Hello, I have been trying all methods of setting up Domainkey thru internet for weeks. What I got from Port's 25 authentication service was this :
Code: SPF check: pass
DomainKeys check: neutral
DKIM check: pass
Sender-ID check: pass
SpamAssassin check: ham
I cannot get DomainKeys to pass,
this is my TXT Record from DNS settings
Code: mail._domainkey v=DKIM1; k=rsa; t=y; p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDheF8dpdd ...
mail2._domainkey k=rsa; t=y; p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDlvpU8AjVimYAfU5Sy ...
_domainkey t=y; o=~;
Here's config from /etc/postfix/main.cf
Code: smtpd_banner = $myhostname ESMTP $mail_name (Ubuntu)
biff = no
# appending .domain is the MUA's job.
append_dot_mydomain = no
# Uncomment the next line to generate "delayed mail" warnings
#delay_warning_time = 4h
readme_directory = no
# TLS parameters
smtpd_tls_cert_file=/etc/ssl/certs/ssl-cert-snakeoil.pem
smtpd_tls_key_file=/etc/ssl/private/ssl-cert-snakeoil.key
smtpd_use_tls=yes
smtpd_tls_session_cache_database = btree:${data_directory}/smtpd_scache
smtp_tls_session_cache_database = btree:${data_directory}/smtp_scache
# See /usr/share/doc/postfix/TLS_README.gz in the postfix-doc package for
# information on enabling SSL in the smtp client.
myhostname = mail.omnipress.co
alias_maps = hash:/etc/aliases
alias_database = hash:/etc/aliases
myorigin = /etc/mailname
mydestination = omnipress.co, detheme.com, turus, localhost.localdomain, localhost
relayhost =
mynetworks = 127.0.0.0/8 [::ffff:127.0.0.0]/104 [::1]/128
mailbox_size_limit = 0
recipient_delimiter = +
inet_interfaces = loopback-only
# DKIM
milter_default_action = accept
milter_protocol = 2
smtpd_milters = inet:localhost:8891,inet:localhost:8892
non_smtpd_milters = inet:localhost:8891,inet:localhost:8892
bounce_notice_recipient = rio@omnipress.co
This is config from /etc/default/dk-filter
Code: # Sane defaults: log to syslog
DAEMON_OPTS="-l"
# Sign for example.com with key in /etc/mail/domainkey.key using
# selector '2007' (e.g. 2007._domainkey.example.com)
#DAEMON_OPTS="$DAEMON_OPTS -d example.com -s /etc/mail/domainkey.key -S 2007"
# See dk-filter(8) for a complete list of options
#
# Uncomment to specify an alternate socket
#SOCKET="/var/run/dk-filter/dk-filter.sock" # default
#SOCKET="inet:54321" # listen on all interfaces on port 54321
#SOCKET="inet:12345@localhost" # listen on loopback on port 12345
#SOCKET="inet:12345@192.0.2.1" # listen on 192.0.2.1 on port 12345
SOCKET="inet:8892@localhost"
DAEMON_OPTS="$DAEMON_OPTS -d *.co, *.com -s /etc/mail/domainkey.key -S mail2"
And config from /etc/opendkim.conf
Code: # This is a basic configuration that can easily be adapted to suit a standard
# installation. For more advanced options, see opendkim.conf(5) and/or
# /usr/share/doc/opendkim/examples/opendkim.conf.sample.
# Log to syslog
Syslog yes
# Required to use local socket with MTAs that access the socket as a non-
# privileged user (e.g. Postfix)
UMask 002
# Sign for example.com with key in /etc/mail/dkim.key using
# selector '2007' (e.g. 2007._domainkey.example.com)
#Domain example.com
#KeyFile /etc/mail/dkim.key
#Selector 2007
# Commonly-used options; the commented-out versions show the defaults.
Canonicalization relaxed/relaxed
Mode sv
#SubDomains no
#ADSPDiscard no
AutoRestart yes
Background yes
# Always oversign From (sign using actual From and a null From to prevent
# malicious signatures header fields (From and/or others) between the signer
# and the verifier. From is oversigned by default in the Debian pacakge
# because it is often the identity key used by reputation systems and thus
# somewhat security sensitive.
OversignHeaders From
# List domains to use for RFC 6541 DKIM Authorized Third-Party Signatures
# (ATPS) (experimental)
#ATPSDomains example.com
Domain *
KeyFile /etc/postfix/dkim.key
Selector mail
SOCKET inet:8891@localhost
Can somebody shed me some light ? I'm all lost here...
Any feedback would be greatly appreciated. Thanks.
|