Directadmin 1.38.0 - Release Candidate 2

[SeLLeRoNe]

Ive a question about this nice feature of DKIM.

On the feature information i see this:

./dkim_create.sh domain.com

This will add an entry into dns, but, my question is, if a dkim dns entry already exist will delete the old one or just add a new line?

Regards

 

[SeLLeRoNe]

Ive added my own domain and made proper change to exim.conf

Sent an email and in Header i can see the DKIM Signature

DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=crazynetwork.it; s=x;
	h=Content-Type:Subject:To:MIME-Version:Reply-To:From:Date:Message-ID; bh=QX1UypwZgghYCIlUBbzQDyR8EOD0Rnavh7nQUn18Cac=;
	b=dOksnqJCStI3Ntnx2BN0xhSHkB3kQ+hbtPi3Za2tQocxsz1R0EqPi8mkundcGGRxaawCovY0MPATU5uQNjX13DPImCm4Vd5BY6fwiEBX9rQoOFSKzzNfwrV3RMxD4gFg;

But if i check DNS of the domain crazynetwork.it i cannot see any new entry for the DKIM (after 5mins from ./dkim_create.sh crazynetwork.it)

What i should check?

EDIT: FOUND THE PROBLEM I DIDNT ENABLE DKIM IN DIRECTAMIN CONFIGURATION.

Regards

 

[SeLLeRoNe]

Another "issue" not really important on working condition

Adding all domain to use DKIM using:

echo "action=rewrite&value=dkim" >> /usr/local/directadmin/data/task.queue

Generate this error:

TTL Override: Unable to read ./data/users/mhorpheox/domains/psplandia.it.conf : Unable to open ./data/users/mhorpheox/domains/psplandia.it.conf for reading.<br>

For each Domain pointer cause have no .conf file in user data /domains folder

That seems to dont compromize the funcionality, but, if a domain pointer become domain this will be automatic solved cause the funciont will be called again for the new domain

2) DA will call the script for newly created domains like this:

Regards

 

[SeLLeRoNe]

Noticed also that the script dkim_create.sh check if dkim keys already exist and if dont, will add keys and dns entry.

If keys files exist this script will not execute any command.

Very nice!

 

[DirectAdmin Support]

Hello,

if a dkim dns entry already exist will delete the old one or just add a new line?

It will delete the _domainkey, _domainkey.domain.com., x._domainkey, and x._domainkey.domain.com. TXT records before adding the 2 new ones.

I've just added a check for dkim=1 in the script. It will now tell you if the option isn't enabled.

Don't worry about this message

TTL Override: Unable to read ....

as it's only a debug output. It's not an actual error of significance. Nothing is aborted or changed as a result of that read failure.

I didn't consider domain pointers during the implementation, but now that you mention it, the script will use the same key as for the main domain, since the keys will already exist if the domain (or another pointer) have created the keys already.

I've been using the DKIM on a test domain for about a day now, and we are getting the "[verification succeeded]" on other exim boxes, so it looks as though it's working correctly.

John

 

[SeLLeRoNe]

Ive not exim box with dkim verify for check this if is correctly working but im going to build a test one today for verify dkim.

I had noticed that was just warning and didnt break anything so, thanks for confirm

if [ ! -e ${PRIV_KEY} ] || [ ! -e ${PUB_KEY} ]; then
        openssl genrsa -out ${PRIV_KEY} 768 2>&1
        openssl rsa -in ${PRIV_KEY} -out ${PUB_KEY} -pubout -outform PEM 2>&1
        chmod 600 ${PRIV_KEY} ${PUB_KEY}
        chown mail:mail ${PRIV_KEY} ${PUB_KEY}

Im not sure about what you sayd "It will delete the _domainkey, _domainkey.domain.com., x._domainkey, and x._domainkey.domain.com. TXT records before adding the 2 new ones."

From this part of the script seems that he check if files exist and create just if they doesn't... if they exist nothing will be executed.

Am i wrong? (im not a programmer but to me look like this )

 

[DirectAdmin Support]

Hello,

Correct. If the keys exist, new keys will not be generated.

However, lower down is the task.queue command which tells DA to add the current keys to the domain.com.db file. So if you run the script, the domain key TXT records will be reset. If they were already there, it will just reset them to the same value, so not a major issue.

