Dec 29, 2023: iRedMail-1.6.8 has been released.

**pbf343** · 2016-07-11 21:25:54

pbf343
Member
Offline

Registered: 2013-05-30
Posts: 243

Topic: New DKIM Key

==== Required information ====
- iRedMail version (check /etc/iredmail-release):
- Linux/BSD distribution name and version:
- Store mail accounts in which backend (LDAP/MySQL/PGSQL):
- Web server (Apache or Nginx):
- Manage mail accounts with iRedAdmin-Pro?
- Related log if you're reporting an issue:
====

IRedAdmin-Pro and CentOS 6.x release. Followed instructions for new DKIM signature on the iRedMail docs here:
http://www.iredmail.org/docs/sign.dkim. … omain.html

Performed the test which seems to pass.
Query the DNS records and see the key as well.
dig -t txt dkim._domainkey.domain_name.tld

Everything appears fine per test.
amavisd -c /etc/amavisd/amavisd.conf testkeys
Returns and pass

Yet when sending email the dkim key does not appear attached in the headers. Examples:
Send email to test Gmail account from system with new key.
View headers of the new email.
No DKIM key present in the email.
Reply back to system form the the gmail account.
Google DKIM key is present.

Should the key be present in sent emails? What am I missing in correcting it to include it?

----

Spider Email Archiver: On-Premises, lightweight email archiving software developed by iRedMail team. Supports Amazon S3 compatible storage and custom branding.

**ZhangHuangbin** · 2016-07-11 22:11:38

ZhangHuangbin
iRedMail Developers
Offline

Registered: 2009-05-06
Posts: 30,770

Re: New DKIM Key

How did you send the testing email?

**pbf343** · 2016-07-12 02:17:53

pbf343
Member
Offline

Registered: 2013-05-30
Posts: 243

Re: New DKIM Key

The original email from the IredMail system was through Mozilla Thunderbird via Port 993.

**ZhangHuangbin** · 2016-07-12 08:36:29

ZhangHuangbin
iRedMail Developers
Offline

Registered: 2009-05-06
Posts: 30,770

Re: New DKIM Key

Port 993 is pop3.
Please double check your Thunderbird setting, do you use port 587 with starttls to send email? Also, show me output of command "postconf -n", and the lines define "submission" transport in /etc/postfix/master.cf.

**pbf343** · 2016-07-13 20:25:46

pbf343
Member
Offline

Registered: 2013-05-30
Posts: 243

Re: New DKIM Key

Hello,
Port 993. You're correct. I'm using Thunderbird on Apple Mac with connections to the system and gmail accounts. Was under the impression it was using port 587 until I checked. Will update settings and get config and be back in touch soon. Thanks for patience.

