Koozali.org: home of the SME Server
Obsolete Releases => SME 8.x Contribs => Topic started by: oMQYN0AvPB on February 26, 2014, 04:26:46 PM
-
Hi,
I have a SME Server installation on a public IP, without an ISP in front of me.
I am trying to set up SPF, DomainKey, DKIM and DMARC.
Everything seems to be working except DomainKey. If I have understood correctly, domainkey is a deprecated version of DKIM, but some servers still use it.
These are the relevant DNS entries:
# host -t TXT "mydomain.com"
mydomain.com descriptive text "v=spf1 a mx -all"
# host -t TXT "_domainkey.mydomain.com"
_domainkey.mydomain.com descriptive text "o=-\; r=postmaster@mydomain.com"
# host -t TXT "default._domainkey.mydomain.com"
default._domainkey.mydomain.com descriptive text "v=DKIM1\; k=rsa\; p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDKm/88Xo1cqgEapGFOzjS8EvUh9/drZTswetqryMI9jUXODjvT+V9YU7PkpgK1YQJDc4KoyFNVdis7DtdmH4Q8O00Bg0SvwX82Dn/pHmxABldnTy5XQNCsHTqQ1xYcveVgduyOCLxOo3wrSeYKRN5lYG2cFBZ/xw6R5ZhPwT0ZjwIDAQAB"
# host -t TXT "_dmarc.mydomain.com"
_dmarc.mydomain.com descriptive text "v=DMARC1\; p=reject\; rua=mailto:postmaster@mydomain.com"
This is the response from pythentic@had-pilot.biz
2014/02/26 09:50:20 :Your DMARC record for '_dmarc.mydomain.com' is 'v=DMARC1; p=reject; rua=mailto:postmaster@mydomain.com'
Here are the results of the message from kid@mydomain.com
received on Wed Feb 26 09:50:02 2014 with Subject dmarc
The message was: Delivered
The SPF result was: pass
The DKIM result was: True
**********************************************************
Enter your email address and this hash stringin the Review My Results link for message header analysis of results: address=kid@mydomain.com hash=MF91PZeQU3nf2py1JyjU
**********************************************************
Full Record
Id[15]:
SPF result: pass
DKIM result: True
Alignment result: Pass
Feedback: RecordType
Delivery Result: Pass
Source IP: 188.164.128.61
User Agent: Pythentic
Version: 1
Recipient: had-pilot.biz
Arrival Date: Wed Feb 26 09:50:02 2014
From: kid@mydomain.com
DKIM Signature: v=1; a=rsa-sha1; c=relaxed; d=mydomain.com; h=received:from:subject:date:message-id; s=default; bh=uaKcey34TfR3MDx+lwcxx6mWfSo=; b=lpe/A00pInaGVFp0O3iPj8XlCoPPIjUBAcUyH3+mdCE8CUndQFbyJ8puHVW9EL1I4igTp/WuPcRf8eAJAgozTaP4jpwcl18QRYblkFBu3qLVdDHIXz+gXsz94Saa2+77nnKaDbBKge3/0bk01+i7cdO0wjrephyUQsgFJL1VwgQ=
Subject: dmarc
Reported: 0
SPFReason: sender SPF authorized
DKIMReason: Good DKIM Signature.
DMARCReason: Message authenticated.
