Current time: 12-27-2024, 01:24 PM Hello There, Guest! (LoginRegister)


Post Reply 
DKIM with Postfix
Author Message
alecksievici Offline
Junior Member
*
Beta Team

Posts: 112
Joined: May 2008
Reputation: 0
Post: #1
DKIM with Postfix
Since some of us have problems with email being wrongly marked as spam on different servers (gmail/yahoo), i googled a little for postfix+dkim and stumbled upon these links:

http://anothersysadmin.wordpress.com/200...h-postfix/
http://dkimproxy.sourceforge.net/postfix...howto.html

since i am only a beginner in linux and do not have a test server i wondered if there is someone who could test dkim with postfix on an ispcp managed server and give us some feedback...
05-28-2009 07:28 PM
Visit this user's website Find all posts by this user Quote this message in a reply
alecksievici Offline
Junior Member
*
Beta Team

Posts: 112
Joined: May 2008
Reputation: 0
Post: #2
RE: DKIM with Postfix
since none answered i'l give you an update.
while googling for postfix+dkim i found and interesting tutorial on creating dkim on debian.

http://staff.blog.ui.ac.id/jp/2009/04/07...debian-50/

the tutorial is simple, just an apt-get install dkim-filter and edit a few files and voila: you have a dkim signed domain

the email gets signed, i sent a mail to myself and the signature appears but on yahoo & gmail the emails do not appear signed (maybe i have to wait for the dns entries to propagate), still it's a step forward Smile
(This post was last modified: 05-31-2009 10:40 PM by alecksievici.)
05-31-2009 10:39 PM
Visit this user's website Find all posts by this user Quote this message in a reply
Cube Offline
Member
***

Posts: 740
Joined: Apr 2007
Reputation: 9
Post: #3
RE: DKIM with Postfix
I recommend Amavis for DKIM signing and verification. But at the moment it does not help to reduce spam a lot.
05-31-2009 11:31 PM
Find all posts by this user Quote this message in a reply
alecksievici Offline
Junior Member
*
Beta Team

Posts: 112
Joined: May 2008
Reputation: 0
Post: #4
RE: DKIM with Postfix
(05-31-2009 11:31 PM)Cube Wrote:  I recommend Amavis for DKIM signing and verification. But at the moment it does not help to reduce spam a lot.

how can i do that? i guess i have to modify something in postfix's main.cf or master.cf

i'm using dkim to sign my domains so that they won't be marked as spam, i have a problem with this thing - http://www.isp-control.net/forum/thread-...l#pid54548

the dkim works, my emails get signed but there's a tiny little problem:

domainkeys=neutral (no sig)
dkim=permerror (no key)

any ideas how i can fix that??
06-01-2009 09:11 AM
Visit this user's website Find all posts by this user Quote this message in a reply
kilburn Offline
Development Team
*****
Dev Team

Posts: 2,182
Joined: Feb 2007
Reputation: 34
Post: #5
RE: DKIM with Postfix
Publishing the proper key in the domain's DNS zone?
06-02-2009 05:34 PM
Visit this user's website Find all posts by this user Quote this message in a reply
alecksievici Offline
Junior Member
*
Beta Team

Posts: 112
Joined: May 2008
Reputation: 0
Post: #6
RE: DKIM with Postfix
(06-02-2009 05:34 PM)kilburn Wrote:  Publishing the proper key in the domain's DNS zone?

you mean this:
mail._domainkey.domain.tld IN TXT "v=DKIM1; g=*; t=y; k=rsa; p=MIG...QAB"

already did that a few days ago when i installed dkim-filter...
is there any way to check if this has propagated into the dns?

i do a dig txt domain.tld, but it only shows the spf record

also, while looking on the internet on how to solve this problem i found something interesting: bind only accepts 256 chars/line and that could be a problem since the key is waaay longer than that (actually the hole line is 282 chars). is that true (the bind part)?
(This post was last modified: 06-02-2009 06:09 PM by alecksievici.)
06-02-2009 06:07 PM
Visit this user's website Find all posts by this user Quote this message in a reply
alecksievici Offline
Junior Member
*
Beta Team

Posts: 112
Joined: May 2008
Reputation: 0
Post: #7
RE: DKIM with Postfix
well since no one answered i googled again Smile

found that if you want to see if your dns entries have propagated you have to
Code:
dig txt selector._domainkey.domain.tld

in my case, for some odd reason the result is blank... but when i querry my server it shows up what it should.

i'm gonna read more about that 256 characters/line in bind files.

also besides managing to install dkim-filter (DKIM) and signing my emails i also managed to install dk-filter (DomainKeys) and sign my emails.

i hope to solve this problem and i might know where i've made a mistake, in the dns files where after selector._domainkey.domain.tld i didn't add a dot (.)

my dns line was looking like this
Code:
selector._domainkey.domain.tld IN TXT "v=DKIM1; g=*; t=y; k=rsa; p=..."
and it should've looked like this
Code:
selector._domainkey.domain.tld. IN TXT "v=DKIM1; g=*; t=y; k=rsa; p=..."
i hope it solves my problem...

LE: Success! I mean partial success because only DomainKeys is working for now.

EVEN LE: well... 100% success (mta151.mail.ac4.yahoo.com from=greenbit.ro; domainkeys=pass (ok); from=greenbit.ro; dkim=pass (ok)) for dkim+domainkeys, but i can surely tell you that yahoo SUCKS! They still mark my emails as spam :|

Question: since i successfuly setup domainkeys and dkim for one domain i just wanna know how can i do that for multiple domains. I've looked through the help files but they are really messy also google did not help me too much Sad
(This post was last modified: 06-04-2009 12:45 AM by alecksievici.)
06-03-2009 03:52 PM
Visit this user's website Find all posts by this user Quote this message in a reply
Towelie Offline
Junior Member
*

Posts: 11
Joined: Feb 2010
Reputation: 0
Post: #8
RE: DKIM with Postfix
Hello,

Sorry for reviving this thread after so long, but could someone tell me how to automate this so that it's applied every time a new user account is created in ispcp ?

Thanks in advance.
(This post was last modified: 02-18-2010 06:08 AM by Towelie.)
02-18-2010 06:04 AM
Find all posts by this user Quote this message in a reply
rbtux Offline
Moderator
*****
Moderators

Posts: 1,847
Joined: Feb 2007
Reputation: 33
Post: #9
RE: DKIM with Postfix
IspCP will need some sort of key management... (DKIM and also DNSSEC)

If you cannot change, revoke and rotate keys, it does not make much sense to use dkim or dnssec...
(This post was last modified: 02-18-2010 07:11 AM by rbtux.)
02-18-2010 07:10 AM
Visit this user's website Find all posts by this user Quote this message in a reply
Post Reply 


Forum Jump:


User(s) browsing this thread: 1 Guest(s)