dkim-filter does not sign messages [Fixed-By-abolinhas]

all about postfix Problems, questions???

dkim-filter does not sign messages [Fixed-By-abolinhas]

New postby Friend7 » Tue Nov 20, 2012 5:04 am

Hello,

dkim-filter does not sign messages

Code: Select all
root@server:~# cat /var/log/mail.log|grep dkim
Nov 20 07:59:17 server dkim-filter[4129]: Sendmail DKIM Filter v2.8.3 starting (
args: -x /etc/dkim-milter/dkim-milter.conf -P /var/run/dkim-milter/dkim-milter.p
id)
Nov 20 08:05:56 server dkim-filter[3517]: Sendmail DKIM Filter v2.8.3 starting (
args: -x /etc/dkim-milter/dkim-milter.conf -P /var/run/dkim-milter/dkim-milter.p
id)
root@server:~#


Code: Select all
root@server:~# cat /var/log/syslog|grep dkim
Nov 20 07:59:17 server dkim-filter[4129]: Sendmail DKIM Filter v2.8.3 starting (
args: -x /etc/dkim-milter/dkim-milter.conf -P /var/run/dkim-milter/dkim-milter.p
id)
Nov 20 08:05:56 server dkim-filter[3517]: Sendmail DKIM Filter v2.8.3 starting (
args: -x /etc/dkim-milter/dkim-milter.conf -P /var/run/dkim-milter/dkim-milter.p
id)
root@server:~#


Summary of Results
==========================================================
SPF check: pass
DomainKeys check: neutral
DKIM check: neutral
Sender-ID check: pass
SpamAssassin check: ham

Thanks
Last edited by Friend7 on Mon Dec 10, 2012 6:47 am, edited 1 time in total.
Best Regards,
Friend7
 
Posts: 2373
Joined: Sun Feb 06, 2011 3:41 pm
Artica servers number: 1
Linux System: Debian
Technical skills: A newbee

Re: dkim-filter does not sign messages

New postby abolinhas » Thu Nov 29, 2012 7:06 pm

Hi,

You create the dns record for dkim ?
http://www.dnswatch.info/dkim/create-dns-record
Cumprimentos / Best Regards

André Bolinhas
Twitter: @abolinhas
User avatar
abolinhas
 
Posts: 1015
Joined: Fri Jun 19, 2009 8:50 am
Location: Portugal
Artica servers number: 4
Linux System: Ubuntu
Technical skills: A Linux System Administrator

Re: dkim-filter does not sign messages

New postby Friend7 » Thu Nov 29, 2012 7:20 pm

Hello,

Yes, I tested and verified:

Result: This is a valid DKIM key record

I think that it is a hosts file issue http://forum.artica.fr/viewtopic.php?f=10&t=6063

Thanks
Best Regards,
Friend7
 
Posts: 2373
Joined: Sun Feb 06, 2011 3:41 pm
Artica servers number: 1
Linux System: Debian
Technical skills: A newbee

Re: dkim-filter does not sign messages

New postby abolinhas » Thu Nov 29, 2012 11:15 pm

Hi,

1º Are you using multi-instances ?
2º What Dkim system are you using? Dkim milter or filter?
3º Send a email and in same time check the mail.log and post the results here.

Also, this could be (or not) related with your mysql problem, wait for David patch and check.
Cumprimentos / Best Regards

André Bolinhas
Twitter: @abolinhas
User avatar
abolinhas
 
Posts: 1015
Joined: Fri Jun 19, 2009 8:50 am
Location: Portugal
Artica servers number: 4
Linux System: Ubuntu
Technical skills: A Linux System Administrator

Re: dkim-filter does not sign messages

New postby Friend7 » Fri Nov 30, 2012 3:43 am

Hello,

1. Single (one) ipv4 instance on Postfix 2.10
2. Milter DKIM and verified

3º Send a email and in same time check the mail.log and post the results here.


I will test it.

Also, this could be (or not) related with your mysql problem, wait for David patch and check.


Maybe Milter DKIM is not compatible with postfix 2.10

Thanks
Best Regards,
Friend7
 
Posts: 2373
Joined: Sun Feb 06, 2011 3:41 pm
Artica servers number: 1
Linux System: Debian
Technical skills: A newbee

Re: dkim-filter does not sign messages

New postby Friend7 » Fri Nov 30, 2012 3:55 am

3º Send a email and in same time check the mail.log and post the results here.