Message: Received: (qmail 9922 invoked by uid 453); 26 Feb 2014 14:49:56 -0000
DKIM-Signature: v=1; a=rsa-sha1; c=relaxed; d=mydomain.com; h=received:from:subject:date:message-id; s=default; bh=uaKcey34TfR3MDx+lwcxx6mWfSo=; b=lpe/A00pInaGVFp0O3iPj8XlCoPPIjUBAcUyH3+mdCE8CUndQFbyJ8puHVW9EL1I4igTp/WuPcRf8eAJAgozTaP4jpwcl18QRYblkFBu3qLVdDHIXz+gXsz94Saa2+77nnKaDbBKge3/0bk01+i7cdO0wjrephyUQsgFJL1VwgQ=
Received: from Unknown (HELO [192.168.2.6]) (195.251.66.196)
(smtp-auth username kid, mechanism plain)
by mydomain.com (qpsmtpd/0.84) with (AES256-SHA encrypted) ESMTPSA; Wed, 26 Feb 2014 15:49:56 +0100
Message-ID: <530DFF0C.1070704@mydomain.com>
Date: Wed, 26 Feb 2014 16:49:48 +0200
From: Kidlike <kid@mydomain.com>
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:24.0) Gecko/20100101 Thunderbird/24.2.0
MIME-Version: 1.0
To: pythentic@had-pilot.biz
Subject: dmarc
Content-Type: text/plain; charset=ISO-8859-1; format=flowed
Content-Transfer-Encoding: 7bit
X-Virus-Checked: Checked by ClamAV on mydomain.com
X-dkim: d=mydomain.com,s=default,DKIMReason=Good DKIM Signature.
X-spf: i=188.164.128.61,h=mydomain.com.,s=kid@mydomain.com,SPFResult=pass
aaaa
And this is the response from check-auth@verifier.port25.com
This message is an automatic response from Port25's authentication verifier
service at verifier.port25.com. The service allows email senders to perform
a simple check of various sender authentication mechanisms. It is provided
free of charge, in the hope that it is useful to the email community. While
it is not officially supported, we welcome any feedback you may have at
<verifier-feedback@port25.com>.
Thank you for using the verifier,
The Port25 Solutions, Inc. team
==========================================================
Summary of Results
==========================================================
SPF check: pass
DomainKeys check: neutral
DKIM check: pass
Sender-ID check: pass
SpamAssassin check: ham
==========================================================
Details:
==========================================================
HELO hostname: mydomain.com
Source IP: 188.164.128.61
mail-from: kid@mydomain.com
----------------------------------------------------------
SPF check details:
----------------------------------------------------------
Result: pass
ID(s) verified: smtp.mailfrom=kid@mydomain.com
DNS record(s):
mydomain.com. 10800 IN SPF "v=spf1 a mx -all"
mydomain.com. 10800 IN A 188.164.128.61
----------------------------------------------------------
DomainKeys check details:
----------------------------------------------------------
Result: neutral (message not signed)
ID(s) verified: header.From=kid@mydomain.com
DNS record(s):
----------------------------------------------------------
DKIM check details:
----------------------------------------------------------
Result: pass (matches From: kid@mydomain.com)
ID(s) verified: header.d=mydomain.com
Canonicalized Headers:
received:from'20'Unknown'20'(HELO'20'[192.168.2.6])'20'(195.251.66.196)'20'(smtp-auth'20'username'20'kid,'20'mechanism'20'plain)'20'by'20'mydomain.com'20'(qpsmtpd/0.84)'20'with'20'(AES256-SHA'20'encrypted)'20'ESMTPSA;'20'Wed,'20'26'20'Feb'20'2014'20'15:54:42'20'+0100'0D''0A'
from:kidanos'20'Kalantzis'20'<kid@mydomain.com>'0D''0A'
subject:test'0D''0A'
date:Wed,'20'26'20'Feb'20'2014'20'16:54:34'20'+0200'0D''0A'
message-id:<530E002A.7080807@mydomain.com>'0D''0A'
dkim-signature:v=1;'20'a=rsa-sha1;'20'c=relaxed;'20'd=mydomain.com;'20'h=received:from:subject:date:message-id;'20's=default;'20'bh=uaKcey34TfR3MDx+lwcxx6mWfSo=;'20'b=
Canonicalized Body:
aaaa'0D''0A'
DNS record(s):
default._domainkey.mydomain.com. 10800 IN TXT "v=DKIM1; k=rsa; p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDKm/88Xo1cqgEapGFOzjS8EvUh9/drZTswetqryMI9jUXODjvT+V9YU7PkpgK1YQJDc4KoyFNVdis7DtdmH4Q8O00Bg0SvwX82Dn/pHmxABldnTy5XQNCsHTqQ1xYcveVgduyOCLxOo3wrSeYKRN5lYG2cFBZ/xw6R5ZhPwT0ZjwIDAQAB"
Public key used for verification: default._domainkey.mydomain.com (1024 bits)
NOTE: DKIM checking has been performed based on the latest DKIM specs
(RFC 4871 or draft-ietf-dkim-base-10) and verification may fail for
older versions. If you are using Port25's PowerMTA, you need to use
version 3.2r11 or later to get a compatible version of DKIM.
