 Dec 16 10:36 .

drwxr-xr-x 12 root   qmail   4096 Apr  8  2019 ..

-rwxr-xr-x  1 root   qmail  14480 Apr 20  2017 bouncesaying

-rwxr-xr-x  1 root   qmail  31184 Apr 20  2017 condredirect

-rwxr-xr-x  1 root   qmail   1087 Apr 20  2017 config-fast

-rwxr-xr-x  1 root   qmail126 Apr 20  2017 datemail

-rwxr-xr-x  1 root   qmail928 Apr 20  2017 dh_key

-rwxr-xr-x  1 root   qmail114 Apr 20  2017 elq

-rwxr-xr-x  1 root   qmail  14480 Apr 20  2017 except

-rwxr-xr-x  1 root   qmail  31152 Apr 20  2017 forward

-rwxr-xr-x  1 root   qmail  26824 Apr 20  2017 instcheck

-rwxr-xr-x  1 root   qmail  26920 Apr 20  2017 maildir2mbox

-rwxr-xr-x  1 root   qmail  14504 Apr 20  2017 maildirmake

-rwxr-xr-x  1 root   qmail  22856 Apr 20  2017 maildirwatch

-rwxr-xr-x  1 root   qmail179 Apr 20  2017 mailsubj

-rwxr-xr-x  1 root   qmail   8259 Apr 20  2017 makecert.sh

-rwxr-xr-x  1 root   qmail115 Apr 20  2017 pinq

-rwxr-xr-x  1 root   qmail  18824 Apr 20  2017 predate

-rwxr-xr-x  1 root   qmail  18760 Apr 20  2017 preline

-rwxr-xr-x  1 root   qmail115 Apr 20  2017 qail

-rwxr-xr-x  1 root   qmail  18728 Apr 20  2017 qbiff

-rwxr-xr-x  1 root   qmail  18672 Apr 20  2017 qmail-badloadertypes

-rwxr-xr-x  1 root   qmail  18672 Apr 20  2017 qmail-badmimetypes

-rwx--x--x  1 root   qmail  14680 Apr 20  2017 qmail-clean

-rws--x--x  1 qmailq qmail  52096 Apr 20  2017 qmail-dk

-rwx--x--x  1 root   qmail  10416 Apr 20  2017 qmail-getpw

-rwxr-xr-x  1 root   qmail  51728 Apr 20  2017 qmail-inject

-rwx--x--x  1 root   qmail  64120 Apr 20  2017 qmail-local

-rwx--  1 root   qmail  22848 Apr 20  2017 qmail-lspawn

-rwx--  1 root   qmail  18672 Apr 20  2017 qmail-newmrh

-rwx--  1 root   qmail  14576 Apr 20  2017 qmail-newu

-rwx--x--x  1 root   qmail  22904 Apr 20  2017 qmail-pw2u

-rwxr-xr-x  1 root   qmail  18744 Apr 20  2017 qmail-qmqpc

-rwxr-xr-x  1 root   qmail  22832 Apr 20  2017 qmail-qmqpd

-rwxr-xr-x  1 root   qmail  31032 Apr 20  2017 qmail-qmtpd

-rwxr-xr-x  1 root   qmail  22776 Apr 20  2017 qmail-qread

-rwxr-xr-x  1 root   qmail371 Apr 20  2017 qmail-qstat

lrwxrwxrwx  1 root   root  23 Apr  8  2019 qmail-queue ->
/var/qmail/bin/qmail-dk

-rws--x--x  1 qmailq qmail  27040 Apr 20  2017 qmail-queue.orig

-rwx--x--x  1 root   qmail  56080 Apr 20  2017 qmail-remote

-rwx--x--x  1 root   qmail  18704 Apr 20  2017 qmail-rspawn

-rwx--x--x  1 root   qmail  59936 Apr 20  2017 qmail-send

-rwxr-xr-x  1 root   qmail  22816 Apr 20  2017 qmail-showctl

-rwxr-xr-x  1 root   qmail 205680 Apr 20  2017 qmail-smtpd

-rwx--  1 root   qmail  10424 Apr 20  2017 qmail-start

-rwxr-xr-x  1 root   qmail  14512 Apr 20  2017 qmail-tcpok

-rwxr-xr-x  1 root   qmail  14544 Apr 20  2017 qmail-tcpto

-rwxr-xr-x  1 root   qmail  31152 Apr 20  2017 qreceipt

-rwxr-xr-x  1 root   qmail  14568 Apr 20  2017 qsmhook

-rwxr-xr-x  1 root   qmail  14576 Apr 20  2017 sendmail

-rws--x--x  1 clamav root   34774 Apr  6  2016 simscan

-rwsr-xr-x  1 root   root   24461 Apr  6  2016 simscanmk

-rwxr-xr-x  1 root   qmail  35528 Apr 20  2017 spfquery

-rwx--x--x  1 root   qmail  10504 Apr 20  2017 splogger

-rwxr-xr-x  1 root   qmail  31152 Apr 20  2017 srsfilter

-rwxr-xr-x  1 root   qmail  26864 Apr 20  2017 tcp-env

-rwxr-xr-x  1 root   root 618 Dec 24  2013 update-simscan



From:  Eric's mail 
Reply-To:  
Date:  Monday, December 16, 2019 at 11:03 AM
To:  
Subject:  Re: [qmailtoaster] DKIM not signed?

Soory list bin dir as well

Eric's email, phone




On Mon, Dec 16, 2019 at 8:46 AM -0700, "Jaime Lerner"
 wrote:

> Not sure what you mean by "dump qmail-remote"? You mean just do a hexdump?
> (hex and ascii side by side?)
> 
> 
> [root@mail control]# ls -al
> 
> total 180
> 
> drwxr-xr-x  4 root   qmail  4096 Dec 16 06:21 .
> 
> drwxr-xr-x 12 root   qmail  4096 Apr  8  2019 ..
> 
> -rw-r--r--  1 root   qmail32 Apr 20  2017 badloadertypes
> 
> -rw-r--r--  1 root   root   2048 Apr  8  2019 badloadertypes.cdb
> 
> -rw-r--r--  1 root   qmail39 Jun 20  2016 badmailfrom
> 
> -rw-r--r--  1 root   qmail   123 Jun 11  2016 badmailto
> 
> -rw-r--r--  1 root   qmail   360 Apr 20  2017 badmimetypes
> 
> -rw-r--r--  1 root   root   2048 Apr  8  2019 badmimetypes.cdb
> 
> lrwxrwxrwx  1 root   qmail14 Apr  8  2019 clientcert.pem -> servercert.pem
> 
> -rw-r--r--  1 root   qmail 4 Apr 20  2017 concurrencyincoming
> 
> -rw-r--r--  1 root   qmail 3 Apr 20  2017 concurrencyremote
> 
> -rw-r--r--  1 root   qmail 9 May 18  2016 databytes
> 
> -rw-r--r--  1 root   qmail11 Apr 20  2017 defaultdelivery
> 
> -rw-r--r--  1 root   qmail16 May 17  2016 defaultdomain
> 
> -rw-r--r--  1 root   qmail16 May 17  2016 defaulthost
> 
> -rw-r--r--  1 root   qmail   245 Dec 16 01:01 dh1024.p

Re: [qmailtoaster] DKIM not signed?

2019-12-16 Thread Eric's mail 
Soory list bin dir as well




Eric's email, phone







On Mon, Dec 16, 2019 at 8:46 AM -0700, "Jaime Lerner" 
 wrote:










Not sure what you mean by "dump qmail-remote"? You mean just do a hexdump? (hex 
and ascii side by side?)



[root@mail control]# ls -al


total 180


drwxr-xr-x  4 root   qmail  4096 Dec 16 06:21 .


drwxr-xr-x 12 root   qmail  4096 Apr  8  2019 ..


-rw-r--r--  1 root   qmail    32 Apr 20  2017 badloadertypes


-rw-r--r--  1 root   root   2048 Apr  8  2019 badloadertypes.cdb


-rw-r--r--  1 root   qmail    39 Jun 20  2016 badmailfrom


-rw-r--r--  1 root   qmail   123 Jun 11  2016 badmailto


-rw-r--r--  1 root   qmail   360 Apr 20  2017 badmimetypes


-rw-r--r--  1 root   root   2048 Apr  8  2019 badmimetypes.cdb


lrwxrwxrwx  1 root   qmail    14 Apr  8  2019 clientcert.pem -> servercert.pem


-rw-r--r--  1 root   qmail     4 Apr 20  2017 concurrencyincoming


-rw-r--r--  1 root   qmail     3 Apr 20  2017 concurrencyremote


-rw-r--r--  1 root   qmail     9 May 18  2016 databytes


-rw-r--r--  1 root   qmail    11 Apr 20  2017 defaultdelivery


-rw-r--r--  1 root   qmail    16 May 17  2016 defaultdomain


-rw-r--r--  1 root   qmail    16 May 17  2016 defaulthost


-rw-r--r--  1 root   qmail   245 Dec 16 01:01 dh1024.pem


-rw-r--r--  1 root   qmail   156 Dec 16 01:01 dh512.pem


drwxr-xr-x  2 qmailr qmail  4096 May 20  2016 dkim


drwxr-xr-x  4 root   qmail  4096 Apr 20  2017 domainkeys


-rw-r--r--  1 root   root     13 Jun 11  2016 doublebounceto


-rw-r--r--  1 root   root     10 Jul  3 11:40 locals


-rw---  1 root   root      0 May 17  2016 locals.lock


-rw-r--r--  1 root   qmail     4 Apr 20  2017 logcount


-rw-r--r--  1 root   qmail     8 Apr 20  2017 logsize


-rw-r--r--  1 root   qmail    16 May 20  2016 me


-rw-r--r--  1 root   qmail    16 May 17  2016 plusdomain


-rw-r--r--  1 root   qmail     0 Apr 20  2017 policy


-rw-r--r--  1 root   qmail     6 Apr 20  2017 queuelifetime


-rw-r--r--  1 root   root    254 Jul  3 11:40 rcpthosts


-rw---  1 root   root      0 May 17  2016 rcpthosts.lock


-rw-r--r--  1 root   qmail   497 Dec 16 01:01 rsa512.pem


-rw-r--r--  1 root   qmail   493 May 17  2016 rsa512.pem.safe


-rw-r-  1 root   vchkpw 8844 Dec 12 02:08 servercert.pem


-rw-r--r--  1 clamav root     53 Aug  9  2018 simcontrol


-rw-r--r--  1 root   clamav 2123 Dec 16 06:21 simcontrol.cdb


-rw-r--r--  1 root   clamav 2167 Dec 16 06:21 simversions.cdb


-rw-r--r--  1 root   qmail    49 May 19  2016 smtpgreeting


-rw-r--r--  1 root   qmail     0 Apr 20  2017 smtproutes


-rw-r--r--  1 root   qmail     2 Apr 20  2017 spfbehavior


lrwxrwxrwx  1 root   root     35 Apr  8  2019 tlsclientciphers -> 
/var/qmail/control/tlsserverciphers


-rw-r--r--  1 root   qmail  1767 Apr  8  2019 tlsserverciphers


-rw-r--r--  1 root   root    466 Jul  3 11:40 virtualdomains


-rw---  1 root   root      0 May 17  2016 virtualdomains.lock



From:  Eric Broch 
Reply-To:  
Date:  Monday, December 16, 2019 at 10:28 AM
To:  
Subject:  Re: [qmailtoaster] DKIM not signed?