No results, I think that I would need to wait until powerdns data base issue be fixed.
http://forum.artica.fr/viewtopic.php?f=10&t=6078

Code: Select all
root@server:~# cat /var/log/mail.log|grep dkim
root@server:~#


Thanks
Best Regards,
Friend7
 
Posts: 2373
Joined: Sun Feb 06, 2011 3:41 pm
Artica servers number: 1
Linux System: Debian
Technical skills: A newbee

Re: dkim-filter does not sign messages

New postby abolinhas » Fri Nov 30, 2012 5:47 pm

Seams that dkim is not linked to your postfix.
Can post your main.cf here ?
Cumprimentos / Best Regards

André Bolinhas
Twitter: @abolinhas
User avatar
abolinhas
 
Posts: 1015
Joined: Fri Jun 19, 2009 8:50 am
Location: Portugal
Artica servers number: 4
Linux System: Ubuntu
Technical skills: A Linux System Administrator

Re: dkim-filter does not sign messages

New postby Friend7 » Sat Dec 01, 2012 1:36 am

Thanks ..

Code: Select all
root@server:~# cat /etc/postfix/main.cf
relay_domains = hash:/etc/postfix-mail1.domain1.com/relay_domains
virtual_alias_maps = hash:/etc/postfix-mail1.domain1.com/virtual
alias_database = hash:/etc/postfix-mail1.domain1.com/aliases
alias_maps = hash:/etc/postfix-mail1.domain1.com/aliases
mydestination = hash:/etc/postfix-mail1.domain1.com/mydestination
queue_directory = /var/spool/postfix
data_directory = /var/lib/postfix
daemon_directory=/usr/lib/postfix
mail_owner = postfix
#default_privs = nobody
myhostname = server.domain2.com
#mydomain = domain.tld
myorigin = $myhostname
inet_interfaces=127.0.0.1
local_recipient_maps =
mynetworks = 127.0.0.0/8
mailbox_transport = lmtp:127.0.0.1:2003
fallback_transport = lmtp:127.0.0.1:2003
smtpd_banner = $myhostname ESMTP $mail_name
multi_instance_wrapper=/usr/sbin/postmulti -p --
multi_instance_enable=yes
multi_instance_directories=/etc/postfix-mail1.domain1.com
root@server:~#


Code: Select all
root@server:~# cat /etc/postfix-mail1.domain1.com/main.cf
smtpd_banner=$myhostname ESMTP $mail_name
biff=no

#  NETWORK ---------------------------------
myhostname = mail1.domain1.com
mynetworks=127.0.0.0/8 [::ffff:127.0.0.0]/104 [::1]/128,xxx.xxx.xxx.xxx,127.0.0.0/8,xxx.xxx.xxx.yyy
inet_interfaces = xxx.xxx.xxx.xxx
smtp_bind_address = xxx.xxx.xxx.xxx
inet_protocols = ipv4
myorigin=$mydomain

append_dot_mydomain=no
readme_directory=no
recipient_delimiter=+

#  RESTRICTIONS ---------------------------------
message_size_limit = 102400000
mime_nesting_limit = 100
header_address_token_limit = 10240
default_destination_recipient_limit = 50
smtpd_recipient_limit = 1000
smtpd_delay_reject = yes
mailbox_size_limit=102400000
virtual_mailbox_limit = 102400000
artica-filter_destination_recipient_limit = 1
artica-adv_destination_recipient_limit = 1
artica_destination_recipient_limit = 1
zarafa_destination_recipient_limit = 1
smtpd_restriction_classes = artica_restrict_relay_domains
artica_restrict_relay_domains = reject_unverified_recipient
disable_vrfy_command = yes
smtpd_restriction_classes =
smtpd_recipient_restrictions = permit_mynetworks,check_recipient_access
hash:/etc/postfix-mail1.domain1.com/relay_domains_restricted,check_recipient_access
hash:/etc/postfix-mail1.domain1.com/amavis_bypass_rcpt,reject_unauth_destination,permit
smtpd_client_restrictions = permit_mynetworks,check_client_access hash:/etc/post
fix-mail1.domain1.com/amavis_internal,reject_unknown_client_hostname,reject_i
nvalid_hostname,reject_unknown_reverse_client_hostname,reject_unknown_sender_dom
ain,reject_non_fqdn_sender,reject_rbl_client zen.spamhaus.org,reject_rbl_client
sbl.spamhaus.org,reject_rbl_client cbl.abuseat.org,permit
smtpd_helo_restrictions = permit_mynetworks, reject_invalid_hostname, reject_non
_fqdn_hostname, permit

body_checks = pcre:/etc/postfix-mail1.domain1.com/pcre_body_checks,regexp:/et
c/postfix-mail1.domain1.com/regex_body_checks