----------------------------------------------------------
Sender-ID check details:
----------------------------------------------------------
Result: pass
ID(s) verified: header.From=kid@mydomain.com
DNS record(s):
mydomain.com. 10800 IN SPF "v=spf1 a mx -all"
mydomain.com. 10800 IN A 188.164.128.61
----------------------------------------------------------
SpamAssassin check details:
----------------------------------------------------------
SpamAssassin v3.3.1 (2010-03-16)
Result: ham (-2.0 points, 5.0 required)
pts rule name description
---- ---------------------- --------------------------------------------------
-1.0 RP_MATCHES_RCVD Envelope sender domain matches handover relay domain
-1.9 BAYES_00 BODY: Bayes spam probability is 0 to 1%
[score: 0.0000]
-0.1 DKIM_VALID_AU Message has a valid DKIM or DK signature from author's
domain
0.1 DKIM_SIGNED Message has a DKIM or DK signature, not necessarily valid
-0.1 DKIM_VALID Message has at least one valid DKIM or DK signature
1.0 BODY_URI_ONLY Message body is only a URI in one line of text or for
an image
==========================================================
Explanation of the possible results (from RFC 5451)
==========================================================
SPF and Sender-ID Results
=========================
"none"
No policy records were published at the sender's DNS domain.
"neutral"
The sender's ADMD has asserted that it cannot or does not
want to assert whether or not the sending IP address is authorized
to send mail using the sender's DNS domain.
"pass"
The client is authorized by the sender's ADMD to inject or
relay mail on behalf of the sender's DNS domain.
"policy"
The client is authorized to inject or relay mail on behalf
of the sender's DNS domain according to the authentication
method's algorithm, but local policy dictates that the result is
unacceptable.
"fail"
This client is explicitly not authorized to inject or
relay mail using the sender's DNS domain.
"softfail"
The sender's ADMD believes the client was not authorized
to inject or relay mail using the sender's DNS domain, but is
unwilling to make a strong assertion to that effect.
"temperror"
The message could not be verified due to some error that
is likely transient in nature, such as a temporary inability to
retrieve a policy record from DNS. A later attempt may produce a
final result.
"permerror"
The message could not be verified due to some error that
is unrecoverable, such as a required header field being absent or
a syntax error in a retrieved DNS TXT record. A later attempt is
unlikely to produce a final result.
DKIM and DomainKeys Results
===========================
"none"
The message was not signed.
"pass"
The message was signed, the signature or signatures were
acceptable to the verifier, and the signature(s) passed
verification tests.
"fail"
The message was signed and the signature or signatures were
acceptable to the verifier, but they failed the verification
test(s).
"policy"
The message was signed but the signature or signatures were
not acceptable to the verifier.
"neutral"
The message was signed but the signature or signatures
contained syntax errors or were not otherwise able to be
processed. This result SHOULD also be used for other
failures not covered elsewhere in this list.
"temperror"
The message could not be verified due to some error that
is likely transient in nature, such as a temporary inability
to retrieve a public key. A later attempt may produce a
final result.
"permerror"
The message could not be verified due to some error that
is unrecoverable, such as a required header field being
absent. A later attempt is unlikely to produce a final result.