  


Can you list the control directory and dump qmail-remote?





On 12/16/2019 8:25 AM, Jaime Lerner
  wrote:



  
  Yes, I have the directory:
  

  
  


[root@mail dkim]# ls -al


total 20


drwxr-xr-x 2 qmailr qmail 4096 May 20 
2016 .


drwxr-xr-x 4 root   qmail 4096 Dec 16
06:21 ..


-rw-r--r-- 1 root   root   891 May 20 
2016 global.key


-rw-r--r-- 1 root   root   241 May 20 
2016 public.txt


-rw-r--r-- 1 qmailr qmail  250 May 20 
2016 signconf.xml
  
  

  
  
From:  Remo Mattei 

  Reply-To:  

  Date:  Sunday, December
  15, 2019 at 12:56 AM

  To:  

  Subject:  Re:
      [qmailtoaster] DKIM not signed?






  
  
  

   Well when I check google for the signature it’s not
there. So my answer will be yes. If I use other clients
the DKIM is there. 
  

  
  

  
  

  
  

  


  
—

  Remo



  

 

  
On Saturday, Dec 14, 2019 at 21:47, Erics mail 

  wrote:



  Does it stop the qmail server
from signing a message?



  
  
  Get Outlook for Android


  
  

  

  

  On

Re: [qmailtoaster] DKIM not signed?

2019-12-16 Thread Jaime Lerner 
Not sure what you mean by "dump qmail-remote"? You mean just do a hexdump?
(hex and ascii side by side?)


[root@mail control]# ls -al

total 180

drwxr-xr-x  4 root   qmail  4096 Dec 16 06:21 .

drwxr-xr-x 12 root   qmail  4096 Apr  8  2019 ..

-rw-r--r--  1 root   qmail32 Apr 20  2017 badloadertypes

-rw-r--r--  1 root   root   2048 Apr  8  2019 badloadertypes.cdb

-rw-r--r--  1 root   qmail39 Jun 20  2016 badmailfrom

-rw-r--r--  1 root   qmail   123 Jun 11  2016 badmailto

-rw-r--r--  1 root   qmail   360 Apr 20  2017 badmimetypes

-rw-r--r--  1 root   root   2048 Apr  8  2019 badmimetypes.cdb

lrwxrwxrwx  1 root   qmail14 Apr  8  2019 clientcert.pem ->
servercert.pem

-rw-r--r--  1 root   qmail 4 Apr 20  2017 concurrencyincoming

-rw-r--r--  1 root   qmail 3 Apr 20  2017 concurrencyremote

-rw-r--r--  1 root   qmail 9 May 18  2016 databytes

-rw-r--r--  1 root   qmail11 Apr 20  2017 defaultdelivery

-rw-r--r--  1 root   qmail16 May 17  2016 defaultdomain

-rw-r--r--  1 root   qmail16 May 17  2016 defaulthost

-rw-r--r--  1 root   qmail   245 Dec 16 01:01 dh1024.pem

-rw-r--r--  1 root   qmail   156 Dec 16 01:01 dh512.pem

drwxr-xr-x  2 qmailr qmail  4096 May 20  2016 dkim

drwxr-xr-x  4 root   qmail  4096 Apr 20  2017 domainkeys

-rw-r--r--  1 root   root 13 Jun 11  2016 doublebounceto

-rw-r--r--  1 root   root 10 Jul  3 11:40 locals

-rw---  1 root   root  0 May 17  2016 locals.lock

-rw-r--r--  1 root   qmail 4 Apr 20  2017 logcount

-rw-r--r--  1 root   qmail 8 Apr 20  2017 logsize

-rw-r--r--  1 root   qmail16 May 20  2016 me

-rw-r--r--  1 root   qmail16 May 17  2016 plusdomain

-rw-r--r--  1 root   qmail 0 Apr 20  2017 policy

-rw-r--r--  1 root   qmail 6 Apr 20  2017 queuelifetime

-rw-r--r--  1 root   root254 Jul  3 11:40 rcpthosts

-rw---  1 root   root  0 May 17  2016 rcpthosts.lock

-rw-r--r--  1 root   qmail   497 Dec 16 01:01 rsa512.pem

-rw-r--r--  1 root   qmail   493 May 17  2016 rsa512.pem.safe

-rw-r-  1 root   vchkpw 8844 Dec 12 02:08 servercert.pem

-rw-r--r--  1 clamav root 53 Aug  9  2018 simcontrol

-rw-r--r--  1 root   clamav 2123 Dec 16 06:21 simcontrol.cdb

-rw-r--r--  1 root   clamav 2167 Dec 16 06:21 simversions.cdb

-rw-r--r--  1 root   qmail49 May 19  2016 smtpgreeting

-rw-r--r--  1 root   qmail 0 Apr 20  2017 smtproutes

-rw-r--r--  1 root   qmail 2 Apr 20  2017 spfbehavior

lrwxrwxrwx  1 root   root 35 Apr  8  2019 tlsclientciphers ->
/var/qmail/control/tlsserverciphers

-rw-r--r--  1 root   qmail  1767 Apr  8  2019 tlsserverciphers

-rw-r--r--  1 root   root466 Jul  3 11:40 virtualdomains

-rw---  1 root   root  0 May 17  2016 virtualdomains.lock





From:  Eric Broch 
Reply-To:  
Date:  Monday, December 16, 2019 at 10:28 AM
To:  
Subject:  Re: [qmailtoaster] DKIM not signed?


 

Can you list the control directory and dump qmail-remote?
 


 
 
On 12/16/2019 8:25 AM, Jaime Lerner wrote:
 
 
>   
> Yes, I have the directory:
>  
> 
>  
>  
>  
> 
> [root@mail dkim]# ls -al
>  
> 
> total 20
>  
> 
> drwxr-xr-x 2 qmailr qmail 4096 May 20  2016 .
>  
> 
> drwxr-xr-x 4 root   qmail 4096 Dec 16 06:21 ..
>  
> 
> -rw-r--r-- 1 root   root   891 May 20  2016 global.key
>  
> 
> -rw-r--r-- 1 root   root   241 May 20  2016 public.txt
>  
> 
> -rw-r--r-- 1 qmailr qmail  250 May 20  2016 signconf.xml
>  
>  
> 
>  
>   
> From:  Remo Mattei 
>  Reply-To:  
>  Date:  Sunday, December 15, 2019 at 12:56 AM
>  To:  
>  Subject:  Re: [qmailtoaster] DKIM not signed?
>  
>  
> 
>  
>  
>
>  
>  
>  Well when I check google for the signature it’s not there. So my answer will
> be yes. If I use other clients the DKIM is there.
>  
> 
>  
>  
> 
>  
>  
> 
>  
>  
> 
>  
>  
>  
>  
>  
> —
>  Remo
>  
> 
>  
>  
>  
>  
>  
>  
>>  
>>  
>> On Saturday, Dec 14, 2019 at 21:47, Erics mail 
>> wrote:
>>  
>>  
>>  
>> Does it stop the qmail server from signing a message?
>>  
>>  
>>  
>>  
>> Get Outlook for Android <https://aka.ms/ghei36>
>>  
>>  
>>  
>>  
>>  
>>  
>> On Sat, Dec 14, 2019 at 10:40 PM -0700, "Remo Mattei" 
>> wrote:
>>  
>>  
>>>  
>>>
>>>  
>>> You are right Eric, I was just refering to Apple Mail client as it does not
>>> set DKIM on the msg.  Different issue.
>>>  
>>> 
>>>  
>>>  
>>>  
>>>  
>>>  
>>> —
>>>  Remo
>>>  
>>> 
>>>

Re: [qmailtoaster] DKIM not signed?

2019-12-16 Thread Eric Broch 

Can you list the control directory and dump qmail-remote?


On 12/16/2019 8:25 AM, Jaime Lerner wrote:

Yes, I have the directory:

[root@mail dkim]# ls -al

total 20

drwxr-xr-x 2 qmailr qmail 4096 May 20 2016 .

drwxr-xr-x 4 root   qmail 4096 Dec 16 06:21 ..

-rw-r--r-- 1 root   root   891 May 20 2016 global.key

-rw-r--r-- 1 root   root   241 May 20 2016 public.txt

-rw-r--r-- 1 qmailr qmail  250 May 20 2016 signconf.xml


From: Remo Mattei mailto:r...@mattei.org>>
Reply-To: <mailto:qmailtoaster-list@qmailtoaster.com>>

Date: Sunday, December 15, 2019 at 12:56 AM
To: <mailto:qmailtoaster-list@qmailtoaster.com>>

Subject: Re: [qmailtoaster] DKIM not signed?

Well when I check google for the signature it’s not there. So my 
answer will be yes. If I use other clients the DKIM is there.





—
Remo

On Saturday, Dec 14, 2019 at 21:47, Erics mail
mailto:ebr...@whitehorsetc.com>> wrote:
Does it stop the qmail server from signing a message?

Get Outlook for Android <https://aka.ms/ghei36>




On Sat, Dec 14, 2019 at 10:40 PM -0700, "Remo Mattei"
mailto:r...@mattei.org>> wrote:

You are right Eric, I was just refering to Apple Mail client
as it does not set DKIM on the msg.  Different issue.

—
Remo

On Saturday, Dec 14, 2019 at 21:32, Erics mail
mailto:ebr...@whitehorsetc.com>>
wrote:
Is apple mail a client? Not sure how that will stop the
server from signing an email.

Get Outlook for Android <https://aka.ms/ghei36>




On Sat, Dec 14, 2019 at 6:08 PM -0700, "Remo Mattei"
mailto:r...@mattei.org>> wrote:

I found that if you use Apple Mail it will not sign
it. Just my 2 cents on that.



—
Remo

On Saturday, Dec 14, 2019 at 16:43, Eric Broch
mailto:ebr...@whitehorsetc.com>> wrote:

Do you have a directory /var/qmail/control/dkim?

What's in that directory if it exists?

On 12/13/2019 10:20 AM, Jaime Lerner wrote:

I was doing some testing and every test is
showing my DKIM is not signed. It used to be
signed when I set it up in 2016, but I'm thinking
something has changed since then? I followed this

http://wiki.qmailtoaster.com/index.php/How_to_Setup_DKIM_with_Qmail_Toaster at
the time, but I can see that the VERSION of DKIM
is now required and may not have been required at
the time. I updated my DNS to include the
"v=DKIM1" tag, but I don't know how to add the
"v=1" tag to the signature that is generated out
of Qmail. Where can I change the tags that are
generated?

It's also signing as "DomainKey-Signature" and
not "DKIM-Signature" which I believe is the new
header to use? (Generated header below)

DomainKey-Signature: a=rsa-sha1; q=dns; c=nofws; s=private; 
d=geekgoddess.com; 
b=MoE5S1hg4Oii5QddaknpLRwvr6BLFjRxGb6yqFQyTbqOegkhbUiIbKKQNF1/CXabl5rSwJ60MTkOwKKQGJBzKL9XFlgbKw1pyPfep5D/vTrcMvxXdFjNWOYq3rZgbbnUjQh4yJc9H5XZHAnvZJOnNfkjQoAk7lZ+mTiZ1zomiKM=;

Re: [qmailtoaster] DKIM not signed?