John

 

[SeLLeRoNe]

Oh ok, perfect.

Many thanks for clarification

Best regards

 

[nobaloney]

Note that no changes are being made to SpamBlocker for DirectAdmin exim.conf Version 4 until after the feature comes out of beta. Please let us know if you're using the DKIM feature successfully with my Version 4 file.

Thanks.

Jeff

 

[SeLLeRoNe]

Actually yes, im using the feature with SP4, not for incoming email but just for sign the ougoing emails and seems to work correctly.

Still didnt check if receiver verify successful the email.

Ill let you know.

Regards

 

[nobaloney]

Yes, do let us know when you find out of it works on the receiving end.

Jeff

 

[propcgamer]

I would suggest sending an e-mail to gmail to test DKIM validation.

DKIM Core has a nice lookup utility that checks your dns record for validity.

Edit: I completely forgot to mention this great utility, if you send an e-mail to [email protected] they will automatically reply back if your SPF, DKIM, and DomainKeys validate correctly. They have more information on their site: http://www.port25.com/auth/

 

[SeLLeRoNe]

test passed:

This message is an automatic response from Port25's authentication verifier
service at verifier.port25.com.  The service allows email senders to perform
a simple check of various sender authentication mechanisms.  It is provided
free of charge, in the hope that it is useful to the email community.  While
it is not officially supported, we welcome any feedback you may have at
<[email protected]>.

Thank you for using the verifier,

The Port25 Solutions, Inc. team

==========================================================
Summary of Results
==========================================================
SPF check:          pass
DomainKeys check:   neutral
DKIM check:         pass
Sender-ID check:    pass
SpamAssassin check: ham

==========================================================
Details:
==========================================================

HELO hostname:  Orange01.CrazyNetwork.it
Source IP:      89.97.218.93
mail-from:      [email protected]

----------------------------------------------------------
SPF check details:
----------------------------------------------------------
Result:         pass 
ID(s) verified: [email protected]
DNS record(s):
    crazynetwork.it. SPF (no records)
    crazynetwork.it. 14400 IN TXT "v=spf1 a mx ip4:89.97.218.93 ~all"
    crazynetwork.it. 14400 IN A 89.97.218.93

----------------------------------------------------------
DomainKeys check details:
----------------------------------------------------------
Result:         neutral (message not signed)
ID(s) verified: [email protected]
DNS record(s):

----------------------------------------------------------
DKIM check details:
----------------------------------------------------------
Result:         pass (matches From: [email protected])
ID(s) verified: header.d=crazynetwork.it
Canonicalized Headers:
    content-type:multipart/related;'20'boundary="------------040204040904040305020709"'0D''0A'
    subject:dkim'20'test'0D''0A'
    to:[email protected]'0D''0A'
    mime-version:1.0'0D''0A'
    reply-to:[email protected]'0D''0A'
    from:Supporto'20'Tecnico'20'-'20'Crazy'20'Network'20'<[email protected]>'0D''0A'
    date:Sat,'20'12'20'Mar'20'2011'20'12:36:17'20'+0100'0D''0A'
    message-id:<[email protected]>'0D''0A'
    dkim-signature:v=1;'20'a=rsa-sha256;'20'q=dns/txt;'20'c=relaxed/relaxed;'20'd=crazynetwork.it;'20's=x;'20'h=Content-Type:Subject:To:MIME-Version:Reply-To:From:Date:Message-ID;'20'bh=Fr9lvpOaze4+zC8XaFJLrz3bQMBbRjHFTp0UR5Qfei4=;'20'b=;


 

DNS record(s):
    x._domainkey.crazynetwork.it. 14400 IN TXT "v=DKIM1; k=rsa; p=MHwwDQYJKoZIhvcNAQEBBQADawAwaAJhAMrIagucB4d1HKTjippnlBDjBMP4S2bZe1mEpSuAM40lcqUOHOakHETaEvwtyJjkUaFlj2pY1UFuRSHZY/uPBm+KWI53a9wLIrax1/rLDdr+vYM05udsildqivoJuV1PEwIDAQAB"

NOTE: DKIM checking has been performed based on the latest DKIM specs
(RFC 4871 or draft-ietf-dkim-base-10) and verification may fail for
older versions.  If you are using Port25's PowerMTA, you need to use
version 3.2r11 or later to get a compatible version of DKIM.