==========================================================
Original Email
==========================================================
Return-Path: <kid@mydomain.com>
Received: from mydomain.com (188.164.128.61) by verifier.port25.com id h1o03i11u9c2 for <check-auth@verifier.port25.com>; Wed, 26 Feb 2014 09:54:49 -0500 (envelope-from <kid@mydomain.com>)
Authentication-Results: verifier.port25.com; spf=pass smtp.mailfrom=kid@mydomain.com
Authentication-Results: verifier.port25.com; domainkeys=neutral (message not signed) header.From=kid@mydomain.com
Authentication-Results: verifier.port25.com; dkim=pass (matches From: kid@mydomain.com) header.d=mydomain.com
Authentication-Results: verifier.port25.com; sender-id=pass header.From=kid@mydomain.com
Received: (qmail 9998 invoked by uid 453); 26 Feb 2014 14:54:42 -0000
DKIM-Signature: v=1; a=rsa-sha1; c=relaxed; d=mydomain.com; h=received:from:subject:date:message-id; s=default; bh=uaKcey34TfR3MDx+lwcxx6mWfSo=; b=fewKznJaD9rQq9+71OwTRLhfaMQZeI+kuAFpZ9ZGNg2baNTozflX2orL6oBUyj61WnWHwqRPPRpzLBsArAYTlkgTp8blhtaxX8kwBEuBP2JB6rE+u77LNUwox947X7RBzhuBHvuT3gWuRiGYiqPEe8tKiy9eHC+6kC9omO8dnSA=
Received: from Unknown (HELO [192.168.2.6]) (195.251.66.196)
(smtp-auth username kid, mechanism plain)
by mydomain.com (qpsmtpd/0.84) with (AES256-SHA encrypted) ESMTPSA; Wed, 26 Feb 2014 15:54:42 +0100
Message-ID: <530E002A.7080807@mydomain.com>
Date: Wed, 26 Feb 2014 16:54:34 +0200
From: Kidlike <kid@mydomain.com>
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:24.0) Gecko/20100101 Thunderbird/24.2.0
MIME-Version: 1.0
To: check-auth@verifier.port25.com
Subject: test
Content-Type: text/plain; charset=ISO-8859-1; format=flowed
Content-Transfer-Encoding: 7bit
X-Virus-Checked: Checked by ClamAV on mydomain.com
aaaa
As you can see the results from check-auth@verifier.port25.com, the part for domain key says
"neutral (message not signed)"
I have followed this guide: http://wiki.contribs.org/Email#Domain_Authentication
I know that the question it is not 100% relevant to SME Server, but I will appreciate any help..
Thanks in advance!
EDIT: personal information redacted at the request of Author.
-
Moving to Contribs section of the Forums where it is more appropriate.
-
Hi,
this piece:
mkdir --parent /etc/e-smith/templates-custom/var/service/qpsmtpd/config/peers/local
echo "dkim_sign keys dkim">/etc/e-smith/templates-custom/var/service/qpsmtpd/config/peers/local/69dkim_sign
signal-event email-update
finally propagate your public key "dkim.public" content (<key text>) your DNS, check with your DNS server / registrar default._domainkey.domain.ext IN TXT "k=rsa; p=<key text>; t=y" if you want to customize the signing you can add parameters to the line in /etc/e-smith/templates-custom/var/service/qpsmtpd/config/peers/local/69dkim_sign. Parameters and value are separated by a space only.
keys : "dk" or "domainkeys" for domainkey signature only, "dkim" for DKIM signature only, default "both"
dk_method : for domainkey method , default "nofws"
selector : the selector you want, default "default"
algorithm : algorithm for DKIM signing, default "rsa-sha1"
dkim_method : for DKIM, default "relaxed"
You need to define what to sign, so for domainkey it should be:
dkim_sign keysThe example show dkim signature only.
Hope it helps,
-
Hi,
Thanks a lot for your reply !!
That's what happens if you stop reading at the last code block...