2019-12-16 Thread Jaime Lerner 
Yes, I have the directory:

[root@mail dkim]# ls -al

total 20

drwxr-xr-x 2 qmailr qmail 4096 May 20  2016 .

drwxr-xr-x 4 root   qmail 4096 Dec 16 06:21 ..

-rw-r--r-- 1 root   root   891 May 20  2016 global.key

-rw-r--r-- 1 root   root   241 May 20  2016 public.txt

-rw-r--r-- 1 qmailr qmail  250 May 20  2016 signconf.xml


From:  Remo Mattei 
Reply-To:  
Date:  Sunday, December 15, 2019 at 12:56 AM
To:  
Subject:  Re: [qmailtoaster] DKIM not signed?


 
 Well when I check google for the signature it’s not there. So my answer
will be yes. If I use other clients the DKIM is there.



 

 
 
 
 
—
Remo
 

 
 
 
 
 
>  
>  
> On Saturday, Dec 14, 2019 at 21:47, Erics mail 
> wrote:
>  
> Does it stop the qmail server from signing a message?
>  
>  
>  
> Get Outlook for Android <https://aka.ms/ghei36>
>  
>  
>  
> 
> 
>  
> On Sat, Dec 14, 2019 at 10:40 PM -0700, "Remo Mattei"  wrote:
>  
>  
>>  
>>
>>  
>> You are right Eric, I was just refering to Apple Mail client as it does not
>> set DKIM on the msg.  Different issue.
>>  
>> 
>>  
>>  
>>  
>>  
>> —
>> Remo
>>  
>> 
>>  
>>  
>>  
>>  
>>  
>>>  
>>>  
>>> On Saturday, Dec 14, 2019 at 21:32, Erics mail 
>>> wrote:
>>>  
>>> Is apple mail a client? Not sure how that will stop the server from signing
>>> an email. 
>>>  
>>>  
>>>  
>>> Get Outlook for Android <https://aka.ms/ghei36>
>>>  
>>>  
>>>  
>>> 
>>> 
>>>  
>>> On Sat, Dec 14, 2019 at 6:08 PM -0700, "Remo Mattei" 
>>> wrote:
>>>  
>>>  
>>>>  
>>>>
>>>>  
>>>>  I found that if you use Apple Mail it will not sign it. Just my 2 cents on
>>>> that.
>>>> 
>>>> 
>>>>  
>>>> 
>>>>  
>>>>  
>>>>  
>>>>  
>>>> —
>>>> Remo
>>>>  
>>>> 
>>>>  
>>>>  
>>>>  
>>>>  
>>>>  
>>>>>  
>>>>>  
>>>>> On Saturday, Dec 14, 2019 at 16:43, Eric Broch 
>>>>> wrote:
>>>>>  
>>>>>  
>>>>> 
>>>>> Do you have a directory /var/qmail/control/dkim?
>>>>>  
>>>>> 
>>>>> What's in that directory if it exists?
>>>>>  
>>>>>  
>>>>> On 12/13/2019 10:20 AM, Jaime Lerner wrote:
>>>>>  
>>>>>  
>>>>>>   
>>>>>> I was doing some testing and every test is showing my DKIM is not signed.
>>>>>> It used to be signed when I set it up in 2016, but I'm thinking something
>>>>>> has changed since then? I followed this
>>>>>> http://wiki.qmailtoaster.com/index.php/How_to_Setup_DKIM_with_Qmail_Toast
>>>>>> er at the time, but I can see that the VERSION of DKIM is now required
>>>>>> and may not have been required at the time. I updated my DNS to include
>>>>>> the "v=DKIM1" tag, but I don't know how to add the "v=1" tag to the
>>>>>> signature that is generated out of Qmail. Where can I change the tags
>>>>>> that are generated?
>>>>>>  
>>>>>> 
>>>>>>  
>>>>>>  
>>>>>> It's also signing as "DomainKey-Signature" and not "DKIM-Signature" which
>>>>>> I believe is the new header to use? (Generated header below)
>>>>>>  
>>>>>> 
>>>>>>  
>>>>>>  
>>>>>>  
>>>>>> DomainKey-Signature: a=rsa-sha1; q=dns; c=nofws; s=private;
>>>>>> d=geekgoddess.com;
>>>>>> b=MoE5S1hg4Oii5QddaknpLRwvr6BLFjRxGb6yqFQyTbqOegkhbUiIbKKQNF1/CXabl5rSwJ6
>>>>>> 0MTkOwKKQGJBzKL9XFlgbKw1pyPfep5D/vTrcMvxXdFjNWOYq3rZgbbnUjQh4yJc9H5XZHAnv
>>>>>> ZJOnNfkjQoAk7lZ+mTiZ1zomiKM=;
>>>>>>  
>>>>>>  
>>>>>> 
>>>>>>  
>>>>>>  
>>>>>  
>>>>>  
>>>>>  
>>>>   
>>>>  
>>>  
>>>  
>>>  
>>>  
>>   
>>  
>  
>  
>  
>

Re: [qmailtoaster] DKIM not signed?

2019-12-14 Thread Remo Mattei 
Well when I check google for the signature it’s not there. So my answer will be 
yes. If I use other clients the DKIM is there.

—
Remo

> On Saturday, Dec 14, 2019 at 21:47, Erics mail  (mailto:ebr...@whitehorsetc.com)> wrote:
> Does it stop the qmail server from signing a message?
>
> Get Outlook for Android (https://aka.ms/ghei36)
>
>
>
> On Sat, Dec 14, 2019 at 10:40 PM -0700, "Remo Mattei"  (mailto:r...@mattei.org)> wrote:
>
> > You are right Eric, I was just refering to Apple Mail client as it does not 
> > set DKIM on the msg. Different issue.
> >
> > —
> > Remo
> >
> > > On Saturday, Dec 14, 2019 at 21:32, Erics mail  > > (mailto:ebr...@whitehorsetc.com)> wrote:
> > > Is apple mail a client? Not sure how that will stop the server from 
> > > signing an email.
> > >
> > > Get Outlook for Android (https://aka.ms/ghei36)
> > >
> > >
> > >
> > > On Sat, Dec 14, 2019 at 6:08 PM -0700, "Remo Mattei"  > > (mailto:r...@mattei.org)> wrote:
> > >
> > > > I found that if you use Apple Mail it will not sign it. Just my 2 cents 
> > > > on that.
> > > >
> > > >
> > > >
> > > > —
> > > > Remo
> > > >
> > > > > On Saturday, Dec 14, 2019 at 16:43, Eric Broch 
> > > > > mailto:ebr...@whitehorsetc.com)> wrote:
> > > > >
> > > > > Do you have a directory /var/qmail/control/dkim?
> > > > >
> > > > >
> > > > > What's in that directory if it exists?
> > > > >
> > > > >
> > > > > On 12/13/2019 10:20 AM, Jaime Lerner wrote:
> > > > > > I was doing some testing and every test is showing my DKIM is not 
> > > > > > signed. It used to be signed when I set it up in 2016, but I'm 
> > > > > > thinking something has changed since then? I followed this 
> > > > > > http://wiki.qmailtoaster.com/index.php/How_to_Setup_DKIM_with_Qmail_Toaster
> > > > > >  at the time, but I can see that the VERSION of DKIM is now 
> > > > > > required and may not have been required at the time. I updated my 
> > > > > > DNS to include the "v=DKIM1" tag, but I don't know how to add the 
> > > > > > "v=1" tag to the signature that is generated out of Qmail. Where 
> > > > > > can I change the tags that are generated?
> > > > > >
> > > > > > It's also signing as "DomainKey-Signature" and not "DKIM-Signature" 
> > > > > > which I believe is the new header to use? (Generated header below)
> > > > > >
> > > > > > DomainKey-Signature: a=rsa-sha1; q=dns; c=nofws; s=private; 
> > > > > > d=geekgoddess.com; 
> > > > > > b=MoE5S1hg4Oii5QddaknpLRwvr6BLFjRxGb6yqFQyTbqOegkhbUiIbKKQNF1/CXabl5rSwJ60MTkOwKKQGJBzKL9XFlgbKw1pyPfep5D/vTrcMvxXdFjNWOYq3rZgbbnUjQh4yJc9H5XZHAnvZJOnNfkjQoAk7lZ+mTiZ1zomiKM=;
> > > > > >

Re: [qmailtoaster] DKIM not signed?

2019-12-14 Thread Eric"s mail 
Does it stop the qmail server from signing a message?




Get Outlook for Android







On Sat, Dec 14, 2019 at 10:40 PM -0700, "Remo Mattei"  wrote:










 You are right Eric, I was just refering to Apple Mail client as it does 
not set DKIM on the msg.  Different issue. 
—
Remo 
   On Saturday, Dec 14, 2019 at 21:32, Erics mail  
wrote:
 Is apple mail a client? Not sure how that will stop the server from signing an 
email. 
 
  Get Outlook for Android 
  


 On Sat, Dec 14, 2019 at 6:08 PM -0700, "Remo Mattei"  wrote:
 
   I found that if you use Apple Mail it will not sign it. Just my 2 cents 
on that.

 
—
Remo 
   On Saturday, Dec 14, 2019 at 16:43, Eric Broch  
wrote:
  

Do you have a directory /var/qmail/control/dkim? 

What's in that directory if it exists?
  On 12/13/2019 10:20 AM, Jaime Lerner wrote:
I was doing some testing and every test is showing my DKIM is not signed. 
It used to be signed when I set it up in 2016, but I'm thinking something has 
changed since then? I followed this 
http://wiki.qmailtoaster.com/index.php/How_to_Setup_DKIM_with_Qmail_Toaster at 
the time, but I can see that the VERSION of DKIM is now required and may not 
have been required at the time. I updated my DNS to include the "v=DKIM1" tag, 
but I don't know how to add the "v=1" tag to the signature that is generated 
out of Qmail. Where can I change the tags that are generated? 
  It's also signing as "DomainKey-Signature" and not "DKIM-Signature" which I 
believe is the new header to use? (Generated header below) 
   DomainKey-Signature: a=rsa-sha1; q=dns; c=nofws; s=private; 
d=geekgoddess.com; 
b=MoE5S1hg4Oii5QddaknpLRwvr6BLFjRxGb6yqFQyTbqOegkhbUiIbKKQNF1/CXabl5rSwJ60MTkOwKKQGJBzKL9XFlgbKw1pyPfep5D/vTrcMvxXdFjNWOYq3rZgbbnUjQh4yJc9H5XZHAnvZJOnNfkjQoAk7lZ+mTiZ1zomiKM=;

Re: [qmailtoaster] DKIM not signed?

2019-12-14 Thread Remo Mattei 
You are right Eric, I was just refering to Apple Mail client as it does not set 
DKIM on the msg. Different issue.

