Results 1 to 10 of 13

Thread: Dkim

Hybrid View

  1. #1
    Join Date
    Mar 2011
    Posts
    44
    Rep Power
    4

    Default Dkim

    Zimbra Collaboration Suite 7.1
    Debian 6.0

    I have searched and tried to get this working for 2 days now and nothing I have attempted has worked. I have followed countless tutorials online (most written for centos and rpm packages) and tried both dkim-filter and opendkim. I have tried using setting the master.cf (which never saves, even in su - zimbra... Even tried sudo in su - zimbra which ask for a password then tells me its incorrect...), setting the milter setting in zimbra admin with no luck...

    Can someone please help me out with this, this simple thing which should have taken 3 minutes has turned into a 3 day project that doesnt seem to have an end.

  2. #2
    phoenix is offline Zimbra Consultant & Moderator
    Join Date
    Sep 2005
    Location
    Vannes, France
    Posts
    23,587
    Rep Power
    58

    Default

    [QUOTE=cartaysm;244918]Zimbra Collaboration Suite 7.1
    Debian 6.0

    I have searched and tried to get this working for 2 days now and nothing I have attempted has worked. I have followed countless tutorials online (most written for centos and rpm packages) and tried both dkim-filter and opendkim.

    Quote Originally Posted by cartaysm View Post
    I have tried using setting the master.cf (which never saves, even in su - zimbra... Even tried sudo in su - zimbra which ask for a password then tells me its incorrect...), setting the milter setting in zimbra admin with no luck...
    That is the wrong file as it gets overwritten by Zimbra, you should modify master.cf.in - there's details of that all over the forum.

    Quote Originally Posted by cartaysm View Post
    Can someone please help me out with this, this simple thing which should have taken 3 minutes has turned into a 3 day project that doesnt seem to have an end.
    I'm afraid that 'it doesn't work' isn't of much help for us to give you any advice, you need to describe exactly what you've done, which tutorial you've followed and what errors you're seeing.
    Regards


    Bill


    Acompli: A new adventure for Co-Founder KevinH.

  3. #3
    Join Date
    Mar 2011
    Posts
    44
    Rep Power
    4

    Default

    Yeah I was afraid you were going to say that, here goes...

    Zimbra Collaboration Suite 7.1
    Debian 6.0
    purged all files I had before with dkim-filter and opendkim (including /etc/mail folder) to start nice and clean...

    https://help.ubuntu.com/community/Postfix/DKIM

    I followed this all the way down to the postfix insertion;

    nano /opt/zimbra/postfix/conf/master.cf.in (based off your suggestion, I had tried master and main before with no luck)

    # DKIM
    -o milter_default_action = accept
    -o milter_protocol = 2
    -o smtpd_milters = inet:localhost:8891
    -o non_smtpd_milters = inet:localhost:8891

    Then picked back up at key gen on the wiki...

    sudo /etc/init.d/dkim-filter start
    sudo /etc/init.d/zimbra restart


    and now it doesnt receive emails... commented out the master.cf.in file (parts I added) and I can receive mail again

    So I ran;
    grep -i dkim /var/log/mail.log

    Jul 15 22:59:24 aeccmd dkim-filter[23197]: can't configure DKIM library; continuing
    Jul 15 22:59:24 aeccmd dkim-filter[23197]: Sendmail DKIM Filter v2.8.2 starting (args: -x /etc/dkim-filter.conf -u dkim-filter -P /var/run/dkim-filter/dkim-filter.pid -p inet:8891@localhost)

  4. #4
    phoenix is offline Zimbra Consultant & Moderator
    Join Date
    Sep 2005
    Location
    Vannes, France
    Posts
    23,587
    Rep Power
    58

    Default

    I believe that the openDKIM package is preferred these days. Follow these instructions: Guide to Install OpenDKIM for multiple domains with Postfix and Debian - use master.cf.in for the Milter (Postfix) settings as I mentioned earlier.

    I use openDKIM without problems on my CentOS5 ZCS server. If you still have problems then look at the log files and post again.
    Regards


    Bill


    Acompli: A new adventure for Co-Founder KevinH.