So I fixed it, and I sent again to check-auth@verifier.port25.com
I got a fail. It's progress though !
----------------------------------------------------------
DomainKeys check details:
----------------------------------------------------------
Result: fail (bad signature)
ID(s) verified: header.From=kid@mydomain.com
DNS record(s):
default._domainkey.mydomain.com. 10800 IN TXT "v=DKIM1; k=rsa; p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDKm/88Xo1cqgEapGFOzjS8EvUh9/drZTswetqryMI9jUXODjvT+V9YU7PkpgK1YQJDc4KoyFNVdis7DtdmH4Q8O00Bg0SvwX82Dn/pHmxABldnTy5XQNCsHTqQ1xYcveVgduyOCLxOo3wrSeYKRN5lYG2cFBZ/xw6R5ZhPwT0ZjwIDAQAB"
Any ideas ?
EDIT: personal information redacted at the request of Author.
-
I have some more information on this, via mailtest@unlocktheinbox.com
Seems like qmail is doing something wrong in both DKIM and DomainKeys
DKIM
(http://i.imgur.com/Gh8IB5J.png)
DomainKeys
(http://i.imgur.com/NGxlxWN.png)
This is the full report from them:
Publication: RFC 822
Header Information
Name Value
return-path <kid@mydomain.com>
received from mydomain.com (mydomain.com [192.165.67.62]) by mail.unlocktheinbox.com with SMTP; Sat, 1 Mar 2014 13:36:40 -0500
received (qmail 4187 invoked by uid 453); 1 Mar 2014 18:36:39 -0000
dkim-signature v=1; a=rsa-sha1; c=relaxed; d=mydomain.com; h=received:from:subject:date:message-id; s=default; bh=ayrwFPadp4F3z/QXtjGze4JrOL0=; b=TSqRlUtSroUorhcwJGR7Io/AbNL3o+WqaYLyCowj0WioWgA6KPJka/hJyCsfNJWaDMobrYG8QoRoxILqw5K4pjVHGowPhhTOloomQW/77wqpL7ScI1jOxUyNCzzAVGunV1lDQDafAijVGzYRbuOgtA2S0eXcL++jFCbv1lUY0bs=
domainkey-signature a=rsa-sha1; c=nofws; d=mydomain.com; h=received:from:subject:date:message-id; q=dns; s=default; b=Q7PrdhTR3JZCMjAUAqSPHlHlafil4hi+XVTSXQ+akeb07TJxZZbinrmq4JX3ZSOtroDRTm3XxAJzPJ6h++ItIYNRsRx61KcZPl9l7YTwvMZSmA8oWRkViQ597ozCEFWR0BdKnKKnhjpVcXe5ajD/gsWQdInlKuPXW405VO9FsFk=
received from ppp005054123032.access.hol.gr (HELO [192.168.178.2]) (5.54.123.32) (smtp-auth username kid, mechanism plain) by mydomain.com (qpsmtpd/0.84) with (AES128-SHA encrypted) ESMTPSA; Sat, 01 Mar 2014 19:36:39 +0100
message-id <531228B5.2010109@mydomain.com>
date Sat, 01 Mar 2014 20:36:37 +0200
from kidanos Kalantzis <kid@mydomain.com>
user-agent Mozilla/5.0 (X11; Linux x86_64; rv:24.0) Gecko/20100101 Thunderbird/24.3.0
mime-version 1.0
to mailtest@unlocktheinbox.com
subject aaaa
content-type text/plain; charset=ISO-8859-1; format=flowed
content-transfer-encoding 7bit
x-virus-checked Checked by ClamAV on mydomain.com
Authoritative DNS Server (SOA) Check for: mydomain.com
SOA Server Results
a.dns.gandi.net Passed
MX Records
Pref Value Blacklists
10 mydomain.com Check for Blacklists
Information: PTR Records
rDNS PTR Records
Type Mail Domain ARPA Record Results
MX mydomain.com [192.165.67.62] 62.67.165.192.in-addr.arpa. Passed