—
Remo

> On Saturday, Dec 14, 2019 at 21:32, Erics mail  (mailto:ebr...@whitehorsetc.com)> wrote:
> Is apple mail a client? Not sure how that will stop the server from signing 
> an email.
>
> Get Outlook for Android (https://aka.ms/ghei36)
>
>
>
> On Sat, Dec 14, 2019 at 6:08 PM -0700, "Remo Mattei"  (mailto:r...@mattei.org)> wrote:
>
> > I found that if you use Apple Mail it will not sign it. Just my 2 cents on 
> > that.
> >
> >
> >
> > —
> > Remo
> >
> > > On Saturday, Dec 14, 2019 at 16:43, Eric Broch  > > (mailto:ebr...@whitehorsetc.com)> wrote:
> > >
> > > Do you have a directory /var/qmail/control/dkim?
> > >
> > >
> > > What's in that directory if it exists?
> > >
> > >
> > > On 12/13/2019 10:20 AM, Jaime Lerner wrote:
> > > > I was doing some testing and every test is showing my DKIM is not 
> > > > signed. It used to be signed when I set it up in 2016, but I'm thinking 
> > > > something has changed since then? I followed this 
> > > > http://wiki.qmailtoaster.com/index.php/How_to_Setup_DKIM_with_Qmail_Toaster
> > > >  at the time, but I can see that the VERSION of DKIM is now required 
> > > > and may not have been required at the time. I updated my DNS to include 
> > > > the "v=DKIM1" tag, but I don't know how to add the "v=1" tag to the 
> > > > signature that is generated out of Qmail. Where can I change the tags 
> > > > that are generated?
> > > >
> > > > It's also signing as "DomainKey-Signature" and not "DKIM-Signature" 
> > > > which I believe is the new header to use? (Generated header below)
> > > >
> > > > DomainKey-Signature: a=rsa-sha1; q=dns; c=nofws; s=private; 
> > > > d=geekgoddess.com; 
> > > > b=MoE5S1hg4Oii5QddaknpLRwvr6BLFjRxGb6yqFQyTbqOegkhbUiIbKKQNF1/CXabl5rSwJ60MTkOwKKQGJBzKL9XFlgbKw1pyPfep5D/vTrcMvxXdFjNWOYq3rZgbbnUjQh4yJc9H5XZHAnvZJOnNfkjQoAk7lZ+mTiZ1zomiKM=;
> > > >

Re: [qmailtoaster] DKIM not signed?

2019-12-14 Thread Eric"s mail 
Is apple mail a client? Not sure how that will stop the server from signing an 
email. 




Get Outlook for Android







On Sat, Dec 14, 2019 at 6:08 PM -0700, "Remo Mattei"  wrote:










  I found that if you use Apple Mail it will not sign it. Just my 2 cents 
on that.

 
—
Remo 
   On Saturday, Dec 14, 2019 at 16:43, Eric Broch  
wrote:
  

Do you have a directory /var/qmail/control/dkim? 

What's in that directory if it exists?
  On 12/13/2019 10:20 AM, Jaime Lerner wrote:
I was doing some testing and every test is showing my DKIM is not signed. 
It used to be signed when I set it up in 2016, but I'm thinking something has 
changed since then? I followed this 
http://wiki.qmailtoaster.com/index.php/How_to_Setup_DKIM_with_Qmail_Toaster at 
the time, but I can see that the VERSION of DKIM is now required and may not 
have been required at the time. I updated my DNS to include the "v=DKIM1" tag, 
but I don't know how to add the "v=1" tag to the signature that is generated 
out of Qmail. Where can I change the tags that are generated? 
  It's also signing as "DomainKey-Signature" and not "DKIM-Signature" which I 
believe is the new header to use? (Generated header below) 
   DomainKey-Signature: a=rsa-sha1; q=dns; c=nofws; s=private; 
d=geekgoddess.com; 
b=MoE5S1hg4Oii5QddaknpLRwvr6BLFjRxGb6yqFQyTbqOegkhbUiIbKKQNF1/CXabl5rSwJ60MTkOwKKQGJBzKL9XFlgbKw1pyPfep5D/vTrcMvxXdFjNWOYq3rZgbbnUjQh4yJc9H5XZHAnvZJOnNfkjQoAk7lZ+mTiZ1zomiKM=;

Re: [qmailtoaster] DKIM not signed?

2019-12-14 Thread Remo Mattei 
I found that if you use Apple Mail it will not sign it. Just my 2 cents on that.

—
Remo

> On Saturday, Dec 14, 2019 at 16:43, Eric Broch  (mailto:ebr...@whitehorsetc.com)> wrote:
>
> Do you have a directory /var/qmail/control/dkim?
>
>
> What's in that directory if it exists?
>
>
> On 12/13/2019 10:20 AM, Jaime Lerner wrote:
> > I was doing some testing and every test is showing my DKIM is not signed. 
> > It used to be signed when I set it up in 2016, but I'm thinking something 
> > has changed since then? I followed this 
> > http://wiki.qmailtoaster.com/index.php/How_to_Setup_DKIM_with_Qmail_Toaster 
> > at the time, but I can see that the VERSION of DKIM is now required and may 
> > not have been required at the time. I updated my DNS to include the 
> > "v=DKIM1" tag, but I don't know how to add the "v=1" tag to the signature 
> > that is generated out of Qmail. Where can I change the tags that are 
> > generated?
> >
> > It's also signing as "DomainKey-Signature" and not "DKIM-Signature" which I 
> > believe is the new header to use? (Generated header below)
> >
> > DomainKey-Signature: a=rsa-sha1; q=dns; c=nofws; s=private; 
> > d=geekgoddess.com; 
> > b=MoE5S1hg4Oii5QddaknpLRwvr6BLFjRxGb6yqFQyTbqOegkhbUiIbKKQNF1/CXabl5rSwJ60MTkOwKKQGJBzKL9XFlgbKw1pyPfep5D/vTrcMvxXdFjNWOYq3rZgbbnUjQh4yJc9H5XZHAnvZJOnNfkjQoAk7lZ+mTiZ1zomiKM=;
> >

Re: [qmailtoaster] DKIM not signed?

2019-12-14 Thread Eric Broch 

Do you have a directory /var/qmail/control/dkim?

What's in that directory if it exists?

On 12/13/2019 10:20 AM, Jaime Lerner wrote:
I was doing some testing and every test is showing my DKIM is not 
signed. It used to be signed when I set it up in 2016, but I'm 
thinking something has changed since then? I followed this 
http://wiki.qmailtoaster.com/index.php/How_to_Setup_DKIM_with_Qmail_Toaster at 
the time, but I can see that the VERSION of DKIM is now required and 
may not have been required at the time. I updated my DNS to include 
the "v=DKIM1" tag, but I don't know how to add the "v=1" tag to the 
signature that is generated out of Qmail. Where can I change the tags 
that are generated?


It's also signing as "DomainKey-Signature" and not "DKIM-Signature" 
which I believe is the new header to use? (Generated header below)


DomainKey-Signature: a=rsa-sha1; q=dns; c=nofws;
   s=private; d=geekgoddess.com;
   
b=MoE5S1hg4Oii5QddaknpLRwvr6BLFjRxGb6yqFQyTbqOegkhbUiIbKKQNF1/CXabl5rSwJ60MTkOwKKQGJBzKL9XFlgbKw1pyPfep5D/vTrcMvxXdFjNWOYq3rZgbbnUjQh4yJc9H5XZHAnvZJOnNfkjQoAk7lZ+mTiZ1zomiKM=;

[qmailtoaster] DKIM not signed?

2019-12-13 Thread Jaime Lerner 
I was doing some testing and every test is showing my DKIM is not signed. It
used to be signed when I set it up in 2016, but I'm thinking something has
changed since then? I followed this
http://wiki.qmailtoaster.com/index.php/How_to_Setup_DKIM_with_Qmail_Toaster
at the time, but I can see that the VERSION of DKIM is now required and may
not have been required at the time. I updated my DNS to include the
"v=DKIM1" tag, but I don't know how to add the "v=1" tag to the signature
that is generated out of Qmail. Where can I change the tags that are
generated?

It's also signing as "DomainKey-Signature" and not "DKIM-Signature" which I
believe is the new header to use? (Generated header below)

DomainKey-Signature: a=rsa-sha1; q=dns; c=nofws;
  s=private; d=geekgoddess.com;
  
b=MoE5S1hg4Oii5QddaknpLRwvr6BLFjRxGb6yqFQyTbqOegkhbUiIbKKQNF1/CXabl5rSwJ60MT
kOwKKQGJBzKL9XFlgbKw1pyPfep5D/vTrcMvxXdFjNWOYq3rZgbbnUjQh4yJc9H5XZHAnvZJOnNf
kjQoAk7lZ+mTiZ1zomiKM=;

Re: [qmailtoaster] DKIM and SPF configurations

2019-09-30 Thread Remo Mattei 
Agree with Eric. Not many are using DMARC. I also have it on my Spamassassin 
config. 

Remo 

> On Sep 28, 2019, at 10:28, Eric Broch  > wrote:
> 
> Hi Gary,
> 
> If you have spf, and dkim set up the only other thing you might do is add a 
> dmarc record and make sure all servers sending email are included in you spf 
> record. I decided to allow spamassassin to check dkim as well and don't think 
> it would be wise to reject email in absence of such a record.
> 
> Eric
> 
> 
> On Fri, Sep 27, 2019 at 8:07 AM Gary Bowling  > wrote:
> 
> 
> The recent questions about setting up DKIM prompted me to review my setup and 
> see if I needed to tighten things up a bit. ALL of my config surrounding 
> these things is very old, so what are the best practices in 2019?
> 
> 
> 
> On the receiving side of things, my server has spfbehavior set to 2 and I 
> believe the default is 3. I seem to recall many years ago having problems 
> rejecting email, that I didn't want rejected, with it set to 3. But that's 
> been so long ago, it's not worth considering. Do most of you have it set to 
> 3? And have you had any problems with that if you do?
> 
> 
> 
> For DKIM receiving, I'm doing that in spamassassin/spamd. But it appears that 
> spamassassin just assigns a score if there is a DKIM_INVALID situation and 
> that score seems to be pretty low. Is   this really the right way to 
> handle receiving messages where DKIM is concerned? I'm sure there is a way to 
> increase the DKIM_INVALID score, but not sure of the ramifications of that. 
> Do any of you change those settings? Or do DKIM checking somewhere else for 
> improvements?
> 
> 
> 
> On the outbound side of things. 
> 
> For my DNS, I have SPF records that have been there for years, that affects 
> other domains receiving mail from my server. So not sure how much good it 
> does, but it's there.
> 
> 
> 
> I do not have DKIM set up. Many years ago it seemed pretty useless from what 
> I read, so I didn't bother with it. From what I understand, if the receiving 
> end doesn't check for DKIM, then it does nothing. Or like in my servers case, 
> it just adds a tiny bit of score to spamassasin, so minimal help. But maybe 
> enough are doing something more robust now for it to be useful. Maybe I 
> should implement this now?
> 
> 
> 
> What are everyone's thoughts on all this in 2019? Should I be doing stricter 
> checking of spf? Does DKIM actually provide a useful service? And are there 
> better ways to handle DKIM checking?
> 
> 
> 
> All discussion and help is greatly appreciated!
> 
> 
> 
> Thanks Gary 
> 
> -- 
> 
> Gary Bowling
> The Moderns on Spotify  
> 
> - To 
> unsubscribe, e-mail: qmailtoaster-list-unsubscr...@qmailtoaster.com 
>  For additional 
> commands, e-mail: qmailtoaster-list-h...@qmailtoaster.com 
>

