1 (edited by pbf343 2015-07-07 08:54:36)

Topic: DKIM keys CentOS 6.x not working

==== Required information ====
- iRedMail version (check /etc/iredmail-release):
- Linux/BSD distribution name and version:
- Store mail accounts in which backend (LDAP/MySQL/PGSQL):
- Web server (Apache or Nginx):
- Manage mail accounts with iRedAdmin-Pro?
- Related log if you're reporting an issue:
====

Some suggestions to add to current "Documenation" at present:
http://www.iredmail.org/docs/sign.dkim. … omain.html

CentOS 6.6 current version.   Append amavisd-new genrsa is not correct syntax for CentOS 6 with amavisd genrsa being accurate syntax.  Example:
    amavisd-new genrsa /var/lib/dkim/new_domain.com.pem
    amavisd genrsa /var/lib/dkim/new_domain.com.pem 2048


NOTE: another possible POINT of CLARIFICATION for:
    http://www.iredmail.org/docs/sign.dkim. … omain.html
"new_domain.com"  => { d => "mydomain.com", a => 'rsa-sha256', ttl => 10*24*3600 },

If "new_domain.com is a subdomain, does the mydomain.com value get inserted as subdomain.
Example
  "mail.domain_name.com"  => { d => "mydomain.com", a => 'rsa-sha256', ttl => 10*24*3600 },
   "mail.domain_name.com"  => { d => "mail.mydomain.com", a => 'rsa-sha256', ttl => 10*24*3600 },


CROSS REFERENCE to another post/question (see script).
http://www.iredmail.org/forum/topic9219 … users.html


What is the correct ownership?  What are the correct permissions for the file?   

Example of originally generated file:
    -rw-------.  1 amavis amavis 1.7K Jun 30 07:47 mydomain.com.pem

    Assume the above unless told otherwise for new domain. 
    -rw-------.  1 amavis amavis 1.7K Jun 30 07:47 mail.mydomain.com.pem



On Another note:  Is this still of value?  If not, should it be archived as problematic? 
https://code.google.com/p/iredmail/wiki/DNS_DKIM

----

Spider Email Archiver: On-Premises, lightweight email archiving software developed by iRedMail team. Supports Amazon S3 compatible storage and custom branding.

2

Re: DKIM keys CentOS 6.x not working

Have created 2 dkim pem files with permissions 0600 and owned by amavisd

Have added the references to:   vim /etc/amavisd/amavisd.conf


dkim_key("domain.email", "dkim", "/var/lib/dkim/domain.email.pem");
dkim_key("host01.domain.com", "dkim", "/var/lib/dkim/host01.domain.com.pem");
dkim_key("host02.domain.email", "dkim", "/var/lib/dkim/host02.domain.email.pem");

"domain.email"  => { d => "domain.email", a => 'rsa-sha256', ttl => 10*24*3600 },
"host01.domain.com" => { d => "host01.domain.com", a => 'rsa-sha256', ttl => 10*24*3600 },
"host02.domain.email" => { d => "host02.domain.email", a => 'rsa-sha256', ttl => 10*24*3600 },

service amavisd restart
Shutting down amavisd: Daemon [8475] terminated by SIGTERM
                                                           [  OK  ]
amavisd stopped
Starting amavisd:                                          [  OK  ]



Send out test e-mail.  Only get 1 DKIM Key in header.   What am I missing in this?

3

Re: DKIM keys CentOS 6.x not working

pbf343 wrote:

CentOS 6.6 current version.   Append amavisd-new genrsa is not correct syntax for CentOS 6 with amavisd genrsa being accurate syntax.  Example:
    amavisd-new genrsa /var/lib/dkim/new_domain.com.pem
    amavisd genrsa /var/lib/dkim/new_domain.com.pem 2048

Fixed in document.

pbf343 wrote:

What is the correct ownership?  What are the correct permissions for the file?   
Example of originally generated file:
    -rw-------.  1 amavis amavis 1.7K Jun 30 07:47 mydomain.com.pem
    Assume the above unless told otherwise for new domain. 
    -rw-------.  1 amavis amavis 1.7K Jun 30 07:47 mail.mydomain.com.pem

Amavisd will set the file owner and permission automatically.

pbf343 wrote:

Send out test e-mail.  Only get 1 DKIM Key in header.   What am I missing in this?

Could you please turn on debug mode in Amavisd to see why it doesn't work as expected?
Reference: http://www.iredmail.org/docs/debug.amavisd.html

4 (edited by pbf343 2015-07-07 23:24:19)

Re: DKIM keys CentOS 6.x not working

ZhangHuangbin wrote:
pbf343 wrote:

CentOS 6.6 current version.   Append amavisd-new genrsa is not correct syntax for CentOS 6 with amavisd genrsa being accurate syntax.  Example:
    amavisd-new genrsa /var/lib/dkim/new_domain.com.pem
    amavisd genrsa /var/lib/dkim/new_domain.com.pem 2048

Fixed in document.

pbf343 wrote:

What is the correct ownership?  What are the correct permissions for the file?   
Example of originally generated file:
    -rw-------.  1 amavis amavis 1.7K Jun 30 07:47 mydomain.com.pem
    Assume the above unless told otherwise for new domain. 
    -rw-------.  1 amavis amavis 1.7K Jun 30 07:47 mail.mydomain.com.pem

ZhangHuangbin wrote:

Amavisd will set the file owner and permission automatically.

Yes, amavisd will set the persmissions and ownership automatically on install (I believe in your amavisd.sh script).  However, I referring to the document of creating a new DKIM key.  Account does not offer ability to su to amavis users (which is good).  So when create as root user, or sudo, ownership and permissions will not necessarily be correct.



pbf343 wrote:

Send out test e-mail.  Only get 1 DKIM Key in header.   What am I missing in this?

Could you please turn on debug mode in Amavisd to see why it doesn't work as expected?
Reference: http://www.iredmail.org/docs/debug.amavisd.html

I would have been happy to do such but after hours of fighting it, researching it, etc., etc. I destroyed the virtual machine.  So there is not ability to do such at this time.   

In regards to the documentation page though, you may want to expand on the instructions in written form to more clear about items, etc. such as the selector.  Does each key have to have a unique selector?  If so, is there a best practice standard convention in such?

Is this the correct documentation for amavisd (dkim)?
http://www.ijs.si/software/amavisd/amav … .html#dkim

5

Re: DKIM keys CentOS 6.x not working

OK, i added a link to Amavisd official document, so that users can get more details:

Setting up DKIM mail signing and verification
http://www.ijs.si/software/amavisd/amav … .html#dkim