LSIP mydomain.com [192.165.67.62] 62.67.165.192.in-addr.arpa. Passed
Mail Flow
Mail Domain IP Address
mydomain.com 192.165.67.62
Unknown Unknown
HELO 192.168.178.2
Email Port Checks for: mydomain.com
Protocol Results
SMTP (Port 25): Connection Established
- Extensions: PIPELINING, 8BITMIME, SIZE, STARTTLS
- SSL Hostname: www.mydomain.com
- SSL Subject: E=postmaster@mydomain.com, CN=www.mydomain.com, C=GR
- SSL Issuer: CN=StartCom Class 1 Primary Intermediate Server CA, OU=Secure Digital Certificate Signing, O=StartCom Ltd., C=IL
- SSL Valid: Certificate is Valid
- SSL Key Size: 4096
SMTP SSL (Port 465): Connection Established
- Extensions: PIPELINING, 8BITMIME, SIZE, AUTH
- SSL Hostname: www.mydomain.com
- SSL Subject: E=postmaster@mydomain.com, CN=www.mydomain.com, C=GR
- SSL Issuer: CN=StartCom Class 1 Primary Intermediate Server CA, OU=Secure Digital Certificate Signing, O=StartCom Ltd., C=IL
- SSL Valid: Certificate is Valid
- SSL Key Size: 4096
POP3 (Port 110): Unable to Establish Connection
POP3 SSL (Port 995): Unable to Establish Connection
IMAP (Port 143): Unable to Establish Connection
IMAP SSL (Port 993): Connection Established
- Extensions: IMAP4rev1, AUTH, IMAP4rev1, SASL-IR, SORT, AUTH, MULTIAPPEND, UNSELECT, LITERAL+, IDLE, CHILDREN, NAMESPACE, LOGIN-REFERRALS
- SSL Hostname: www.mydomain.com
- SSL Subject: E=postmaster@mydomain.com, CN=www.mydomain.com, C=GR
- SSL Issuer: CN=StartCom Class 1 Primary Intermediate Server CA, OU=Secure Digital Certificate Signing, O=StartCom Ltd., C=IL
- SSL Valid: Certificate is Valid
- SSL Key Size: 4096
Publication: RFC 4408
SPF Records
SPF Check: Passed
SPF DNS Location: Click Here: mydomain.com
SPF Record in TXT (TYPE 16): v=spf1 mx -all
(TYPE 16) Syntax: Passed
SPF Record in SPF (TYPE 99): v=spf1 mx -all
(TYPE 99) Syntax: Passed
SPF/TXT Match: Passed
Information: Identifier Alignments
SPF Alignment Test (Used in DMARC ASPF Test)
Mail From/Return Path Domain: mydomain.com
From Domain: mydomain.com
SPF Identifier Alignment: Strict
Publication: RFC 4406
Sender ID
Sender ID Check: Passed
Sender ID Record: Uses SPF implementation above
Publication: RFC 4870
Domain Keys Additional Information (Obsolete)
Tag Value
Key Algorithm: a=rsa-sha1
Canonicalization: c=nofws
Domain Name: d=mydomain.com
Signed Headers: h=received:from:subject:date:message-id
Query Method: q=dns
Selector: s=default
Signature Data: b=Q7PrdhTR3JZCMjAUAqSPHlHlafil4hi+XVTSXQ+akeb07TJxZZbinrmq4JX3ZSOtroDRTm3XxAJzPJ6h++ItIYNRsRx61KcZPl9l7YTwvMZSmA8oWRkViQ597ozCEFWR0BdKnKKnhjpVcXe5ajD/gsWQdInlKuPXW405VO9FsFk=
Domain Keys Check (Obsolete)
Signature Found: Yes
SM Signature Verification: Failed - Bad Signature
From Signed: Yes
Restricted Headers Signed: Yes - Return-Path, Received, Comments, Keywords, Bcc, Resent-Bcc, DKIM-Signature should not be signed.