Re: [qmailtoaster] DKIM and SPF configurations

2019-09-29 Thread Eric Broch 
The latest qmail implementation (development tree) has a spam throttle (not
tested) which you can read about here (http://spamthrottle.qmail.ca) to see
if it will fit your needs.
Eric

On Sun, Sep 29, 2019 at 2:23 AM Tahnan Al Anas  wrote:

> Hi Eric,
>
> Is there any way we can implement per hour mail limit per user per domain?
> Exim has this feature.
>
>
> --
> --
>
> Best Regards
> Muhammad Tahnan Al Anas
>
>
> On Sat, Sep 28, 2019 at 11:29 PM Eric Broch  wrote:
>
>> Hi Gary,
>>
>> If you have spf, and dkim set up the only other thing you might do is add
>> a dmarc record and make sure all servers sending email are included in you
>> spf record. I decided to allow spamassassin to check dkim as well and don't
>> think it would be wise to reject email in absence of such a record.
>>
>> Eric
>>
>> On Fri, Sep 27, 2019 at 8:07 AM Gary Bowling  wrote:
>>
>>>
>>> The recent questions about setting up DKIM prompted me to review my
>>> setup and see if I needed to tighten things up a bit. ALL of my config
>>> surrounding these things is very old, so what are the best practices in
>>> 2019?
>>>
>>>
>>> On the receiving side of things, my server has spfbehavior set to 2 and
>>> I believe the default is 3. I seem to recall many years ago having problems
>>> rejecting email, that I didn't want rejected, with it set to 3. But that's
>>> been so long ago, it's not worth considering. Do most of you have it set to
>>> 3? And have you had any problems with that if you do?
>>>
>>>
>>> For DKIM receiving, I'm doing that in spamassassin/spamd. But it appears
>>> that spamassassin just assigns a score if there is a DKIM_INVALID situation
>>> and that score seems to be pretty low. Is this really the right way to
>>> handle receiving messages where DKIM is concerned? I'm sure there is a way
>>> to increase the DKIM_INVALID score, but not sure of the ramifications of
>>> that. Do any of you change those settings? Or do DKIM checking somewhere
>>> else for improvements?
>>>
>>>
>>> On the outbound side of things.
>>>
>>> For my DNS, I have SPF records that have been there for years, that
>>> affects other domains receiving mail from my server. So not sure how much
>>> good it does, but it's there.
>>>
>>>
>>> I do not have DKIM set up. Many years ago it seemed pretty useless from
>>> what I read, so I didn't bother with it. From what I understand, if the
>>> receiving end doesn't check for DKIM, then it does nothing. Or like in my
>>> servers case, it just adds a tiny bit of score to spamassasin, so minimal
>>> help. But maybe enough are doing something more robust now for it to be
>>> useful. Maybe I should implement this now?
>>>
>>>
>>> What are everyone's thoughts on all this in 2019? Should I be doing
>>> stricter checking of spf? Does DKIM actually provide a useful service? And
>>> are there better ways to handle DKIM checking?
>>>
>>>
>>> All discussion and help is greatly appreciated!
>>>
>>>
>>> Thanks Gary
>>> --
>>> 
>>> Gary Bowling
>>> The Moderns on Spotify
>>> 
>>> 
>>> - To
>>> unsubscribe, e-mail: qmailtoaster-list-unsubscr...@qmailtoaster.com For
>>> additional commands, e-mail: qmailtoaster-list-h...@qmailtoaster.com
>>
>>

Re: [qmailtoaster] DKIM and SPF configurations

2019-09-29 Thread Tahnan Al Anas 
Hi Eric,

Is there any way we can implement per hour mail limit per user per domain?
Exim has this feature.


--
--

Best Regards
Muhammad Tahnan Al Anas


On Sat, Sep 28, 2019 at 11:29 PM Eric Broch  wrote:

> Hi Gary,
>
> If you have spf, and dkim set up the only other thing you might do is add
> a dmarc record and make sure all servers sending email are included in you
> spf record. I decided to allow spamassassin to check dkim as well and don't
> think it would be wise to reject email in absence of such a record.
>
> Eric
>
> On Fri, Sep 27, 2019 at 8:07 AM Gary Bowling  wrote:
>
>>
>> The recent questions about setting up DKIM prompted me to review my setup
>> and see if I needed to tighten things up a bit. ALL of my config
>> surrounding these things is very old, so what are the best practices in
>> 2019?
>>
>>
>> On the receiving side of things, my server has spfbehavior set to 2 and I
>> believe the default is 3. I seem to recall many years ago having problems
>> rejecting email, that I didn't want rejected, with it set to 3. But that's
>> been so long ago, it's not worth considering. Do most of you have it set to
>> 3? And have you had any problems with that if you do?
>>
>>
>> For DKIM receiving, I'm doing that in spamassassin/spamd. But it appears
>> that spamassassin just assigns a score if there is a DKIM_INVALID situation
>> and that score seems to be pretty low. Is this really the right way to
>> handle receiving messages where DKIM is concerned? I'm sure there is a way
>> to increase the DKIM_INVALID score, but not sure of the ramifications of
>> that. Do any of you change those settings? Or do DKIM checking somewhere
>> else for improvements?
>>
>>
>> On the outbound side of things.
>>
>> For my DNS, I have SPF records that have been there for years, that
>> affects other domains receiving mail from my server. So not sure how much
>> good it does, but it's there.
>>
>>
>> I do not have DKIM set up. Many years ago it seemed pretty useless from
>> what I read, so I didn't bother with it. From what I understand, if the
>> receiving end doesn't check for DKIM, then it does nothing. Or like in my
>> servers case, it just adds a tiny bit of score to spamassasin, so minimal
>> help. But maybe enough are doing something more robust now for it to be
>> useful. Maybe I should implement this now?
>>
>>
>> What are everyone's thoughts on all this in 2019? Should I be doing
>> stricter checking of spf? Does DKIM actually provide a useful service? And
>> are there better ways to handle DKIM checking?
>>
>>
>> All discussion and help is greatly appreciated!
>>
>>
>> Thanks Gary
>> --
>> 
>> Gary Bowling
>> The Moderns on Spotify
>> 
>> 
>> - To
>> unsubscribe, e-mail: qmailtoaster-list-unsubscr...@qmailtoaster.com For
>> additional commands, e-mail: qmailtoaster-list-h...@qmailtoaster.com
>
>

Re: [qmailtoaster] DKIM and SPF configurations

2019-09-28 Thread Eric Broch 
Hi Gary,

If you have spf, and dkim set up the only other thing you might do is add a
dmarc record and make sure all servers sending email are included in you
spf record. I decided to allow spamassassin to check dkim as well and don't
think it would be wise to reject email in absence of such a record.

Eric

On Fri, Sep 27, 2019 at 8:07 AM Gary Bowling  wrote:

>
> The recent questions about setting up DKIM prompted me to review my setup
> and see if I needed to tighten things up a bit. ALL of my config
> surrounding these things is very old, so what are the best practices in
> 2019?
>
>
> On the receiving side of things, my server has spfbehavior set to 2 and I
> believe the default is 3. I seem to recall many years ago having problems
> rejecting email, that I didn't want rejected, with it set to 3. But that's
> been so long ago, it's not worth considering. Do most of you have it set to
> 3? And have you had any problems with that if you do?
>
>
> For DKIM receiving, I'm doing that in spamassassin/spamd. But it appears
> that spamassassin just assigns a score if there is a DKIM_INVALID situation
> and that score seems to be pretty low. Is this really the right way to
> handle receiving messages where DKIM is concerned? I'm sure there is a way
> to increase the DKIM_INVALID score, but not sure of the ramifications of
> that. Do any of you change those settings? Or do DKIM checking somewhere
> else for improvements?
>
>
> On the outbound side of things.
>
> For my DNS, I have SPF records that have been there for years, that
> affects other domains receiving mail from my server. So not sure how much
> good it does, but it's there.
>
>
> I do not have DKIM set up. Many years ago it seemed pretty useless from
> what I read, so I didn't bother with it. From what I understand, if the
> receiving end doesn't check for DKIM, then it does nothing. Or like in my
> servers case, it just adds a tiny bit of score to spamassasin, so minimal
> help. But maybe enough are doing something more robust now for it to be
> useful. Maybe I should implement this now?
>
>
> What are everyone's thoughts on all this in 2019? Should I be doing
> stricter checking of spf? Does DKIM actually provide a useful service? And
> are there better ways to handle DKIM checking?
>
>
> All discussion and help is greatly appreciated!
>
>
> Thanks Gary
> --
> 
> Gary Bowling
> The Moderns on Spotify 
> 
> - To
> unsubscribe, e-mail: qmailtoaster-list-unsubscr...@qmailtoaster.com For
> additional commands, e-mail: qmailtoaster-list-h...@qmailtoaster.com

[qmailtoaster] DKIM and SPF configurations

2019-09-27 Thread Gary Bowling 

  
  


The recent questions about setting up DKIM prompted me to review
  my setup and see if I needed to tighten things up a bit. ALL of my
  config surrounding these things is very old, so what are the best
  practices in 2019?



On the receiving side of things, my server has spfbehavior set to
  2 and I believe the default is 3. I seem to recall many years ago
  having problems rejecting email, that I didn't want rejected, with
  it set to 3. But that's been so long ago, it's not worth
  considering. Do most of you have it set to 3? And have you had any
  problems with that if you do?


For DKIM receiving, I'm doing that in spamassassin/spamd. But it
  appears that spamassassin just assigns a score if there is a
  DKIM_INVALID situation and that score seems to be pretty low. Is
  this really the right way to handle receiving messages where DKIM
  is concerned? I'm sure there is a way to increase the DKIM_INVALID
  score, but not sure of the ramifications of that. Do any of you
  change those settings? Or do DKIM checking somewhere else for
  improvements?



On the outbound side of things. 

For my DNS, I have SPF records that have been there for years,
  that affects other domains receiving mail from my server. So not
  sure how much good it does, but it's there.



I do not have DKIM set up. Many years ago it seemed pretty
  useless from what I read, so I didn't bother with it. From what I
  understand, if the receiving end doesn't check for DKIM, then it
  does nothing. Or like in my servers case, it just adds a tiny bit
  of score to spamassasin, so minimal help. But maybe enough are
  doing something more robust now for it to be useful. Maybe I
  should implement this now?



What are everyone's thoughts on all this in 2019? Should I be
  doing stricter checking of spf? Does DKIM actually provide a
  useful service? And are there better ways to handle DKIM checking?


All discussion and help is greatly appreciated!


Thanks Gary 

-- 
  
  Gary Bowling
   The
Moderns on Spotify 
  

  


-
To unsubscribe, e-mail: qmailtoaster-list-unsubscr...@qmailtoaster.com
For additional commands, e-mail: qmailtoaster-list-h...@qmailtoaster.com

Re: [qmailtoaster] DKIM after upgrade

2019-09-15 Thread Eric Broch 

This is the fix if issues occur:

# yum --enablerepo=qmt-testing clean all  &&  yum -y reinstall 
--enablerepo=qmt-testing qmail


# cd /root

# wget https://raw.githubusercontent.com/qmtoaster/dkim/master/qmail-remote
# qmailctl stop
# mv /var/qmail/bin/qmail-remote /var/qmail/bin/qmail-remote.orig && mv 
qmail-remote /var/qmail/bin && chmod 777 /var/qmail/bin/qmail-remote && 
chown root:qmail /var/qmail/bin/qmail-remote

# qmailctl start


On 9/15/2019 9:03 AM, Remo Mattei wrote:

Thanks Eric,
I have it already, looks like mail works fine outlook is stuck on 
sending out mail.