----------------------------------------------------------
Sender-ID check details:
----------------------------------------------------------
Result:         pass 
ID(s) verified: [email protected]
DNS record(s):
    crazynetwork.it. SPF (no records)
    crazynetwork.it. 14400 IN TXT "v=spf1 a mx ip4:89.97.218.93 ~all"
    crazynetwork.it. 14400 IN A 89.97.218.93

----------------------------------------------------------
SpamAssassin check details:
----------------------------------------------------------
SpamAssassin v3.2.5 (2008-06-10)

Result:         ham  (3.1 points, 5.0 required)

 pts rule name              description
---- ---------------------- --------------------------------------------------
 2.5 HEAD_LONG              Message headers are very long
 0.0 HTML_MESSAGE           BODY: HTML included in message
 1.8 HTML_IMAGE_ONLY_32     BODY: HTML: images with 2800-3200 bytes of words
 1.5 MIME_HTML_ONLY         BODY: Message only has text/html MIME parts
-2.6 BAYES_00               BODY: Bayesian spam probability is 0 to 1%
                            [score: 0.0000]

==========================================================
Explanation of the possible results (adapted from 
draft-kucherawy-sender-auth-header-04.txt):
==========================================================

"pass"
        the message passed the authentication test.

"fail"
        the message failed the authentication test.

"softfail"
        the message failed the authentication test, and the authentication
        method has either an explicit or implicit policy which doesn't require
        successful authentication of all messages from that domain.

"neutral"
        the authentication method completed without errors, but was unable
        to reach either a positive or a negative result about the message.

"temperror"
        a temporary (recoverable) error occurred attempting to authenticate
        the sender; either the process couldn't be completed locally, or
        there was a temporary failure retrieving data required for the
        authentication.  A later retry may produce a more final result.

"permerror"
        a permanent (unrecoverable) error occurred attempting to
        authenticate the sender; either the process couldn't be completed
        locally, or there was a permanent failure retrieving data required
        for the authentication.

==========================================================
Original Email
==========================================================

Return-Path: <[email protected]>
Received: from Orange01.CrazyNetwork.it (89.97.218.93) by verifier.port25.com (PowerMTA(TM) v4.0b3) id hfddd811u9c0 for <[email protected]>; Sat, 12 Mar 2011 06:36:52 -0500 (envelope-from <[email protected]>)
Authentication-Results: verifier.port25.com [email protected]; mfrom=pass;
Authentication-Results: verifier.port25.com [email protected]; domainkeys=neutral (message not signed);
Authentication-Results: verifier.port25.com header.d=crazynetwork.it; dkim=pass (matches From: [email protected]);
Authentication-Results: verifier.port25.com [email protected]; pra=pass;
DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=crazynetwork.it; s=x;
	h=Content-Type:Subject:To:MIME-Version:Reply-To:From:Date:Message-ID; bh=Fr9lvpOaze4+zC8XaFJLrz3bQMBbRjHFTp0UR5Qfei4=;
	b=D+9GdMcaRcHiMWsvwvacQkllA+nzCbuZkTfIRUc4Q/egB4RDWRfD9RLbKw3/HLItkJ8KiR9aNQdOicPvOMwtrEbil90E6/6K/3fA+zSPFP1vvfxyvfFEdKc7H1m2kTZ4;
Received: from [151.71.152.139] (helo=[192.168.1.7])
	by Orange01.CrazyNetwork.it with esmtpa (Exim 4.73)
	(envelope-from <[email protected]>)
	id 1PyN7m-0001cn-NP
	for [email protected]; Sat, 12 Mar 2011 12:36:46 +0100
Message-ID: <[email protected]>
Date: Sat, 12 Mar 2011 12:36:17 +0100
From: Supporto Tecnico - Crazy Network <[email protected]>
Reply-To: [email protected]
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; it; rv:1.9.2.13) Gecko/20101207 Lightning/1.0b2 Thunderbird/3.1.7
MIME-Version: 1.0
To: [email protected]
Subject: dkim test
Content-Type: multipart/related;
 boundary="------------040204040904040305020709"

Regards

 

[asishlla]

Good
After the big people talk
Little people can do a software update? And how to please
Thank you

 

[SeLLeRoNe]

is still in beta. is not suggested to put in production yet.