ispCP - Board - Support
DKIM with Postfix - Printable Version

+- ispCP - Board - Support (
+-- Forum: ispCP Omega Development Area (/forum-1.html)
+--- Forum: Suggestions (/forum-2.html)
+--- Thread: DKIM with Postfix (/thread-6829.html)

DKIM with Postfix - alecksievici - 05-28-2009 07:28 PM

Since some of us have problems with email being wrongly marked as spam on different servers (gmail/yahoo), i googled a little for postfix+dkim and stumbled upon these links:

since i am only a beginner in linux and do not have a test server i wondered if there is someone who could test dkim with postfix on an ispcp managed server and give us some feedback...

RE: DKIM with Postfix - alecksievici - 05-31-2009 10:39 PM

since none answered i'l give you an update.
while googling for postfix+dkim i found and interesting tutorial on creating dkim on debian.

the tutorial is simple, just an apt-get install dkim-filter and edit a few files and voila: you have a dkim signed domain

the email gets signed, i sent a mail to myself and the signature appears but on yahoo & gmail the emails do not appear signed (maybe i have to wait for the dns entries to propagate), still it's a step forward Smile

RE: DKIM with Postfix - Cube - 05-31-2009 11:31 PM

I recommend Amavis for DKIM signing and verification. But at the moment it does not help to reduce spam a lot.

RE: DKIM with Postfix - alecksievici - 06-01-2009 09:11 AM

(05-31-2009 11:31 PM)Cube Wrote:  I recommend Amavis for DKIM signing and verification. But at the moment it does not help to reduce spam a lot.

how can i do that? i guess i have to modify something in postfix's or

i'm using dkim to sign my domains so that they won't be marked as spam, i have a problem with this thing -

the dkim works, my emails get signed but there's a tiny little problem:

domainkeys=neutral (no sig)
dkim=permerror (no key)

any ideas how i can fix that??

RE: DKIM with Postfix - kilburn - 06-02-2009 05:34 PM

Publishing the proper key in the domain's DNS zone?

RE: DKIM with Postfix - alecksievici - 06-02-2009 06:07 PM

(06-02-2009 05:34 PM)kilburn Wrote:  Publishing the proper key in the domain's DNS zone?

you mean this:
mail._domainkey.domain.tld IN TXT "v=DKIM1; g=*; t=y; k=rsa; p=MIG...QAB"

already did that a few days ago when i installed dkim-filter...
is there any way to check if this has propagated into the dns?

i do a dig txt domain.tld, but it only shows the spf record

also, while looking on the internet on how to solve this problem i found something interesting: bind only accepts 256 chars/line and that could be a problem since the key is waaay longer than that (actually the hole line is 282 chars). is that true (the bind part)?

RE: DKIM with Postfix - alecksievici - 06-03-2009 03:52 PM

well since no one answered i googled again Smile

found that if you want to see if your dns entries have propagated you have to
dig txt selector._domainkey.domain.tld

in my case, for some odd reason the result is blank... but when i querry my server it shows up what it should.

i'm gonna read more about that 256 characters/line in bind files.

also besides managing to install dkim-filter (DKIM) and signing my emails i also managed to install dk-filter (DomainKeys) and sign my emails.

i hope to solve this problem and i might know where i've made a mistake, in the dns files where after selector._domainkey.domain.tld i didn't add a dot (.)

my dns line was looking like this
selector._domainkey.domain.tld IN TXT "v=DKIM1; g=*; t=y; k=rsa; p=..."
and it should've looked like this
selector._domainkey.domain.tld. IN TXT "v=DKIM1; g=*; t=y; k=rsa; p=..."
i hope it solves my problem...

LE: Success! I mean partial success because only DomainKeys is working for now.

EVEN LE: well... 100% success (; domainkeys=pass (ok);; dkim=pass (ok)) for dkim+domainkeys, but i can surely tell you that yahoo SUCKS! They still mark my emails as spam :|

Question: since i successfuly setup domainkeys and dkim for one domain i just wanna know how can i do that for multiple domains. I've looked through the help files but they are really messy also google did not help me too much Sad

RE: DKIM with Postfix - Towelie - 02-18-2010 06:04 AM


Sorry for reviving this thread after so long, but could someone tell me how to automate this so that it's applied every time a new user account is created in ispcp ?

Thanks in advance.

RE: DKIM with Postfix - rbtux - 02-18-2010 07:10 AM

IspCP will need some sort of key management... (DKIM and also DNSSEC)

If you cannot change, revoke and rotate keys, it does not make much sense to use dkim or dnssec...