Not sure what could be the issue.

Will dig.

Remo

On Sep 15, 2019, at 07:55, Eric Broch > wrote:


cat /var/qmail/bin/qmail-remote

Re: [qmailtoaster] DKIM after upgrade

2019-09-15 Thread Remo Mattei 
Thanks Eric, 
I have it already, looks like mail works fine outlook is stuck on sending out 
mail. 

Not sure what could be the issue. 

Will dig.

Remo 

> On Sep 15, 2019, at 07:55, Eric Broch  wrote:
> 
> cat /var/qmail/bin/qmail-remote

Re: [qmailtoaster] DKIM after upgrade

2019-09-15 Thread Eric Broch 

# ls -l /var/qmail/bin/qmail-remote*
-rwxrwxrwx 1 root qmail  7545 Sep  9 20:41 /var/qmail/bin/qmail-remote
-rwx--x--x 1 root qmail 60320 Sep  9 20:37 /var/qmail/bin/qmail-remote.orig

https://raw.githubusercontent.com/qmtoaster/dkim/master/qmail-remote

# cat /var/qmail/bin/qmail-remote
#!/usr/bin/perl
#
# Copyright (C) 2007 Manuel Mausz (man...@mausz.at)
#
# This program is free software; you can redistribute it and/or
# modify it under the terms of the GNU General Public License
# as published by the Free Software Foundation; either
# version 2 of the License, or (at your option) any later
# version.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program; if not, write to the Free Software Foundation,
# Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.

use strict;
use warnings;
our $VERSION = '0.2';

use Mail::DKIM 0.29;
use Mail::DKIM::Signer;

# enable support for "pretty" signatures, if available
eval 'require Mail::DKIM::TextWrap';

=head
config file structure
 - missing settings will be merged from the global-node
 - domain-entry will also match its subdomains
 - create empty domain-node to omit signing (or specify "none" as id)


  
  keyfile="/var/qmail/control/dkim/global.key" method="simple" 
selector="beta">

    
  

  
  
    
    
  

  
  

=cut

my $configfile = undef;
$configfile    = '/var/qmail/control/dkim/signconf.xml';
my $debugfile  = undef;
#$debugfile    = '/tmp/dkim.debug';
my $qremote    = '/var/qmail/bin/qmail-remote.orig';
my $binary = 0;
our $config;
$config->{'global'} = {
  types => { dkim => {} },
  keyfile   => '/var/qmail/control/dkim/global.key',
  algorithm => 'rsa-sha256',
  method    => 'simple',
  selector  => 'beta',
  # either string or file (first line of file will be used)
  domain    => '/var/qmail/control/me'
};

#---

# read config file. safely
if (defined($configfile) && -r $configfile)
{
  eval 'use XML::Simple';
  if (!$@)
  {
    my $xmlconf;
    eval { $xmlconf = XMLin($configfile, ForceArray => ['types'], 
KeyAttr => ['id']); };

    qexit_deferral('Unable to read config file: ', $@)
  if ($@);
    ConfigMerge::merge($config, $xmlconf);
  }
}

# open debug file
my $debugfh = undef;
if (defined($debugfile))
{
  open($debugfh, '>', $debugfile)
    or qexit_deferral('Unable to open ', $debugfile, ' to writing: ', $!);
}

# generate signatures
my $dkim;
my $mailbuf = '';
eval
{
  my $conf = $config->{'global'};
  $dkim =  Mail::DKIM::Signer->new(
    Policy => 'MySignerPolicy',
    Debug_Canonicalization => $debugfh
  );

  if ($binary)
  {
    binmode STDIN;
  }

  while ()
  {
    $mailbuf .= $_;
    unless ($binary)
    {
  chomp $_;
  s/\015?$/\015\012/s;
    }
    $dkim->PRINT($_);
  }
  $dkim->CLOSE();
};
qexit_deferral('Error while signing: ', $@)
  if ($@);

# close debug file
close($debugfh)
  if (defined($debugfh));

# execute qmail-remote
unshift(@ARGV, $qremote);
open(QR, '|-') || exec { $ARGV[0] } @ARGV
  or qexit_deferral('Unable to run qmail-remote: ', $!);
foreach my $dkim_signature ($dkim->signatures)
{
  my $sig = $dkim_signature->as_string;
  $sig =~ s/\015\012\t/\012\t/g;
  print QR $sig."\012";
}
print QR $mailbuf;
close(QR);

#---

sub qexit
{
  print @_, "\0";
  exit(0);
}

sub qexit_deferral
{
  return qexit('Z', @_);
}

sub qexit_failure
{
  return qexit('D', @_);
}

sub qexit_success
{
  return qexit('K', @_);
}

#---

package ConfigMerge;

# merge config hashes. arrays and scalars will be copied.
sub merge
{
  my ($left, $right) = @_;
  foreach my $rkey (keys(%$right))
  {
    my $rtype = ref($right->{$rkey}) eq 'HASH' ? 'HASH'
  : ref($right->{$rkey}) eq 'ARRAY' ? 'ARRAY'
  : defined($right->{$rkey}) ? 'SCALAR'
  : '';
    my $ltype = ref($left->{$rkey}) eq 'HASH' ? 'HASH'
  : ref($left->{$rkey}) eq 'ARRAY' ? 'ARRAY'
  : defined($left->{$rkey}) ? 'SCALAR'
  : '';
    if ($rtype ne 'HASH' || $ltype ne 'HASH')
    {
  $left->{$rkey} = $right->{$rkey};
    }
    else
    {
  merge($left->{$rkey}, $right->{$rkey});
    }
  }
  return;
}

#---

package MySignerPolicy;
use Mail::DKIM::SignerPolicy;
use base 'Mail::DKIM::SignerPolicy';
use Mail::DKIM::Signature;
use Mail::DKIM::DkSignature;
use Carp;
use strict;
use warnings;

sub apply
{
  my ($self, $signer) = @_;
  my $domain = undef;
  $domain = lc($signer->message_sender->host)
    if

[qmailtoaster] DKIM after upgrade

2019-09-15 Thread Remo Mattei 
Hello all, 
I did have some issues with the upgrade looks like the repos where not in 
synced after the changes it worked, but looks like the upgrade also killed the 
DKIM, so I redownloaded the qmail-remote file and looks like outlook does not 
send mail anymore… Eric can you check and see if the file qmail-remote is the 
correct version for the new upgraded qmail:

qmailadmin-1.2.16-2.qt.el7.x86_64
qmailmrtg-4.2-3.qt.el7.x86_64
qmail-1.03-3.1.1.qt.el7.x86_64

Thanks 
-
To unsubscribe, e-mail: qmailtoaster-list-unsubscr...@qmailtoaster.com
For additional commands, e-mail: qmailtoaster-list-h...@qmailtoaster.com

Re: [qmailtoaster] DKIM vs domainkeys

2018-07-17 Thread Eric Broch 

Will do. I already did this on my own machines


On 7/17/2018 6:59 AM, Aleksander Podsiadły wrote:

DomainKeys standard (RFC-4870) is obsoleted by DKIM (RFC-4871,
obsoleted by RFC-6376).

IMHO shell script qmail-queue.pl.sh should be patched:
8<-- qmail-queue.pl.sh patch
--- old/qmail-queue.pl.sh   2018-07-17 14:33:27.0 +0200
+++ new/qmail-queue.pl.sh   2018-07-17 14:56:19.0 +0200
@@ -5,8 +5,7 @@
  if [ "${DKVERIFY+x}" ] ; then
tmp=`mktemp -t dk.verify.XXX`
cat - >"$tmp"
-   ( dktest -v < "$tmp" 2>&1 ; \
-   /usr/local/bin/dkimverify.pl  < "$tmp"  | sed 's/\r//'; \
+   ( /var/qmail/bin/dkimverify.pl  < "$tmp"  | sed 's/\r//'; \
[ "$TCPREMOTEIP" ] && printf 'X-Originating-IP:
'$TCPREMOTEIP'\n' ; \
cat "$tmp" ) | \
$DKQUEUE "$@"
8<-- EOT

* dtest is unnecessary,
* path of dkimverify.pl is different in instruction of instalation
DKIM.




--
Eric Broch
White Horse Technical Consulting (WHTC)


-
To unsubscribe, e-mail: qmailtoaster-list-unsubscr...@qmailtoaster.com
For additional commands, e-mail: qmailtoaster-list-h...@qmailtoaster.com

[qmailtoaster] DKIM vs domainkeys

2018-07-17 Thread Aleksander Podsiadły 
DomainKeys standard (RFC-4870) is obsoleted by DKIM (RFC-4871,
obsoleted by RFC-6376).

IMHO shell script qmail-queue.pl.sh should be patched:
8<-- qmail-queue.pl.sh patch
--- old/qmail-queue.pl.sh   2018-07-17 14:33:27.0 +0200
+++ new/qmail-queue.pl.sh   2018-07-17 14:56:19.0 +0200
@@ -5,8 +5,7 @@
 if [ "${DKVERIFY+x}" ] ; then
tmp=`mktemp -t dk.verify.XXX`
cat - >"$tmp"
-   ( dktest -v < "$tmp" 2>&1 ; \
-   /usr/local/bin/dkimverify.pl  < "$tmp"  | sed 's/\r//'; \
+   ( /var/qmail/bin/dkimverify.pl  < "$tmp"  | sed 's/\r//'; \
[ "$TCPREMOTEIP" ] && printf 'X-Originating-IP:
'$TCPREMOTEIP'\n' ; \
cat "$tmp" ) | \
$DKQUEUE "$@"
8<-- EOT

* dtest is unnecessary,
* path of dkimverify.pl is different in instruction of instalation
DKIM.


-- 
Pozdrawiam/Regards,
Aleksander Podsiadły


-
To unsubscribe, e-mail: qmailtoaster-list-unsubscr...@qmailtoaster.com
For additional commands, e-mail: qmailtoaster-list-h...@qmailtoaster.com

Re: [qmailtoaster] DKIM

2018-03-09 Thread Rodrigo Cortes 
Hey! the site is http://www.qmailtoaster.com/dkim.html

is .com not .org

:)

2018-03-09 15:06 GMT-03:00 Eric Broch :

> http://www.qmailtoaster.org/dkim.html
>
> On 3/9/2018 10:40 AM, Rodrigo Cortes wrote:
>
> Hey Eric!
>
> File Not Found The requested URL was not found on this server: /dkim.html
>
> :S
>
> 2018-03-09 14:39 GMT-03:00 Eric Broch :
>
>> Yes,
>>
>> http://qmailtoaster.org/dkim.html
>>
>>
>>
>> On 3/9/2018 10:33 AM, Rodrigo Cortes wrote:
>>
>>> Hi!!!
>>>
>>> Have some good how to for DKIM with QMAIL?
>>>
>>> Thx.
>>>
>>
>> --
>> Eric Broch
>> White Horse Technical Consulting (WHTC)
>>
>>
>> -
>> To unsubscribe, e-mail: qmailtoaster-list-unsubscr...@qmailtoaster.com
>> For additional commands, e-mail: qmailtoaster-list-h...@qmailtoaster.com
>>
>>
>
> --
> Eric Broch
> White Horse Technical Consulting (WHTC)
>
>

Re: [qmailtoaster] DKIM

2018-03-09 Thread Rodrigo Cortes 
Hey Eric!

