1 (edited by Thierry 2015-09-20 15:30:17)

Topic: [Solved] DKIM questions

==== Required information ====
- iRedMail version (check /etc/iredmail-release): 0.9.2
- Linux/BSD distribution name and version: Debian 8
- Store mail accounts in which backend (LDAP/MySQL/PGSQL): Mysql
- Web server (Apache or Nginx): Nginx
- Related log if you're reporting an issue:
====
Hi,

I start to be a bit confused with DKIM.

amavisd-new showkeys:

; key#1 2048 bits, i=zobe, d=domain.ltd, /var/lib/dkim/domain.ltd.pem
zobe._domainkey.domain.ltd.    3600 TXT (
  "v=DKIM1; p="
  "MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA8Eu79PPDQN9xBg0kFViM"
  "Ezg5BEyLUsr1EEoqz2SqOCxTBadHZgMdNuUz4htkx8pT+LECJSnUObSvAMYPfv4u"
  "IjtLMKPcAt3F9E9uobu7JF8wR5M+795FJ2k1xcioREPF3mOXggY+Mm8MF/UGlRNr"
  "ej1TFze3BiTjBTZbYdVD4on7Brl8oo5st2B1c6Hj3Hl69GDx11ctXy0bdIExRGYX"
  "1u3KueY3TbOcFpWEQUYYAXmHNAdopUdkTqzZgwniri9S/TQWEOHkgwp0NcJqkV3C"
  "A1lWaly80ixzyrRk2lHypn95Ao5lmA2uAJSaMiTj9B5CL7+N8iQ/XJXmEpi0dXnm"
  "QQIDAQAB")

; key#2 2048 bits, i=dkim, d=domain.ltd, /var/lib/dkim/domain.ltd.pem
dkim._domainkey.domain.ltd.    3600 TXT (
  "v=DKIM1; p="
  "MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA8Eu79PPDQN9xBg0kFViM"
  "Ezg5BEyLUsr1EEoqz2SqOCxTBadHZgMdNuUz4htkx8pT+LECJSnUObSvAMYPfv4u"
  "IjtLMKPcAt3F9E9uobu7JF8wR5M+795FJ2k1xcioREPF3mOXggY+Mm8MF/UGlRNr"
  "ej1TFze3BiTjBTZbYdVD4on7Brl8oo5st2B1c6Hj3Hl69GDx11ctXy0bdIExRGYX"
  "1u3KueY3TbOcFpWEQUYYAXmHNAdopUdkTqzZgwniri9S/TQWEOHkgwp0NcJqkV3C"
  "A1lWaly80ixzyrRk2lHypn95Ao5lmA2uAJSaMiTj9B5CL7+N8iQ/XJXmEpi0dXnm"
  "QQIDAQAB")

amavisd-new testkeys:

TESTING#1 maelenn.org: zobe._domainkey.maelenn.org => invalid (public key: not available)
TESTING#2 maelenn.org: dkim._domainkey.maelenn.org => pass

I have now 2 dkim keys .... one is valid (dkim._domainkey), not the second one (zobe._domainkey).
How to remove the wrong key ?

Thx

----

Spider Email Archiver: On-Premises, lightweight email archiving software developed by iRedMail team. Supports Amazon S3 compatible storage and custom branding.

2

Re: [Solved] DKIM questions

I think the amavisd-new testkeys utility contains a bug. It seems the tool is only able to get the public key if the key is listed as the last txt record by your dns provider. Try to verify using this online tool: http://mxtoolbox.com/dkim.aspx

3

Re: [Solved] DKIM questions

Do you enabled multiple DKIM key in Amavisd config file?

4 (edited by Thierry 2015-09-19 22:04:49)

Re: [Solved] DKIM questions

As you can see (attachement file), this seems to work ....
But I have two keys, strictly identical (except for value = i), and I would like to remove the wrong one smile
Thx

Post's attachments

dkim.JPG
dkim.JPG 72.9 kb, file has never been downloaded. 

You don't have the permssions to download the attachments of this post.

5 (edited by Thierry 2015-09-19 22:20:57)

Re: [Solved] DKIM questions

ZhangHuangbin wrote:

Do you enabled multiple DKIM key in Amavisd config file?

I don't want Amavis using multiple dkim keys .... I would like to remove the one with the wrong "i" value (zobe) ...
Is it possible ?

Second question:

How DKIM is working in iRedmail server ? It seems that opendkim is not installed (??) ... Is it Amavis who fully manage DKIM ?

Thx

6

Re: [Solved] DKIM questions

my dkim config:

## DKIM
$interface_policy{'10024'} = 'DKIM_ALWAYS';
$policy_bank{'DKIM_ALWAYS'} = {
originating => 1,
};

$enable_dkim_verification = 1;
$enable_dkim_signing = 1;
 dkim_key('domain.ltd', 'zobe', '/var/lib/dkim/domain.ltd.pem');
 @dkim_signature_options_bysender_maps = (
  { '.' => { ttl => 21*24*3600, c => 'relaxed/simple' } } );
  @mynetworks = qw(192.168.0.0/24 192.168.1.0/24 192.168.2.0/24 192.168.3.0/24 192.168.4.0/24 127.0.0.1);  # list your internal networks

7

Re: [Solved] DKIM questions

Thierry wrote:

$interface_policy{'10024'} = 'DKIM_ALWAYS';
$policy_bank{'DKIM_ALWAYS'} = {
originating => 1,
};

Why do you add these lines?

Thierry wrote:

dkim_key('domain.ltd', 'zobe', '/var/lib/dkim/domain.ltd.pem');

You defines dkim DNS record 'zobe._domainkey.domain.ltd' here. Does it shows correct output if you change 'zobe' to 'dkim'?

Did you check our tutorial here?
http://www.iredmail.org/docs/sign.dkim. … omain.html

Also, looks like you changed some other iRedMail default settings.

8

Re: [Solved] DKIM questions

My mistakes was that I had two times the definition:

dkim_key('domain.ltd', 'zobe', '/var/lib/dkim/domain.ltd.pem');
and
dkim_key('domain.ltd', 'dkim', '/var/lib/dkim/domain.ltd.pem');

Everytime I was triing to run Amavis, it was saying that dkim was already in use ....

You didn't answer to my question concerning opendkim ?? Is it Amavis who is managing fully DKIM ?

Thx

9

Re: [Solved] DKIM questions

Thierry wrote:

You didn't answer to my question concerning opendkim ?? Is it Amavis who is managing fully DKIM ?

amavisd fully manages dkim.