  5. #5
    Join Date
    Mar 2011
    Posts
    44
    Rep Power
    4

    Default

    Thank you for the link! I followed it and got the following results;

    check-auth@verifier.port25.com
    ----------------------------------------------------------
    DomainKeys check details:
    ----------------------------------------------------------
    Result: neutral (message not signed)
    ID(s) verified: header.From=user@aeccmd.org
    DNS record(s):

    ----------------------------------------------------------
    DKIM check details:
    ----------------------------------------------------------
    Result: pass (matches From: user@aeccmd.org)
    ID(s) verified: header.d=aeccmd.org
    Canonicalized Headers:



    sa-test@sendmail.net

    Authentication System: DomainKeys Identified Mail (DKIM)
    Result: DKIM signature confirmed BAD
    Description: Signature verification failed, message may have been tampered with or corrupted
    Reporting host: services.sendmail.com


    autorespond+dkim@dk.elandsys.com

    DKIM Signature validation: pass
    DKIM Author Domain Signing Practices: no DNS record for _adsp._domainkey.aeccmd.org

    I am happy to post files from my logs but not sure which to post that will help, here a the last few lines of the following files;

    cat /var/log/mail.log
    Jul 16 09:42:39 aeccmd postfix/cleanup[13381]: 1A3D61F203D: message-id=<201207161342.q6GDgU9t023450@mx.elandsys.com>
    Jul 16 09:42:39 aeccmd opendkim[1091]: message has signatures from opendkim.org, qubic.net
    Jul 16 09:42:39 aeccmd postfix/qmgr[17774]: 1A3D61F203D: from=<daemon@dk.elandsys.com>, size=5628, nrcpt=1 (queue active)
    Jul 16 09:42:39 aeccmd postfix/smtpd[13385]: disconnect from localhost.localdomain[127.0.0.1]
    Jul 16 09:42:39 aeccmd postfix/smtp[13382]: 63B901F202C: to=<scott@aeccmd.org>, relay=127.0.0.1[127.0.0.1]:10024, delay=7.8, delays=0.57/0/0/7.2, dsn=2.0.0, status=sent (250 2.0.0 from MTA([127.0.0.1]:10025): 250 2.0.0 Ok: queued as 1A3D61F203D)
    Jul 16 09:42:39 aeccmd postfix/qmgr[17774]: 63B901F202C: removed
    Jul 16 09:42:39 aeccmd postfix/lmtp[13397]: 1A3D61F203D: to=<user@aeccmd.org>, relay=aeccmd.org[192.168.1.1]:7025, delay=0.78, delays=0.7/0.01/0/0.07, dsn=2.1.5, status=sent (250 2.1.5 Delivery OK)

    cat /var/log/mail.warn (nothing with new opendkim setup)
    cat /var/log/mail.err (nothing with new opendkim setup)



    EDIT:

    I did just find this in the mail.warn log (not sure what it is, its not my ip)
    Jul 16 09:15:05 aeccmd postfix/smtpd[31573]: warning: connect to Milter service inet:localhost:12345: Connection refused
    Jul 16 09:15:35 aeccmd postfix/smtpd[31573]: warning: connect to Milter service inet:localhost:12345: Connection refused
    Jul 16 09:57:54 aeccmd postfix/smtpd[19678]: warning: 187.75.173.119: hostname 187-75-173-119.dsl.telesp.net.br verification failed: No address associated with hostname
    Jul 16 10:12:36 aeccmd opendkim[1091]: AC7FA1F203D: no signature data
    Last edited by cartaysm; 07-16-2012 at 07:14 AM. Reason: err log

  6. #6
    phoenix is offline Zimbra Consultant & Moderator
    Join Date
    Sep 2005
    Location
    Vannes, France
    Posts
    23,587
    Rep Power
    58

    Default

    Quote Originally Posted by cartaysm View Post
    Thank you for the link! I followed it and got the following results;

    check-auth@verifier.port25.com
    ----------------------------------------------------------
    DomainKeys check details:
    ----------------------------------------------------------
    Result: neutral (message not signed)
    ID(s) verified: header.From=user@aeccmd.org
    DNS record(s):