File Not Found The requested URL was not found on this server: /dkim.html

:S

2018-03-09 14:39 GMT-03:00 Eric Broch :

> Yes,
>
> http://qmailtoaster.org/dkim.html
>
>
>
> On 3/9/2018 10:33 AM, Rodrigo Cortes wrote:
>
>> Hi!!!
>>
>> Have some good how to for DKIM with QMAIL?
>>
>> Thx.
>>
>
> --
> Eric Broch
> White Horse Technical Consulting (WHTC)
>
>
> -
> To unsubscribe, e-mail: qmailtoaster-list-unsubscr...@qmailtoaster.com
> For additional commands, e-mail: qmailtoaster-list-h...@qmailtoaster.com
>
>

Re: [qmailtoaster] DKIM

2018-03-09 Thread Eric Broch 

Yes,

http://qmailtoaster.org/dkim.html


On 3/9/2018 10:33 AM, Rodrigo Cortes wrote:

Hi!!!

Have some good how to for DKIM with QMAIL?

Thx.


--
Eric Broch
White Horse Technical Consulting (WHTC)


-
To unsubscribe, e-mail: qmailtoaster-list-unsubscr...@qmailtoaster.com
For additional commands, e-mail: qmailtoaster-list-h...@qmailtoaster.com

[qmailtoaster] DKIM

2018-03-09 Thread Rodrigo Cortes 
Hi!!!

Have some good how to for DKIM with QMAIL?

Thx.

Re: [qmailtoaster] DKIM

2017-12-16 Thread Eric Broch 

That's good to hear!

On 12/16/2017 7:34 AM, jin wrote:

Hi Eric
Yesterday night, i just change qmail server and worked with all 
domains. By the way, i used 1024 bit keys and a different selector.


Thank you so much

On 14 Dec 2017 12:55 p.m., "jin" > wrote:


Thank you Eric

Before i go further on that guide, let me ask that can i use this
solution to sign different domains ?

On 13 Dec 2017 11:27 p.m., "Eric Broch" > wrote:

Fatih,

DKIM: https://github.com/qmtoaster/dkim/blob/master/README.md




On 12/13/2017 1:07 PM, jin wrote:

Hi
I would like to enable dkim on our qmail server. It just
serves up te domain and i found a article how to achieve
that. The article i followed is publishing on :
"http://wiki.qmailtoaster.com/index.php/Domainkeys
"

My toaster works on CentOS6.8 and build number is
1.03-1.3.20.x86_64

I track down that article and trying to sign only outgoing
mails. I just realize that there are many different ways to
setup dkim support on qmail. Like replacing qmail-remote
executable file with scripted ones.

Can i ask that this wiki article is still usable on nowadays ?

When i finish my setup, i sent some mails and there was no
dkim signature.

How can i go further ?


Fatih



-- 
Eric Broch

White Horse Technical Consulting (WHTC)




--
Eric Broch
White Horse Technical Consulting (WHTC)

Re: [qmailtoaster] DKIM

2017-12-16 Thread jin 
Hi Eric
Yesterday night, i just change qmail server and worked with all domains. By
the way, i used 1024 bit keys and a different selector.

Thank you so much

On 14 Dec 2017 12:55 p.m., "jin" 
wrote:

Thank you Eric

Before i go further on that guide, let me ask that can i use this solution
to sign different domains ?

On 13 Dec 2017 11:27 p.m., "Eric Broch"  wrote:

> Fatih,
>
> DKIM: https://github.com/qmtoaster/dkim/blob/master/README.md
>
>
> On 12/13/2017 1:07 PM, jin wrote:
>
> Hi
> I would like to enable dkim on our qmail server. It just serves up te
> domain and i found a article how to achieve that. The article i followed is
> publishing on : "http://wiki.qmailtoaster.com/index.php/Domainkeys;
>
> My toaster works on CentOS6.8 and build number is 1.03-1.3.20.x86_64
>
> I track down that article and trying to sign only outgoing mails. I just
> realize that there are many different ways to setup dkim support on qmail.
> Like replacing qmail-remote executable file with scripted ones.
>
> Can i ask that this wiki article is still usable on nowadays ?
>
> When i finish my setup, i sent some mails and there was no dkim signature.
>
> How can i go further ?
>
>
> Fatih
>
>
> --
> Eric Broch
> White Horse Technical Consulting (WHTC)
>
>

Re: [qmailtoaster] DKIM

2017-12-15 Thread jin 
Thanks
I'm going to implement this solution and inform you.

On 15 Dec 2017 1:07 a.m., "Eric Broch"  wrote:

> Hi Fatih,
>
> Just got done testing. Here's what I did for domains (non-global).
>
> 1) # dknewkey /var/qmail/control/dkim/otherdomain.com.key >
> /var/qmail/control/dkim/otherdomain.com.txt
>
> 2) #  perl -pi -e 's/.key._domainkey//' /var/qmail/control/dkim/
> otherdomain.com.txt
>
> 3) # cat /var/qmail/control/dkim/otherdomain.com.txt
>
> otherdomain.comIN  TXT "k=rsa;
> p=**"
>
> 4) # vi /var/qmail/control/dkim/signconf.xml
>
> Add:
>
>keyfile="/var/qmail/control/dkim/otherdomain.com.key"
> selector="otherdomain.com">
> 
> 
>   
>
> So file looks like this:
>
> 
>   
>keyfile="/var/qmail/control/dkim/global.key" method="simple"
> selector="dkim1">
> 
>   
>keyfile="/var/qmail/control/dkim/otherdomain.com.key"
> selector="otherdomain.com">
> 
> 
>   
> 
>
>
> This worked for me.
>
>
> Eric
>
>
>
>
> On 12/14/2017 8:34 AM, Eric Broch wrote:
>
> Yes, this option is available, though I've never done it (but should take
> this as an opportunity to learn), by configuring your domain in the
> signconf.xml file.
>
> I'll take a look at this. If you get it figured out before me, please post.
>
> On 12/14/2017 2:55 AM, jin wrote:
>
> Thank you Eric
>
> Before i go further on that guide, let me ask that can i use this solution
> to sign different domains ?
>
> On 13 Dec 2017 11:27 p.m., "Eric Broch"  wrote:
>
>> Fatih,
>>
>> DKIM: https://github.com/qmtoaster/dkim/blob/master/README.md
>>
>>
>> On 12/13/2017 1:07 PM, jin wrote:
>>
>> Hi
>> I would like to enable dkim on our qmail server. It just serves up te
>> domain and i found a article how to achieve that. The article i followed is
>> publishing on : "http://wiki.qmailtoaster.com/index.php/Domainkeys;
>>
>> My toaster works on CentOS6.8 and build number is 1.03-1.3.20.x86_64
>>
>> I track down that article and trying to sign only outgoing mails. I just
>> realize that there are many different ways to setup dkim support on qmail.
>> Like replacing qmail-remote executable file with scripted ones.
>>
>> Can i ask that this wiki article is still usable on nowadays ?
>>
>> When i finish my setup, i sent some mails and there was no dkim
>> signature.
>>
>> How can i go further ?
>>
>>
>> Fatih
>>
>>
>> --
>> Eric Broch
>> White Horse Technical Consulting (WHTC)
>>
>>
> --
> Eric Broch
> White Horse Technical Consulting (WHTC)
>
>
> --
> Eric Broch
> White Horse Technical Consulting (WHTC)
>
>

Re: [qmailtoaster] DKIM

2017-12-14 Thread Eric Broch 

Hi Fatih,

Just got done testing. Here's what I did for domains (non-global).

1) # dknewkey /var/qmail/control/dkim/otherdomain.com.key > 
/var/qmail/control/dkim/otherdomain.com.txt


2) #  perl -pi -e 's/.key._domainkey//' 
/var/qmail/control/dkim/otherdomain.com.txt


3) # cat /var/qmail/control/dkim/otherdomain.com.txt

otherdomain.com    IN  TXT "k=rsa; 
p=**"


4) # vi /var/qmail/control/dkim/signconf.xml

Add:

  keyfile="/var/qmail/control/dkim/otherdomain.com.key" 
selector="otherdomain.com">

    
    
  

So file looks like this:


  
  keyfile="/var/qmail/control/dkim/global.key" method="simple" 
selector="dkim1">

    
  
  keyfile="/var/qmail/control/dkim/otherdomain.com.key" 
selector="otherdomain.com">

    
    
  



This worked for me.


Eric




On 12/14/2017 8:34 AM, Eric Broch wrote:


Yes, this option is available, though I've never done it (but should 
take this as an opportunity to learn), by configuring your domain in 
the signconf.xml file.


I'll take a look at this. If you get it figured out before me, please 
post.



On 12/14/2017 2:55 AM, jin wrote:

Thank you Eric

Before i go further on that guide, let me ask that can i use this 
solution to sign different domains ?


On 13 Dec 2017 11:27 p.m., "Eric Broch" > wrote:


Fatih,

DKIM: https://github.com/qmtoaster/dkim/blob/master/README.md




On 12/13/2017 1:07 PM, jin wrote:

Hi
I would like to enable dkim on our qmail server. It just serves
up te domain and i found a article how to achieve that. The
article i followed is publishing on :
"http://wiki.qmailtoaster.com/index.php/Domainkeys
"

My toaster works on CentOS6.8 and build number is 1.03-1.3.20.x86_64

I track down that article and trying to sign only outgoing
mails. I just realize that there are many different ways to
setup dkim support on qmail. Like replacing qmail-remote
executable file with scripted ones.

Can i ask that this wiki article is still usable on nowadays ?

When i finish my setup, i sent some mails and there was no dkim
signature.

How can i go further ?


Fatih



-- 
Eric Broch

White Horse Technical Consulting (WHTC)



--
Eric Broch
White Horse Technical Consulting (WHTC)


--
Eric Broch
White Horse Technical Consulting (WHTC)

Re: [qmailtoaster] DKIM

2017-12-14 Thread Eric Broch 
Yes, this option is available, though I've never done it (but should 
take this as an opportunity to learn), by configuring your domain in the 
signconf.xml file.


I'll take a look at this. If you get it figured out before me, please post.


On 12/14/2017 2:55 AM, jin wrote:

Thank you Eric

Before i go further on that guide, let me ask that can i use this 
solution to sign different domains ?


On 13 Dec 2017 11:27 p.m., "Eric Broch" > wrote:


Fatih,

DKIM: https://github.com/qmtoaster/dkim/blob/master/README.md




On 12/13/2017 1:07 PM, jin wrote:

Hi
I would like to enable dkim on our qmail server. It just serves
up te domain and i found a article how to achieve that. The
article i followed is publishing on :
"http://wiki.qmailtoaster.com/index.php/Domainkeys
"

My toaster works on CentOS6.8 and build number is 1.03-1.3.20.x86_64

I track down that article and trying to sign only outgoing mails.
I just realize that there are many different ways to setup dkim
support on qmail. Like replacing qmail-remote executable file
with scripted ones.