Public Domain Key (Obsolete)
Selector Location: Click Here: default._domainkey.mydomain.com
DNS Record Found: Yes
Record Syntax: v=DKIM1; k=rsa; p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCxxV7JrJpheP7Yp4AtLlD4fS/qGiBdDZv3EiGbcEVZfWjqHRBrETXsGkE7vrhu3rZJ/d2MC3drxd+mKRUplgyBTvCZR/32m1K/LpQEjorLd7mtw4ogev+Jiw8xnfTgqh3z0S+7kTNphQ14YdqFYsisKr1VEFBDgZefIxXm71n/qwIDAQAB
Key Size: 1024
Publication: RFC 6376
DKIM Signature Additional Information
Tag Value
Version: v=1
Key Algorithm: a=rsa-sha1
Canonicalization: c=relaxed
Domain Name: d=mydomain.com
Signed Headers: h=received:from:subject:date:message-id
Selector: s=default
Body Hash: bh=ayrwFPadp4F3z/QXtjGze4JrOL0=
Signature Data: b=TSqRlUtSroUorhcwJGR7Io/AbNL3o+WqaYLyCowj0WioWgA6KPJka/hJyCsfNJWaDMobrYG8QoRoxILqw5K4pjVHGowPhhTOloomQW/77wqpL7ScI1jOxUyNCzzAVGunV1lDQDafAijVGzYRbuOgtA2S0eXcL++jFCbv1lUY0bs=
Publication: RFC 6376
DKIM Check
Signature Found: Yes
SM Sig Verification: Passed
LL Sig Verification: Passed
From Signed: Yes
Restricted Headers Signed: Yes - Return-Path, Received, Comments, Keywords, Bcc, Resent-Bcc, DKIM-Signature should not be signed.
Public DKIM Key
Selector Location: Click Here: default._domainkey.mydomain.com
DNS Record Found: Yes
Record Syntax: v=DKIM1; k=rsa; p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCxxV7JrJpheP7Yp4AtLlD4fS/qGiBdDZv3EiGbcEVZfWjqHRBrETXsGkE7vrhu3rZJ/d2MC3drxd+mKRUplgyBTvCZR/32m1K/LpQEjorLd7mtw4ogev+Jiw8xnfTgqh3z0S+7kTNphQ14YdqFYsisKr1VEFBDgZefIxXm71n/qwIDAQAB
Key Size: 1024 bits
Information: Identifier Alignments
DKIM Alignment Test (Used in DMARC ADKIM Test)
DKIM d= Tag: mydomain.com
From Domain: mydomain.com
DKIM Identifier Alignment: Strict
Draft Publication: DMARC Base-00-02
DMARC Check
Record Syntax: Passed
DKIM Test: Passed
SPF Test: Passed
ADKIM Test: Passed
ASPF Test: Passed
RUA Test: Passed
RUF Test: Passed
DMARC Passed: Yes
DMARC Record Location: Click Here: _dmarc.mydomain.com
DMARC Record: v=DMARC1; p=reject; rua=mailto:postmaster@mydomain.com
Publication: RFC 5617
ADSP (Author Domain Signing Policy) Check
ADSP Record: Not Found - Learn how to set up your ADSP record by clicking here: ADSP Record
ADSP Record Syntax: Not Found
Publication: RFC 822 (6.3), RFC 1123 (5.2.7), RFC 2821 (4.5.1)
Acceptance of Postmaster Address
postmaster@mydomain.com Passed
Acceptance of Abuse Address
abuse@mydomain.com Passed
Spam Assassian Results
Content analysis details: (You scored -3.1 points, 5.0 or higher is considered to be spam)
Pts Rule Name Description
-1.2 RP_MATCHES_RCVD Envelope sender domain matches handover relay domain
-1.9 BAYES_00 BODY: Bayes spam probability is 0 to 1%
[score: 0.0000]
In both DKIM and DomainKeys sections, it is mentioned that the specified headers should not be signed.
