Installing DKIM with DA Exim 4.71

I can't receive emails from yahoo and gmail, any idea? Best Regards
 
Watch your exim rejectlog while sending email from both of them.

If that doesn't show you anything, then watch your exim mainlog while sending email from both of them.

Jeff
 
uncomment this line acl_check_dkim was the goal.
now all is working fine.
 
Hello guys, I just got to this forum becuase I was searching for dkim since google is blocking our emails and it's one of the things they suggested we implemente.

Are any of you having problems with google, that was solved using dkim ?

Thanks !
 
ooops, I read SPF tests (in general).

we did pass thier SPF tests, but I didn't even know they had a DKIM test. Going to look for it now :)

Thanks !
 
darn, actually spf test says I need ? instead of ~

Sorry if I ask in the wrong thread, but is this advisable to change to ?
 
That website is a good helper, but the template used in DA is fine (with mods).
Too bad it doesn't support IPv6 yet.

Regarding DKIM, there are no side effect if you configure it to only warn you, add points to the spam score, etc.
Make sure you indicate in your DNS that you're in testing mode and your mail should never get rejected.

An example of some spammer trying to make it look like he's Google...:
2011-01-13 05:15:15 1PdEah-xxx-5h H=(mail.petersenpainting.net) [173.10.28.74]:35492 I=[x]:25 temporarily rejected DKIM : DKIM Forgery: Unsigned message from [email protected]
2011-01-13 05:30:20 1PdEpI-000Nbi-6j DKIM Forgery: Known Signers rule : Domain:google.com, message from [email protected] to

He would have been blocked anyway (http://www.barracudacentral.org/reputation?pr=1&ip=173.10.28.74), but people using some less known servers could go through the blacklists, but not the DKIM tests.
 
Last edited:
Ive tested once again the first post setup.

Removed all dkim keys (private and public) and all dns entry genereted by the script and added just my main domain with dkim and made some test.

First test the dkim test passed.

So, i tryed to remove the dns entry and keys again and generated them again just for one domain (same as first test).

Tryed again to send an email to a different serveer and this time test failed (no other change was made).

So i tryed to remove the dns entry and keys 5 more times and the dkim test always fail.

Any suggestion?
 
Couze i didnt wanted to add DKIM for incoming emails, i just want to add DKIM for my domains who i host i did this.

1. Under driver = smtp

PHP:
dkim_domain = ${sender_address_domain}
  dkim_selector = x
  dkim_private_key = /etc/virtual/${lookup{$sender_address_domain}lsearch{/etc/virtual/domains}{$sender_address_domain}{ERROR}}/dkim.private.key
  dkim_canon = relaxed

2. Then i open notepad and paste this code

PHP:
#!/bin/bash
openssl genrsa -out /etc/virtual/$1/dkim.private.key 768
openssl rsa -in /etc/virtual/$1/dkim.private.key -out /etc/virtual/$1/dkim.public.key -pubout -outform PEM
chown mail:mail /etc/virtual/$1/*.key
echo
echo "x._domainkey.$1.       14400   IN      TXT     \"v=DKIM1; k=rsa; p=`cat /etc/virtual/$1/dkim.public.key|grep -v "\-\-\-\-\-"|sed ':a;N;$!ba;s/\n//g'`\"">>/var/named/$1.db
echo Domain $1, has been configured for DKIM signing.

3. save as dkim.sh , 755 mode in virtual dir.

4. Im noowbie, but i saw on one forum that i can run your script as

sh -x ./dkim mydomain.com

There are some errors, but i noticed that 2 files dkim.private.key and dkim.public.key exist now in domain folder.

*****************************************************
Questions:
1. I got chown mail:mail error?
2. Created files have root user as owner, should i change to mail user, since all files in domain folder have mail as user?

Regards
 
DKIM for mail relay

Hey Guys,

So I run a small ISP where our one directadmin box also acts as a mail relay for all the customers in our IP space. When a user sends mail they have no DKIM associated with them so it's hitting

2011-10-12 14:38:39 1RDnmJ-0001z7-Ac unable to open private key file for reading: /etc/virtual/ERROR/dkim.private.key

Rather than each and every client that uses us for outbound mail calling us and asking us to generate a key for them and asking for the public portion to add to their DNS, can I have a default one that sits in the file /ERROR/dkim.private.key and then all these users sit on this one shared key?

I tried it and I see messages get signed but when sending an email to gmail and checking the headers I see that DKIM= neurtral due to bad configuration.

So I have disabled the above said method and wondering if there is another way for me to do this or if I am close to sorting this out.

I need DKIM or domain keys to work as clients mail is ending up in yahoo junk mail boxes and sometimes gmail too.

look forward to a response and thanks in advance.

barry
 
Hello,
there is a (small but crucial error) in the first ACL script:
Code:
condition       = ${if eq {${lc:$dkim_verify_status}{pass} {true}{false}}}
Needs to be:
Code:
condition       = ${if eq {${lc:$dkim_verify_status}}{pass} {true}{false}}
Note the replacement of the bracket }
Else you'll see: temporarily rejected DKIM : invalid "condition" value "}"
in you're Mainlog.
 
Just in the last warn section or all? And in case is yes, why just the last?

Code:
        warn    add_header      = X-DKIM-Status: $dkim_verify_status [($dkim_cur_signer) - $sender_host_address]
                sender_domains  = $sender_address_domain:$dkim_signers
                dkim_signers    = $sender_address_domain:$dkim_signers
                dkim_status     = invalid
                condition       = ${if eq {${lc:$dkim_verify_status}{invalid}{true}{false}}}

        warn    add_header      = X-DKIM-Status: $dkim_verify_status [($dkim_cur_signer) - $sender_host_address]
                sender_domains  = $sender_address_domain:$dkim_signers
                dkim_signers    = $sender_address_domain:$dkim_signers
                dkim_status     = fail
                condition       = ${if eq {${lc:$dkim_verify_status}{fail}{true}{false}}}

        warn    add_header      = X-DKIM-Status: $dkim_verify_status [($dkim_cur_signer) - $sender_host_address]
                sender_domains  = $sender_address_domain:$dkim_signers
                dkim_signers    = $sender_address_domain:$dkim_signers
                dkim_status     = none
                condition       = ${if eq {${lc:$dkim_verify_status}{none}{true}{false}}}

        warn    add_header      = X-DKIM-Status: $dkim_verify_status [($dkim_cur_signer) - $sender_host_address]
                sender_domains  = $sender_address_domain:$dkim_signers
                dkim_signers    = $sender_address_domain:$dkim_signers
                dkim_status     = pass
                condition       = ${if eq {${lc:$dkim_verify_status}{pass}{true}{false}}}
        accept

Regards
 
Back
Top