Can i ask that this wiki article is still usable on nowadays ?

When i finish my setup, i sent some mails and there was no dkim
signature.

How can i go further ?


Fatih



-- 
Eric Broch

White Horse Technical Consulting (WHTC)



--
Eric Broch
White Horse Technical Consulting (WHTC)

Re: [qmailtoaster] DKIM

2017-12-14 Thread jin 
Thank you Eric

Before i go further on that guide, let me ask that can i use this solution
to sign different domains ?

On 13 Dec 2017 11:27 p.m., "Eric Broch"  wrote:

> Fatih,
>
> DKIM: https://github.com/qmtoaster/dkim/blob/master/README.md
>
>
> On 12/13/2017 1:07 PM, jin wrote:
>
> Hi
> I would like to enable dkim on our qmail server. It just serves up te
> domain and i found a article how to achieve that. The article i followed is
> publishing on : "http://wiki.qmailtoaster.com/index.php/Domainkeys;
>
> My toaster works on CentOS6.8 and build number is 1.03-1.3.20.x86_64
>
> I track down that article and trying to sign only outgoing mails. I just
> realize that there are many different ways to setup dkim support on qmail.
> Like replacing qmail-remote executable file with scripted ones.
>
> Can i ask that this wiki article is still usable on nowadays ?
>
> When i finish my setup, i sent some mails and there was no dkim signature.
>
> How can i go further ?
>
>
> Fatih
>
>
> --
> Eric Broch
> White Horse Technical Consulting (WHTC)
>
>

Re: [qmailtoaster] DKIM

2017-12-13 Thread Eric Broch 

Fatih,

DKIM: https://github.com/qmtoaster/dkim/blob/master/README.md



On 12/13/2017 1:07 PM, jin wrote:

Hi
I would like to enable dkim on our qmail server. It just serves up te 
domain and i found a article how to achieve that. The article i 
followed is publishing on : 
"http://wiki.qmailtoaster.com/index.php/Domainkeys 
"


My toaster works on CentOS6.8 and build number is 1.03-1.3.20.x86_64

I track down that article and trying to sign only outgoing mails. I 
just realize that there are many different ways to setup dkim support 
on qmail. Like replacing qmail-remote executable file with scripted ones.


Can i ask that this wiki article is still usable on nowadays ?

When i finish my setup, i sent some mails and there was no dkim 
signature.


How can i go further ?


Fatih



--
Eric Broch
White Horse Technical Consulting (WHTC)

[qmailtoaster] DKIM

2017-12-13 Thread jin 
Hi
I would like to enable dkim on our qmail server. It just serves up te
domain and i found a article how to achieve that. The article i followed is
publishing on : "http://wiki.qmailtoaster.com/index.php/Domainkeys;

My toaster works on CentOS6.8 and build number is 1.03-1.3.20.x86_64

I track down that article and trying to sign only outgoing mails. I just
realize that there are many different ways to setup dkim support on qmail.
Like replacing qmail-remote executable file with scripted ones.

Can i ask that this wiki article is still usable on nowadays ?

When i finish my setup, i sent some mails and there was no dkim signature.

How can i go further ?


Fatih

[qmailtoaster] DKIM

2017-12-10 Thread jin 
Hi
I would like to enable dkim on our qmail server. It just serves up te
domain and i found a article how to achieve that. The article i followed is
publishing on : "http://wiki.qmailtoaster.com/index.php/Domainkeys;

My toaster works on CentOS6.8 and build number is 1.03-1.3.20.x86_64

I track down that article and trying to sign only outgoing mails. I just
realize that there are many different ways to setup dkim support on qmail.
Like replacing qmail-remote executable file with scripted ones.

Can i ask that this wiki article is still usable on nowadays ?

When i finish my setup, i sent some mails and there was no dkim signature.

How can i go further ?

Re: [qmailtoaster] Dkim headache

2017-02-03 Thread Andrew Swartz 
FYI... your messages which I am receiving from this list have a bad DKIM
signature, while messages from other gmail.com posters have good DKIM
signatures.

I'm attaching a snapshot of what "DKIM verifier" displays in Thunderbird.

Some listserves do modify the messages in such a way that all mail comes
through like this.  But yours are the only messages from this list that
do not verify (if they have a signature, that is).

-Andy


On 2/3/2017 7:01 AM, ktf4...@gmail.com wrote:
> I've try to contact one of the customer using my Gmail account and this
> mail was also rejected with the same 550 Error.  I start to think that
> they have big problems on their server and that my server is ok.
> 
> 
> Fabio
> 
> 
> In data 03 febbraio 2017 04:46:21 PM  ha scritto:
> 
>> I can ask,  for now all I know is that the server rejected our mail
>> with a
>> "550 Administrative Proibition" error.
>>
>> Fabio
>>
>>
>> In data 03 febbraio 2017 04:34:25 PM Eric Broch 
>> ha scritto:
>>
>>> Can you have the failing customers test the DKIM record for your domain
>>> from their mail servers with something like the following:
>>>
>>> # host -t txt private._domainkey.yourdomain.tld
>>>
>>>
>>> On 2/3/2017 7:54 AM, Fabio Mecchia wrote:
 DKIM-Result: fail (bad signature)
>>>
>>> -- 
>>> Eric Broch, IMSO, DAM, NGOO, DITH, URTS
>>> White Horse Technical Consulting (WHTC)
>>> 406.214.6802
>>>
>>>
>>> -
>>> To unsubscribe, e-mail: qmailtoaster-list-unsubscr...@qmailtoaster.com
>>> For additional commands, e-mail: qmailtoaster-list-h...@qmailtoaster.com
>>>
>>
>>
> 
> 
> 
> -
> To unsubscribe, e-mail: qmailtoaster-list-unsubscr...@qmailtoaster.com
> For additional commands, e-mail: qmailtoaster-list-h...@qmailtoaster.com
> 
> 

-- 
Andrew W. Swartz, MD
Departments of Emergency Medicine, Family Medicine, and Surgery
Yukon-Kuskokwim Delta Regional Hospital
Bethel, Alaska


smime.p7s
Description: S/MIME Cryptographic Signature

Re: [qmailtoaster] Dkim headache

2017-02-03 Thread ktf4517 
I've try to contact one of the customer using my Gmail account and this 
mail was also rejected with the same 550 Error.  I start to think that they 
have big problems on their server and that my server is ok.



Fabio


In data 03 febbraio 2017 04:46:21 PM  ha scritto:


I can ask,  for now all I know is that the server rejected our mail with a
"550 Administrative Proibition" error.

Fabio


In data 03 febbraio 2017 04:34:25 PM Eric Broch 
ha scritto:


Can you have the failing customers test the DKIM record for your domain
from their mail servers with something like the following:

# host -t txt private._domainkey.yourdomain.tld


On 2/3/2017 7:54 AM, Fabio Mecchia wrote:

DKIM-Result: fail (bad signature)


--
Eric Broch, IMSO, DAM, NGOO, DITH, URTS
White Horse Technical Consulting (WHTC)
406.214.6802


-
To unsubscribe, e-mail: qmailtoaster-list-unsubscr...@qmailtoaster.com
For additional commands, e-mail: qmailtoaster-list-h...@qmailtoaster.com








-
To unsubscribe, e-mail: qmailtoaster-list-unsubscr...@qmailtoaster.com
For additional commands, e-mail: qmailtoaster-list-h...@qmailtoaster.com

Re: [qmailtoaster] Dkim headache

2017-02-03 Thread ktf4517 
I can ask,  for now all I know is that the server rejected our mail with a 
"550 Administrative Proibition" error.


Fabio


In data 03 febbraio 2017 04:34:25 PM Eric Broch  
ha scritto:



Can you have the failing customers test the DKIM record for your domain
from their mail servers with something like the following:

# host -t txt private._domainkey.yourdomain.tld


On 2/3/2017 7:54 AM, Fabio Mecchia wrote:

DKIM-Result: fail (bad signature)


--
Eric Broch, IMSO, DAM, NGOO, DITH, URTS
White Horse Technical Consulting (WHTC)
406.214.6802


-
To unsubscribe, e-mail: qmailtoaster-list-unsubscr...@qmailtoaster.com
For additional commands, e-mail: qmailtoaster-list-h...@qmailtoaster.com





-
To unsubscribe, e-mail: qmailtoaster-list-unsubscr...@qmailtoaster.com
For additional commands, e-mail: qmailtoaster-list-h...@qmailtoaster.com

Re: [qmailtoaster] Dkim headache

2017-02-03 Thread Eric Broch 
Can you have the failing customers test the DKIM record for your domain 
from their mail servers with something like the following:


# host -t txt private._domainkey.yourdomain.tld


On 2/3/2017 7:54 AM, Fabio Mecchia wrote:

DKIM-Result: fail (bad signature)


--
Eric Broch, IMSO, DAM, NGOO, DITH, URTS
White Horse Technical Consulting (WHTC)
406.214.6802


-
To unsubscribe, e-mail: qmailtoaster-list-unsubscr...@qmailtoaster.com
For additional commands, e-mail: qmailtoaster-list-h...@qmailtoaster.com

[qmailtoaster] Dkim headache

2017-02-03 Thread Fabio Mecchia 
Hi again,
I'm having a big headache setting up the dkim on my company mail server.
I create a 1024 bit key and set up my dns records also with spf and dmarc.
I've checked it on various test tool:
- mail-tester.com gives me a 10/10 score
- dkimvalidator.com says my signature is valid and pass the test
- the keycheck at dkimcore.org says that my dkim record is valid
- test spf/dkim on mxtoolbox.com give me a valid result

 everything seems perfect 

BUT

- some of our customers are blocking our mail
- on a gmail account reading the headers of my mail  I found "dkim fail
with domain null"
- www.appmaildev.com/it/dkim reports me  "DKIM-Result: fail (bad signature)"
- mail test on en.internet.nl says that "a DKIM record (TXT) could not be
found" but it found the dmarc record (that I set up on dns a day later than
dkim)

Now are more than 36 hours from the last time I've changed a dns records so
I don't think that is a dns propagation problem.
Now I don't know what else I can do to properly setup my server

Thanks in advance
 Fabio Mecchia

[qmailtoaster] DKIM status verification of incoming email

2015-07-29 Thread fsantiago 

Hello all,

Is there a way to have qmail verify the DKIM status of incoming email 
and record the appropriate headers?


--

Fabe S.


-
To unsubscribe, e-mail: qmailtoaster-list-unsubscr...@qmailtoaster.com
For additional commands, e-mail: qmailtoaster-list-h...@qmailtoaster.com

[qmailtoaster] DKIM status

2015-03-26 Thread Fabian Santiago 
Is DKIM still not recommended to have deployed into the current QMT? and if
it's fine to use, where can I find current docs on implementing it? Thanks
guys.

-- 

- Sincerely,

Fabian S.

[qmailtoaster] DKIM usage

2014-09-12 Thread Eric Shubert 

Does DKIM use the _domainkey.mydomain.com DNS TXT record at all?

--
-Eric 'shubes'


-
To unsubscribe, e-mail: qmailtoaster-list-unsubscr...@qmailtoaster.com
For additional commands, e-mail: qmailtoaster-list-h...@qmailtoaster.com

  1   2   >