Skip to content

Instantly share code, notes, and snippets.

/dkimconf Secret
Created Apr 11, 2014

Embed
What would you like to do?
Postfix main.cf :
content_filter = smtp-amavis:[127.0.0.1]:10024
milter_default_action = accept
milter_protocol = 2
smtpd_milters = inet:localhost:12345
non_smtpd_milters = inet:localhost:12345
Postfix master.cf :
smtp-amavis unix - - n - 2 smtp
-o smtp_data_done_timeout=1200
-o smtp_send_xforward_command=yes
-o disable_dns_lookups=yes
-o max_use=20
-o smtpd_milters=inet:127.0.0.1:12345
Opendkim: /etc/opendkim.conf
Syslog yes
UMask 002
Domain xxxxx.ro
Selector default
Canonicalization relaxed/simple
Mode sv
SubDomains yes
OversignHeaders From
KeyTable refile:/etc/opendkim/KeyTable
SigningTable refile:/etc/opendkim/SigningTable
ExternalIgnoreList /etc/opendkim/TrustedHosts
InternalHosts /etc/opendkim/TrustedHosts
LogWhy yes
SyslogSuccess yes
SignatureAlgorithm rsa-sha256
Statistics /var/log/dkim.log
Amavis-new : /etc/amavis/conf.d/50-user
$log_level = 5;
$mydomain = 'xxxxx.ro';
$myhostname = 'xxxxx.ro';
@local_domains_maps = ( ['.xxxxx.ro'] );
$enable_dkim_verification = 1; # enable DKIM signatures verification
$enable_dkim_signing = 1; # load DKIM signing code, keys defined by dkim_key
dkim_key('xxxxx.ro', 'default', '/etc/opendkim/keys/xxxxx.ro/default.private');
@dkim_signature_options_bysender_maps = (
{ '.' => { ttl => 21*24*3600, c => 'relaxed/simple' } } );
@mynetworks = qw(0.0.0.0/8 127.0.0.0/8 10.0.0.0/8 172.16.0.0/12 192.168.0.0/16);
$interface_policy{'10024'} = 'DKIM_ALWAYS';
$interface_policy{'10025'} = 'DKIM_ALWAYS';
$policy_bank{'DKIM_ALWAYS'} = { originating => 1, };
LOGS :
Apr 11 16:06:24 xxxxx postfix/pickup[122335]: E925E4C0510: uid=0 from=<root>
Apr 11 16:06:24 xxxxx postfix/cleanup[122391]: E925E4C0510: message-id=<20140411130624.E925E4C0510@xxxxx.ro>
Apr 11 16:06:24 xxxxx opendkim[121792]: E925E4C0510: DKIM-Signature header added (s=default, d=xxxxx.ro)
Apr 11 16:06:25 xxxxx postfix/qmgr[122337]: E925E4C0510: from=<root@xxxxx.ro>, size=345, nrcpt=1 (queue active)
Apr 11 16:06:25 xxxxx amavis[122166]: () loaded policy bank "DKIM_ALWAYS"
Apr 11 16:06:25 xxxxx amavis[122166]: (122166-02) ESMTP::10024 /var/lib/amavis/tmp/amavis-20140411T160159-122166-qh2QElUO: <root@xxxxx.ro> -> <PKFMOOHRQTTFMQOCFOKS@dk.mailradar.com> SIZE=345 Received: from xxxxx.ro ([127.0.0.1]) by localhost (xxxxx.ro [127.0.0.1]) (amavisd-new, port 10024) with ESMTP for <PKFMOOHRQTTFMQOCFOKS@dk.mailradar.com>; Fri, 11 Apr 2014 16:06:25 +0300 (EEST)
Apr 11 16:06:25 xxxxx amavis[122166]: (122166-02) dkim: VALID Author+Sender+MailFrom signature by d=xxxxx.ro, From: <root@xxxxx.ro>, a=rsa-sha256, c=relaxed/simple, s=default, i=@xxxxx.ro, ORIG []:
Apr 11 16:06:25 xxxxx amavis[122166]: (122166-02) Checking: puc6kwQ5Vp48 DKIM_ALWAYS <root@xxxxx.ro> -> <PKFMOOHRQTTFMQOCFOKS@dk.mailradar.com>
Apr 11 16:06:25 xxxxx amavis[122166]: (122166-02) p001 1 Content-Type: text/plain, size: 5 B, name:
RESPONSE FROM MAILRADAR :
The message does not have a domain key signature!
Domain-Key Status: NOT PASSED
Return-Path: <root@xxxxx.ro>
Authentication-Results: node6.(none) from=root@xxxxx.ro; domainkeys=neutral
Received: from node6.gecad.com [127.0.0.1] by node6 (Axigen) with (AES256-SHA
encrypted) ESMTPS id 11A421; Fri, 11 Apr 2014 16:06:31 +0300
Received: from xxxxx.ro [80.80.80.80] by node6 (Axigen) with ESMTP id
2A8742; Fri, 11 Apr 2014 16:06:29 +0300
Received: from localhost (localhost [127.0.0.1]) by xxxxx.ro (Postfix) with
ESMTP id 609D64C0085 for <PKFMOOHRQTTFMQOCFOKS@dk.mailradar.com>; Fri, 11 Apr
2014 16:06:29 +0300 (EEST)
X-Virus-Scanned: amavisd-new at xxxxx.ro
Received: from xxxxx.ro ([127.0.0.1]) by localhost (xxxxx.ro
[127.0.0.1]) (amavisd-new, port 10024) with ESMTP id puc6kwQ5Vp48 for
<PKFMOOHRQTTFMQOCFOKS@dk.mailradar.com>; Fri, 11 Apr 2014 16:06:25 +0300
(EEST)
Received: by xxxxx.ro (Postfix, from userid 0) id E925E4C0510; Fri, 11 Apr
2014 16:06:24 +0300 (EEST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=xxxxx.ro; s=default;
t=1397221584; bh=g3zLYH4xKxcPrHOD18z9YfpQcnk/GaJedfustWU5uGs=;
h=To:Subject:Date:From:From;
b=B3X9TrYcphxK2GX5zqouHmdtNqqUzquJctMcIrVxjqIJvSno2Nom1jbbsCBkn99hB
9q8DHLfmoyeQPjDjd7N+pMlJYUhlUs1ZYHd/tLVzafOKv67fQJi4F2FJIcZG1XVA5Y
I6nyPjTx9+fSR8ohIUN3HJ3+wA1PnNIjhxOgHxkg=
To: PKFMOOHRQTTFMQOCFOKS@dk.mailradar.com
Subject: test
Message-Id: <20140411130624.E925E4C0510@xxxxx.ro>
Date: Fri, 11 Apr 2014 16:06:24 +0300 (EEST)
From: root@xxxxx.ro (root)
X-Spam-Status: No, score=2.167, required=5
tests=DKIM_SIGNED,DKIM_VALID,DKIM_VALID_AU,HELO_NO_DOMAIN,JR_RCVD_HOST_PROBS2,RCVD_IN_BRBL_LASTEXT,RDNS_NONE,SPF_PASS
X-Spam-Level: **
X-Spam-Checker-Version: SpamAssassin 3.003001
X-Scanned-By: MIMEDefang 2.67 on 193.230.245.6
NS records:
# dig +short TXT default._domainkey.xxxxx.ro
"v=DKIM1\; k=rsa\; p=EBAQUAA4GNADCBiQKBgQC8yeiJCxmKV6PcqGpW1UB0kFNJ6dkmIpKGiE30zviqis7yNirhsLn3AagHKHtBHz2E1Dx8vFGylQ9aaNif/caK+cyNx3cDMxVveK03OjJB/hzAv/kMNz2qhRl6yAl9i55RxPgpJVY9E2w0zlzetwIDAQAB"
# amavisd-new showkeys
; key#1, domain xxxxx.ro, /etc/opendkim/keys/xxxxx.ro/default.private
default._domainkey.xxxxx.ro. 3600 TXT (
"v=DKIM1; p="
"DQEBAQUAA4GNADCBiQKBgQC8yeiJCxmKV6PcqGpW1UB0kFNJ"
"kpKGiE30zviqis7yNirhsLn3AagHKHtBHz2E1Dx8vFGylQ9"
"VveK03OjJB/hzAv/kMNz2qhRl6yAl9iN7lrg3UQdmI55R"
"xPgpJVY9E2w0zlzetwIDAQAB")
# amavisd-new testkeys
TESTING#1: default._domainkey.xxxxx.ro => pass
(some data has been changed for privacy reasons)
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
You can’t perform that action at this time.