bounce_service_name=bounce
bounce_size_limit=50000
bounce_notice_recipient=postmaster
double_bounce_sender=double-bounce
smtpd_reject_unlisted_recipient=yes
smtp_connection_cache_on_demand=yes
smtp_connection_cache_time_limit=2s
smtp_connection_reuse_time_limit=300s
connection_cache_ttl_limit=2s
connection_cache_status_update_time=600s
smtp_connection_cache_destinations=
address_verify_map=btree:/var/lib/postfix-mail1.domain1.com/verify
address_verify_sender=double-bounce
address_verify_negative_cache=yes
address_verify_negative_expire_time=3d
address_verify_negative_refresh_time=3h
address_verify_poll_count=3
address_verify_poll_delay=3s
address_verify_positive_expire_time=31d
address_verify_positive_refresh_time=7d
smtpd_error_sleep_time=1s
smtpd_hard_error_limit=20
smtpd_soft_error_limit=10
smtpd_client_connection_count_limit=50
smtpd_client_connection_rate_limit=0
smtpd_client_message_rate_limit=0
smtpd_client_recipient_rate_limit=0
smtpd_client_event_limit_exceptions=$mynetworks
minimal_backoff_time=300s
maximal_backoff_time=4000s
bounce_queue_lifetime=5d
default_process_limit=100
maximal_queue_lifetime=5d
smtp_helo_timeout=300s
smtp_connect_timeout=30s
queue_run_delay=300s
qmgr_message_active_limit=20000
qmgr_message_recipient_limit=20000
qmgr_message_recipient_minimum=10
smtpd_timeout=300
enable_original_recipient=yes
ignore_mx_lookup_error=no
disable_dns_lookups=no

smtp_sender_dependent_authentication = yes
undisclosed_recipients_header=To: undisclosed-recipients:;
initial_destination_concurrency=5
default_destination_concurrency_limit=20
local_destination_concurrency_limit=2
smtp_destination_concurrency_limit=20

# Templates and notifications ---------------------------------
bounce_template_file = /etc/postfix-mail1.domain1.com/bounce.template.cf
double_bounce_sender = double-bounce
address_verify_sender = $double_bounce_sender
2bounce_notice_recipient = postmaster
error_notice_recipient = postmaster@domain2.com
delay_notice_recipient = postmaster@domain2.com
empty_address_recipient = postmaster@domain2.com

smtp_send_xforward_command=yes

#  SASL / TLS ---------------------------------
broken_sasl_auth_clients = yes

smtpd_tls_auth_only = no
smtpd_tls_ask_ccert=no
smtpd_tls_security_level = may
smtpd_tls_req_ccert=no
smtpd_tls_received_header = yes
smtpd_tls_CAfile=/etc/postfix-mail1.domain1.com/ssl/ca.csr
smtpd_tls_cert_file=/etc/postfix-mail1.domain1.com/ssl/ca.crt
smtpd_tls_key_file=/etc/postfix-mail1.domain1.com/ssl/ca.key
smtpd_use_tls=yes
smtpd_tls_session_cache_database=btree:${data_directory}/smtpd_scache
smtp_tls_session_cache_database=btree:${data_directory}/smtpd_tls_session_cache
smtpd_client_new_tls_session_rate_limit=0

#  SMTP CLIENT SASL ---------------------------------

virtual_uid_maps=static:5000
virtual_gid_maps=static:5000
bounce_template_file=/etc/postfix/bounce.template.cf

#  PostScreen ---------------------------------
postscreen_bare_newline_action= ignore
postscreen_bare_newline_enable= no
postscreen_bare_newline_ttl= 30d
postscreen_cache_cleanup_interval= 12h
postscreen_cache_retention_time= 7d
postscreen_client_connection_count_limit= 50
postscreen_client_connection_count_limit= 50
postscreen_pipelining_enable= no
postscreen_pipelining_action= ignore
postscreen_pipelining_ttl= 30d
postscreen_post_queue_limit= 100
postscreen_pre_queue_limit= 100
postscreen_non_smtp_command_enable= no
postscreen_non_smtp_command_action= drop
postscreen_non_smtp_command_ttl= 30d
postscreen_forbidden_command= CONNECT, GET, POST
postscreen_dnsbl_action= ignore
postscreen_dnsbl_ttl= 1h
postscreen_dnsbl_threshold= 1
postscreen_cache_map= btree:$data_directory/postscreen_mail1.domain1.com_cache
postscreen_dnsbl_sites=b.barracudacentral.org*1
postscreen_access_list=permit_mynetworks,cidr:/etc/postfix-mail1.domain1.com/
postscreen_access.cidr,hash:/etc/postfix-mail1.domain1.com/postscreen_access.
hosts