**pbf343** · 2016-07-14 05:25:13

pbf343
Member
Offline

Registered: 2013-05-30
Posts: 243

Re: New DKIM Key

alias_database = hash:/etc/postfix/aliases
alias_maps = hash:/etc/postfix/aliases
allow_min_user = no
allow_percent_hack = no
biff = no
body_checks = pcre:/etc/postfix/body_checks.pcre
bounce_queue_lifetime = 4h
broken_sasl_auth_clients = yes
command_directory = /usr/sbin
config_directory = /etc/postfix
content_filter = smtp-amavis:[127.0.0.1]:10024
daemon_directory = /usr/libexec/postfix
data_directory = /var/lib/postfix
debug_peer_level = 2
debugger_command = PATH=/bin:/usr/bin:/usr/local/bin:/usr/X11R6/bin ddd $daemon_directory/$process_name $process_id & sleep 5
delay_warning_time = 0h
disable_vrfy_command = yes
dovecot_destination_recipient_limit = 1
enable_original_recipient = no
header_checks = pcre:/etc/postfix/header_checks
home_mailbox = Maildir/
html_directory = no
inet_interfaces = all
inet_protocols = ipv4
lmtp_tls_mandatory_protocols = !SSLv2 !SSLv3
lmtp_tls_protocols = !SSLv2 !SSLv3
mail_owner = postfix
mailbox_command = /usr/libexec/dovecot/deliver
mailbox_size_limit = 104857600
mailq_path = /usr/bin/mailq.postfix
manpage_directory = /usr/share/man
maximal_backoff_time = 4000s
maximal_queue_lifetime = 4h
message_size_limit = 104857600
minimal_backoff_time = 300s
mydestination = $myhostname, localhost, localhost.localdomain
mydomain = hostname.my_domain_name.tld
myhostname = hostname.my_domain_name.tld
mynetworks = 127.0.0.1, a_private_subnet/24
mynetworks_style = host
myorigin = hostname.my_domain_name.tld
newaliases_path = /usr/bin/newaliases.postfix
proxy_read_maps = $canonical_maps $lmtp_generic_maps $local_recipient_maps $mydestination $mynetworks $recipient_bcc_maps $recipient_canonical_maps $relay_domains $relay_recipient_maps $relocated_maps $sender_bcc_maps $sender_canonical_maps $smtp_generic_maps $smtpd_sender_login_maps $transport_maps $virtual_alias_domains $virtual_alias_maps $virtual_mailbox_domains $virtual_mailbox_maps $smtpd_sender_restrictions
queue_directory = /var/spool/postfix
queue_run_delay = 300s
readme_directory = /usr/share/doc/postfix-2.11.0/README_FILES
recipient_bcc_maps = proxy:mysql:/etc/postfix/mysql/recipient_bcc_maps_user.cf, proxy:mysql:/etc/postfix/mysql/recipient_bcc_maps_domain.cf
recipient_delimiter = +
relay_domains = $mydestination, proxy:mysql:/etc/postfix/mysql/relay_domains.cf
sample_directory = /usr/share/doc/postfix-2.11.0/samples
sender_bcc_maps = proxy:mysql:/etc/postfix/mysql/sender_bcc_maps_user.cf, proxy:mysql:/etc/postfix/mysql/sender_bcc_maps_domain.cf
sendmail_path = /usr/sbin/sendmail.postfix
setgid_group = postdrop
smtp-amavis_destination_recipient_limit = 1
smtp_data_init_timeout = 240s
smtp_data_xfer_timeout = 600s
smtp_tls_CAfile = $smtpd_tls_CAfile
smtp_tls_loglevel = 0
smtp_tls_mandatory_protocols = !SSLv2 !SSLv3
smtp_tls_note_starttls_offer = yes
smtp_tls_protocols = !SSLv2 !SSLv3
smtp_tls_security_level = may
smtpd_data_restrictions = reject_unauth_pipelining
smtpd_end_of_data_restrictions = check_policy_service inet:127.0.0.1:7777
smtpd_helo_required = yes
smtpd_helo_restrictions = permit_mynetworks, permit_sasl_authenticated, reject_non_fqdn_helo_hostname, reject_invalid_helo_hostname, check_helo_access pcre:/etc/postfix/helo_access.pcre
smtpd_recipient_restrictions = reject_unknown_recipient_domain, reject_non_fqdn_recipient, reject_unlisted_recipient, check_policy_service inet:127.0.0.1:7777, permit_mynetworks, permit_sasl_authenticated, reject_unauth_destination, reject_rbl_client b.barracudacentral.org, reject_rbl_client bl.spamcop.net, reject_rbl_client cbl.abuseat.org, reject_rbl_client zen.spamhaus.org
smtpd_reject_unlisted_recipient = yes
smtpd_reject_unlisted_sender = yes
smtpd_sasl_auth_enable = yes
smtpd_sasl_local_domain =
smtpd_sasl_path = private/dovecot-auth
smtpd_sasl_security_options = noanonymous
smtpd_sasl_type = dovecot
smtpd_sender_login_maps = proxy:mysql:/etc/postfix/mysql/sender_login_maps.cf
smtpd_sender_restrictions = reject_unknown_sender_domain reject_non_fqdn_sender reject_unlisted_sender permit_mynetworks permit_sasl_authenticated check_sender_access pcre:/etc/postfix/sender_access.pcre
smtpd_tls_CAfile = /etc/pki/tls/certs/my_domain_name_tld_2016_chained_bundle.pem
smtpd_tls_auth_only = yes
smtpd_tls_cert_file = /etc/pki/tls/certs/my_domain_name_tld_2016_chained_bundle.pem
smtpd_tls_dh1024_param_file = /etc/pki/tls/dhparams.pem
smtpd_tls_key_file = /etc/pki/tls/private/my_domain_name.tld.key
smtpd_tls_loglevel = 1
smtpd_tls_mandatory_exclude_ciphers = aNULL, eNULL, EXPORT, DES, RC4, MD5, PSK, aECDH, EDH-DSS-DES-CBC3-SHA, EDH-RSA-DES-CDC3-SHA, KRB5-DE5, CBC3-SHA
smtpd_tls_mandatory_protocols = !SSLv2 !SSLv3
smtpd_tls_protocols = !SSLv2 !SSLv3
smtpd_tls_security_level = may
swap_bangpath = no
tls_random_source = dev:/dev/urandom
transport_maps = proxy:mysql:/etc/postfix/mysql/transport_maps_user.cf, proxy:mysql:/etc/postfix/mysql/transport_maps_domain.cf
unknown_local_recipient_reject_code = 550
virtual_alias_domains =
virtual_alias_maps = proxy:mysql:/etc/postfix/mysql/virtual_alias_maps.cf, proxy:mysql:/etc/postfix/mysql/domain_alias_maps.cf, proxy:mysql:/etc/postfix/mysql/catchall_maps.cf, proxy:mysql:/etc/postfix/mysql/domain_alias_catchall_maps.cf
virtual_gid_maps = static:2000
virtual_mailbox_base = /var/vmail
virtual_mailbox_domains = proxy:mysql:/etc/postfix/mysql/virtual_mailbox_domains.cf
virtual_mailbox_maps = proxy:mysql:/etc/postfix/mysql/virtual_mailbox_maps.cf
virtual_minimum_uid = 2000
virtual_transport = dovecot
virtual_uid_maps = static:2000