    ----------------------------------------------------------
    DKIM check details:
    ----------------------------------------------------------
    Result: pass (matches From: user@aeccmd.org)
    ID(s) verified: header.d=aeccmd.org
    Canonicalized Headers:



    sa-test@sendmail.net

    Authentication System: DomainKeys Identified Mail (DKIM)
    Result: DKIM signature confirmed BAD
    Description: Signature verification failed, message may have been tampered with or corrupted
    Reporting host: services.sendmail.com


    autorespond+dkim@dk.elandsys.com

    DKIM Signature validation: pass
    DKIM Author Domain Signing Practices: no DNS record for _adsp._domainkey.aeccmd.org
    Do you actually have the correct DNS TXT records required by openDKIM?

    Quote Originally Posted by cartaysm View Post
    I am happy to post files from my logs but not sure which to post that will help, here a the last few lines of the following files;

    cat /var/log/mail.log
    Jul 16 09:42:39 aeccmd postfix/cleanup[13381]: 1A3D61F203D: message-id=<201207161342.q6GDgU9t023450@mx.elandsys.com>
    Jul 16 09:42:39 aeccmd opendkim[1091]: message has signatures from opendkim.org, qubic.net
    Jul 16 09:42:39 aeccmd postfix/qmgr[17774]: 1A3D61F203D: from=<daemon@dk.elandsys.com>, size=5628, nrcpt=1 (queue active)
    Jul 16 09:42:39 aeccmd postfix/smtpd[13385]: disconnect from localhost.localdomain[127.0.0.1]
    Jul 16 09:42:39 aeccmd postfix/smtp[13382]: 63B901F202C: to=<scott@aeccmd.org>, relay=127.0.0.1[127.0.0.1]:10024, delay=7.8, delays=0.57/0/0/7.2, dsn=2.0.0, status=sent (250 2.0.0 from MTA([127.0.0.1]:10025): 250 2.0.0 Ok: queued as 1A3D61F203D)
    Jul 16 09:42:39 aeccmd postfix/qmgr[17774]: 63B901F202C: removed
    Jul 16 09:42:39 aeccmd postfix/lmtp[13397]: 1A3D61F203D: to=<user@aeccmd.org>, relay=aeccmd.org[192.168.1.1]:7025, delay=0.78, delays=0.7/0.01/0/0.07, dsn=2.1.5, status=sent (250 2.1.5 Delivery OK)

    cat /var/log/mail.warn (nothing with new opendkim setup)
    cat /var/log/mail.err (nothing with new opendkim setup)



    EDIT:

    I did just find this in the mail.warn log (not sure what it is, its not my ip)
    Jul 16 09:15:05 aeccmd postfix/smtpd[31573]: warning: connect to Milter service inet:localhost:12345: Connection refused
    Jul 16 09:15:35 aeccmd postfix/smtpd[31573]: warning: connect to Milter service inet:localhost:12345: Connection refused
    Jul 16 09:57:54 aeccmd postfix/smtpd[19678]: warning: 187.75.173.119: hostname 187-75-173-119.dsl.telesp.net.br verification failed: No address associated with hostname
    Jul 16 10:12:36 aeccmd opendkim[1091]: AC7FA1F203D: no signature data
    Is the milter up and running and listening on the port mentioned above?

    I think you're going to have to start with posting your configuration files for openDKIM (also include the milter settings in master.cf.in) and the DNS TXT records you've configured.
    Regards


    Bill


    Acompli: A new adventure for Co-Founder KevinH.

Similar Threads

  1. DKIM and DK in Zimbra 7.0
    By randall in forum Installation
    Replies: 3
    Last Post: 04-12-2011, 07:51 AM
  2. DKIM Signature
    By ashrocks in forum Administrators
    Replies: 3
    Last Post: 12-03-2010, 01:03 PM
  3. DKIM Signature
    By ashrocks in forum Users
    Replies: 0
    Last Post: 12-03-2010, 10:51 AM
  4. DKIM Coming?
    By LMStone in forum Developers
    Replies: 8
    Last Post: 08-21-2009, 04:50 AM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •