iRedMail — DKIM Mail signing

Re: DKIM Mail signing

2009-11-14T13:45:03Z

when sending through horde the result will be:

==========================================================
Summary of Results
==========================================================
SPF check: pass
DomainKeys check: neutral
DKIM check: neutral
Sender-ID check: pass
SpamAssassin check: ham

==========================================================
Details:
==========================================================

HELO hostname: mail.bigmichi1.de
Source IP: 188.40.84.226
mail-from: michael@bigmichi1.de

----------------------------------------------------------
SPF check details:
----------------------------------------------------------
Result: pass
ID(s) verified: smtp.mail=michael@bigmichi1.de
DNS record(s):
bigmichi1.de. 86400 IN TXT "v=spf1 mx mx:mail.bigmichi1.de -all"
bigmichi1.de. 86400 IN MX 10 mail.bigmichi1.de.
srv03.bigmichi1.de. 86400 IN A 188.40.84.226

----------------------------------------------------------
DomainKeys check details:
----------------------------------------------------------
Result: neutral (message not signed)
ID(s) verified: header.From=michael@bigmichi1.de
DNS record(s):

----------------------------------------------------------
DKIM check details:
----------------------------------------------------------
Result: neutral (message not signed)
ID(s) verified:

NOTE: DKIM checking has been performed based on the latest DKIM specs
(RFC 4871 or draft-ietf-dkim-base-10) and verification may fail for
older versions. If you are using Port25's PowerMTA, you need to use
version 3.2r11 or later to get a compatible version of DKIM.

----------------------------------------------------------
Sender-ID check details:
----------------------------------------------------------
Result: pass
ID(s) verified: header.From=michael@bigmichi1.de
DNS record(s):
bigmichi1.de. 86400 IN TXT "v=spf1 mx mx:mail.bigmichi1.de -all"
bigmichi1.de. 86400 IN MX 10 mail.bigmichi1.de.
srv03.bigmichi1.de. 86400 IN A 188.40.84.226

----------------------------------------------------------
SpamAssassin check details:
----------------------------------------------------------
SpamAssassin v3.2.5 (2008-06-10)

Result: ham (0.9 points, 5.0 required)

pts rule name description
---- ---------------------- --------------------------------------------------
-0.0 SPF_PASS SPF: sender matches SPF record
0.0 MIME_HTML_MOSTLY BODY: Multipart message mostly text/html MIME
0.0 HTML_MESSAGE BODY: HTML included in message
2.2 TVD_SPACE_RATIO BODY: TVD_SPACE_RATIO
-0.7 BAYES_20 BODY: Bayesian spam probability is 5 to 20%
[score: 0.1824]
-0.6 AWL AWL: From: address is in the auto white-list

when sending through thunderbird from my home machine the result is:

==========================================================
Details:
==========================================================

HELO hostname: mail.bigmichi1.de
Source IP: 188.40.84.226
mail-from: michael@bigmichi1.de

----------------------------------------------------------
DKIM check details:
----------------------------------------------------------
Result: pass (matches From: michael@bigmichi1.de)
ID(s) verified: header.d=bigmichi1.de
Canonicalized Headers:
content-transfer-encoding:7bit'0D''0A'
content-type:text/plain;'20'charset=ISO-8859-15;'20'format=flowed'0D''0A'
subject:Check'0D''0A'
to:check-auth@verifier.port25.com'0D''0A'
mime-version:1.0'0D''0A'
user-agent:Thunderbird'20'2.0.0.23'20'(Windows/20090812)'0D''0A'
from:Michael'20'Cramer'20''0D''0A'
date:Sat,'20'14'20'Nov'20'2009'20'13:33:57'20'+0100'0D''0A'
message-id:<4AFEA3B5.2030507@bigmichi1.de>'0D''0A'
x-virus-scanned:Debian'20'amavisd-new'20'at'20'mail.bigmichi1.de'0D''0A'
dkim-signature:v=1;'20'a=rsa-sha256;'20'c=relaxed/simple;'20'd=bigmichi1.de;'20'h='20'content-transfer-encoding:content-type:subject:to:mime-version'20':user-agent:from:date:message-id:x-virus-scanned;'20's=dkim;'20't='20'1258205711;'20'x=1259069711;'20'bh=frcCV1k9oG9oKj3dpUqdJg1PxRT2RSN/XKd'20'LCPjaYaY=;'20'b=

Canonicalized Body:
'0D''0A'

DNS record(s):
dkim._domainkey.bigmichi1.de. 3600 IN TXT "v=DKIM1; p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDd7Ayf1dZ1ycq2lEO2rH7YJVL1luac4pKSZd1B+JwjXQezZECL26kz4ko3WMLMXnXQSBxLQa2NUeUIhz/BoEBqJXacETzYYKM95Q5gHWA/oec57A/Vf26Mxy8jNRKYF+WSFYuqL7fZUff9frWyF7wlDz0acS+jVVwILQ9vvh7bgwIDAQAB"

----------------------------------------------------------
SpamAssassin check details:
----------------------------------------------------------
SpamAssassin v3.2.5 (2008-06-10)

Result: ham (-0.4 points, 5.0 required)

pts rule name description
---- ---------------------- --------------------------------------------------
-0.0 SPF_PASS SPF: sender matches SPF record
-2.6 BAYES_00 BODY: Bayesian spam probability is 0 to 1%
[score: 0.0000]
2.2 TVD_SPACE_RATIO BODY: TVD_SPACE_RATIO

in both cases one check fails, any solutions or hints for that failing test?
also any suggestion, tip, hint for the different behavior?

Re: DKIM Mail signing

2009-11-13T04:13:52Z

BigMichi1 wrote:

i sent now mail through horde imp webmail frontend and got this message header:

Are you add the horde yourslef ? you can try to use roundcube test it.

Re: DKIM Mail signing

2009-11-12T11:49:51Z

Are you sure they are not signed? Most mail servers only check the DKIM signature and then discard it, so the client can't see it. Send a mail to yahoo.com, they don't discard it.

Also, check amavisd.conf and make sure dkim email signing is enabled for outgoing.

LE:

Please use all reflectors from this page:

http://testing.dkim.org/reflector.html

Re: DKIM Mail signing

2009-11-12T07:35:33Z

Could you please try to send a mail via MUA like Outlook or Thunderbird? Not webmail this time.

Re: DKIM Mail signing

2009-11-12T07:23:39Z

i sent now mail through horde imp webmail frontend and got this message header:

Received: from [188.40.84.226] (helo=mail.bigmichi1.de)
by mx38.web.de with esmtp (WEB.DE 4.110 #314)
id 1N8Tzz-0000ur-00
for bigmichi1@web.de; Thu, 12 Nov 2009 08:21:43 +0100
Received: by mail.bigmichi1.de (iRedMail, from userid 33)
id EEA957CE4; Thu, 12 Nov 2009 08:22:36 +0100 (CET)
Received: from mail.salt-solutions.de (mail.salt-solutions.de
[217.7.51.164]) by horde.bigmichi1.de (Horde Framework) with HTTP; Thu, 12
Nov 2009 08:22:36 +0100
Message-ID: <20091112082236.18626y8zeyr0egn0@horde.bigmichi1.de>
X-Priority: 3 (Normal)
Date: Thu, 12 Nov 2009 08:22:36 +0100
From: Michael Cramer
To: bigmichi1@web.de
Subject: Testmail
MIME-Version: 1.0
Content-Disposition: inline
User-Agent: Internet Messaging Program (IMP) H3 (4.3.5)
Return-Path: michael@bigmichi1.de
Content-Type: text/plain; charset="iso-8859-15"
Content-Transfer-Encoding: 8bit

no dkim at all

Re: DKIM Mail signing

2009-11-12T07:02:40Z

BigMichi1 wrote:

mail sending is done from console with simple mail command on debian 5.0.3.

Could you please try to send mail via MUA or webmail?

Re: DKIM Mail signing

2009-11-12T06:55:15Z

there are more than 3 GB free, are there any ways to debug signing to to print some verbose messages to a log file?

Re: DKIM Mail signing

2009-11-11T16:11:42Z

chek your server memory, if the memory run out. would lead to the dkim not sign.

I have test in debian 5.01 and iredmail 0.51 , and have no problem.

sent email to gmail can find dkim head.

Re: DKIM Mail signing

2009-11-11T13:04:54Z

it is not the problem to get the key and enter it to the dns zone file, the problem is that messages are not signed by dkim no header information at all. dns entry is verified by amavisd testkeys which shows PASS

Re: DKIM Mail signing

2009-11-11T10:51:32Z

You need to put the correct entries in the nameserver(s) that's holding your domain.

E.g.:

dkim._domainkey.yourdomain.com.        3600 TXT (
  "v=DKIM1; p="
  "MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDYwEXrQqGpvGm3TS7O3oob6Plh"
  [....................]
_adsp._domainkey.yourdomain.com. IN    TXT    "dkim=all"

You can find the generated DKIM key for your domain:

[root@mx2 ~]# amavisd showkeys yourdomain.com
; key#16, domain yourdomain.com, /var/lib/dkim/yourdomain.com.pem
dkim._domainkey.yourdomain.com.        3600 TXT (
  "v=DKIM1; p="
  "MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDYwEXrQqGpvGm3TS7O3oob6Plh"
  [....................]

and copy/paste it from there to your zone file.

DKIM Mail signing

2009-11-11T10:44:03Z

Hi,

i followed the guide to set up iredmail and also choose to include spf and dkim. i set up my dns records for both spf and dkim like mentioned here http://code.google.com/p/iredmail/wiki/DNS_DKIM and here http://code.google.com/p/iredmail/wiki/DNS_SPF. but when i sent mail they are not signed with dkim, there are no header entries in the mail? amavisd-new testkeys show pass. must there something more be done to get this working? spf is working really good for me. i tested both with sending a mail to check-auth@verifier.port25.com and they also say that the mail is not dkim signed. mail sending is done from console with simple mail command on debian 5.0.3. Any help would be great to get that working.

Regards