#  DATABASES ---------------------------------
smtpd_reject_unlisted_recipient=yes
artica_destination_recipient_limit = 1
artica-filter_destination_recipient_limit = 1
relay_domains = $mydestination, hash:/etc/postfix-mail1.domain1.com/relay_domains
virtual_mailbox_maps = hash:/etc/postfix-mail1.domain1.com/virtual
virtual_alias_maps = pcre:/etc/postfix-mail1.domain1.com/virtual.domains,hash
:/etc/postfix-mail1.domain1.com/virtual
alias_maps = hash:/etc/postfix-mail1.domain1.com/aliases
transport_maps = hash:/etc/postfix-mail1.domain1.com/transport.advancedtr, ha
sh:/etc/postfix-mail1.domain1.com/transport.throttle,hash:/etc/postfix-mail1.
domain1.com/transport.banned,hash:/etc/postfix-mail1.domain1.com/copy.tran
sport
mydestination = hash:/etc/postfix-mail1.domain1.com/mydestination
recipient_bcc_maps = pcre:/etc/postfix-mail1.domain1.com/copy.pcre
mailbox_transport_maps = hash:/etc/postfix-mail1.domain1.com/mailbox_transpor
t

#  MAILBOXES ---------------------------------
mailbox_transport = lmtp:127.0.0.1:2003
virtual_transport=$mailbox_transport
mailman_destination_recipient_limit = 1

disable_vrfy_command=yes
smtpd_delay_reject=yes
smtpd_helo_required=yes

#Checks headers and bodys ---------------------------------

mime_header_checks = regexp:/etc/postfix-mail1.domain1.com/regex_mime_checks
header_checks = regexp:/etc/postfix-mail1.domain1.com/header_checks,pcre:/etc
/postfix-mail1.domain1.com/pcre_headers_checks,regexp:/etc/postfix-mail1.domain1.com/regex_headers_checks
receive_override_options=
auth_relay =

smtpd_milters = unix:/var/spool/postfix/var/run/milter-greylist/mail1.domain1.com/greylist.sock
milter_connect_macros = j _ {daemon_name} {if_name} {if_addr} {client_name} {client_addr} {client_resolve} {client_ptr}
milter_helo_macros = {tls_version} {cipher} {cipher_bits} {cert_subject} {cert_issuer}
milter_mail_macros = i {auth_type} {auth_authen} {auth_ssf} {auth_author} {mail_mailer} {mail_host} {mail_addr} {client_addr} {if_addr}
milter_rcpt_macros = {rcpt_mailer} {rcpt_host} {rcpt_addr} {client_addr} {if_addr}
milter_default_action = accept
milter_protocol = 3 milter_connect_timeout=180
milter_command_timeout=180
milter_content_timeout=600



#Multi instances parameters ---------------------------------

queue_directory = /var/spool/postfix-mail1.domain1.com
data_directory = /var/lib/postfix-mail1.domain1.com
daemon_directory = /usr/lib/postfix
multi_instance_name = postfix-mail1.domain1.com
multi_instance_wrapper=${command_directory}/postmulti -p --
multi_instance_enable = yes
root@server:~#
Best Regards,
Friend7
 
Posts: 2373
Joined: Sun Feb 06, 2011 3:41 pm
Artica servers number: 1
Linux System: Debian
Technical skills: A newbee

Re: dkim-filter does not sign messages

New postby abolinhas » Sat Dec 01, 2012 3:17 pm

Yap, no dkim record in main.cf, try use filter dkim instead.

Also this in verystrange line
#Multi instances parameters ---------------------------------

queue_directory = /var/spool/postfix-mail1.domain1.com
data_directory = /var/lib/postfix-mail1.domain1.com
daemon_directory = /usr/lib/postfix
multi_instance_name = postfix-mail1.domain1.com
multi_instance_wrapper=${command_directory}/postmulti -p --
multi_instance_enable = yes

Are you sure that you don't have the multi-instance option enabled?
Cumprimentos / Best Regards

André Bolinhas
Twitter: @abolinhas
User avatar
abolinhas
 
Posts: 1015
Joined: Fri Jun 19, 2009 8:50 am
Location: Portugal
Artica servers number: 4
Linux System: Ubuntu
Technical skills: A Linux System Administrator

Re: dkim-filter does not sign messages

New postby Friend7 » Sun Dec 02, 2012 2:13 am

Hello abolinhas,

1 Could you post the default dkim records in main.cf?

2. Why doesn't DKIM add the records in main.cf? Is it a bug?

3. Yes, I have enabled the multi-instances feature, but Server only has 1 single ipv4 postfix 2.10 instance.
I will try filter dkim

Thanks
Best Regards,
Friend7
 
Posts: 2373
Joined: Sun Feb 06, 2011 3:41 pm
Artica servers number: 1
Linux System: Debian
Technical skills: A newbee

Next

Return to Postfix Discusss

Who is online

Users browsing this forum: No registered users and 5 guests

cron