**ZhangHuangbin** · 2016-07-14 09:15:59

ZhangHuangbin
iRedMail Developers
Offline

Registered: 2009-05-06
Posts: 30,770

Re: New DKIM Key

What's your SMTP setting in MUA? Does it work now?

**pbf343** · 2016-07-14 23:21:32

pbf343
Member
Offline

Registered: 2013-05-30
Posts: 243

Re: New DKIM Key

Hi Zhang,

Isn't Port 993 for IMAP via SSL and Port 995 is Pop3 via SSL?

When I looked at Thunderbird and I was the server setting which is using the sever name smpt.domain_name.tld and port. This is for the imap connections and not outgoing. This was reinstall of the Thunderbird post OS install and not sure why the reference was set to smtp in their GUI setup but they're the same IP currently. So did not detect this originally...

Outgoing is set to smtp.domain_name.tld and the port is 587 with StartTLS.

Still no DKIM key present in sent email.

**ZhangHuangbin** · 2016-07-15 00:07:08

ZhangHuangbin
iRedMail Developers
Offline

Registered: 2009-05-06
Posts: 30,770

Re: New DKIM Key

I'm afraid that you have to turn on debug mode in Amavisd to figure it out. FYI:
http://www.iredmail.org/docs/debug.amavisd.html

Amavisd will show log about dkim signing, please check the log carefully.

Dec 29, 2023: iRedMail-1.6.8 has been released.

New DKIM Key

Posts: 9

1 Topic by pbf343 2016-07-11 21:25:54

Topic: New DKIM Key

2 Reply by ZhangHuangbin 2016-07-11 22:11:38

Re: New DKIM Key

3 Reply by pbf343 2016-07-12 02:17:53

Re: New DKIM Key

4 Reply by ZhangHuangbin 2016-07-12 08:36:29

Re: New DKIM Key

5 Reply by pbf343 2016-07-13 20:25:46

Re: New DKIM Key

6 Reply by pbf343 2016-07-14 05:25:13

Re: New DKIM Key

7 Reply by ZhangHuangbin 2016-07-14 09:15:59

Re: New DKIM Key

8 Reply by pbf343 2016-07-14 23:21:32 (edited by pbf343 2016-07-14 23:34:21)

Re: New DKIM Key

9 Reply by ZhangHuangbin 2016-07-15 00:07:08

Re: New DKIM Key

Posts: 9