The domainkey-signature header of the email states, h=received:from:subject:date:message-id;
So it signs the received header that should not be signed.
Is the responsible functionality of qmail developed externally of the qmail package?
yum says:
Version : 1.03
Release : 17.el5.sme
From what I can see in qmail.org the latest version is indeed 1.03, except from a netqmail package that has a version of 1.06.
But the changes between the two, as stated in qmail.org, have nothing to do with domainkeys/dkim.
Should I report a bug in sme server ?
EDIT: personal information redacted at the request of Author.
-
Seems like qmail is doing something wrong in both DKIM and DomainKeys
qmail doesn't implement dkim or DomainKeys. So I'm not sure why you think qmail is implicated.
Should I report a bug in sme server ?
If you have evidence of a bug in SME server software. But since SME server does not implement DKIM or DomainKeys I'm not sure what there would be to fix.
-
Is the responsible functionality of qmail developed externally of the qmail package?
I''m not quite sure what you are asking here. I think you are asking whether the DKIM feature you are trying to use is implemented outside of qmail. They answer to that is "yes" - you are using a plugin add-on module of qpsmtpd.
-
I found the qmail plugin that does the DKIM/DomainKeys signing.
It was installed by default with SME Server. I didn't add it.
It's this file: /usr/share/qpsmtpd/plugins/dkim_sign
In my last post I had two screenshots from the report of mailtest@unlocktheinbox.com showing the errors.
I found and fixed the bug about the invalid signed headers.
It's a very small patch. I uploaded it here: https://mega.co.nz/#!tlBQHJCY!MNgqcHRaBMZWrshAPlM7_G78575pHFOxawMqEC6ovgo
So the new report is like this for DKIM:
(http://i.imgur.com/zEG5tun.png)
and for DomainKeys:
(http://i.imgur.com/0UBrruw.png)
Still the other error in DomainKeys about the Bad Signature is there.
I don't know how to fix that.
So where should I report the two bugs for that specific file (/usr/share/qpsmtpd/plugins/dkim_sign) ?
-
Kiidlike
You seem to be overlooking or misreading what has been said to you.
qmail IS NOT INVOLVED
qpsmtpd IS INVOLVED
The plugin being used is for qpsmtpd, even the location you refer to says .../qpsmtpd/...
It's this file: /usr/share/qpsmtpd/plugins/dkim_sign
qmail & qpsmtpd ARE DIFFERENT THINGS, google them !
Please report a bug against the qpsmtpd plugin, using the Bugs link at top of forum
Register using a valid email address as your user name/ID, because your forum user account does not work at Bugzilla
Please report your findings there in detail, do not simply link to tbis thread
Remember one bug report for one error or problem, so you should create 2 bugs for the 2 issues you mention for qpsmtpd plugin, not for qmail.
So where should I report the two bugs for that specific file (/usr/share/qpsmtpd/plugins/dkim_sign) ?
-
wow.. though qpsmtpd was related to qmail !
-
Kidlike
Related maybe in usage, but qmail is an MTA & qpsmtpd is a smtpd daemon with plugins for versatility. They are involved in different stages of mail processing
-
It's a very small patch. I uploaded it here: https://mega.co.nz/#!tlBQHJCY!MNgqcHRaBMZWrshAPlM7_G78575pHFOxawMqEC6ovgo
Please attach it to a bug report in the bug tracker. Who knows when mega.co.nz will disappear or delete that file.
-
I've done that!
Not very successfully though..
http://bugs.contribs.org/show_bug.cgi?id=8251
and
http://bugs.contribs.org/show_bug.cgi?id=8252
-
Related maybe in usage, but qmail is an MTA & qpsmtpd is a smtpd daemon with plugins for versatility. They are involved in different stages of mail processing
More specifically, SME server users qmail to deliver mail to local and remote users, and uses qpsmtpd to receive mail via the network.