Skip to content

Instantly share code, notes, and snippets.

/dkimconf Secret

Created April 11, 2014 13:16
Show Gist options
  • Star 0 You must be signed in to star a gist
  • Fork 0 You must be signed in to fork a gist
  • Save anonymous/53a046792f47dd1b3a26 to your computer and use it in GitHub Desktop.
Save anonymous/53a046792f47dd1b3a26 to your computer and use it in GitHub Desktop.
Download ZIP
Raw
dkimconf
Postfix main.cf :
content_filter = smtp-amavis:[127.0.0.1]:10024
milter_default_action = accept
milter_protocol = 2
smtpd_milters = inet:localhost:12345
non_smtpd_milters = inet:localhost:12345
Postfix master.cf :
smtp-amavis unix - - n - 2 smtp
-o smtp_data_done_timeout=1200
-o smtp_send_xforward_command=yes
-o disable_dns_lookups=yes
-o max_use=20
-o smtpd_milters=inet:127.0.0.1:12345
Opendkim: /etc/opendkim.conf
Syslog yes
UMask 002
Domain xxxxx.ro
Selector default
Canonicalization relaxed/simple
Mode sv
SubDomains yes
OversignHeaders From
KeyTable refile:/etc/opendkim/KeyTable
SigningTable refile:/etc/opendkim/SigningTable
ExternalIgnoreList /etc/opendkim/TrustedHosts
InternalHosts /etc/opendkim/TrustedHosts
LogWhy yes
SyslogSuccess yes
SignatureAlgorithm rsa-sha256
Statistics /var/log/dkim.log
Amavis-new : /etc/amavis/conf.d/50-user
$log_level = 5;
$mydomain = 'xxxxx.ro';
$myhostname = 'xxxxx.ro';
@local_domains_maps = ( ['.xxxxx.ro'] );
$enable_dkim_verification = 1; # enable DKIM signatures verification
$enable_dkim_signing = 1; # load DKIM signing code, keys defined by dkim_key
dkim_key('xxxxx.ro', 'default', '/etc/opendkim/keys/xxxxx.ro/default.private');
@dkim_signature_options_bysender_maps = (
{ '.' => { ttl => 21*24*3600, c => 'relaxed/simple' } } );
@mynetworks = qw(0.0.0.0/8 127.0.0.0/8 10.0.0.0/8 172.16.0.0/12 192.168.0.0/16);
$interface_policy{'10024'} = 'DKIM_ALWAYS';
$interface_policy{'10025'} = 'DKIM_ALWAYS';
$policy_bank{'DKIM_ALWAYS'} = { originating => 1, };
LOGS :
Apr 11 16:06:24 xxxxx postfix/pickup[122335]: E925E4C0510: uid=0 from=<root>
Apr 11 16:06:24 xxxxx postfix/cleanup[122391]: E925E4C0510: message-id=<20140411130624.E925E4C0510@xxxxx.ro>
Apr 11 16:06:24 xxxxx opendkim[121792]: E925E4C0510: DKIM-Signature header added (s=default, d=xxxxx.ro)
Apr 11 16:06:25 xxxxx postfix/qmgr[122337]: E925E4C0510: from=<root@xxxxx.ro>, size=345, nrcpt=1 (queue active)
Apr 11 16:06:25 xxxxx amavis[122166]: () loaded policy bank "DKIM_ALWAYS"
Apr 11 16:06:25 xxxxx amavis[122166]: (122166-02) ESMTP::10024 /var/lib/amavis/tmp/amavis-20140411T160159-122166-qh2QElUO: <root@xxxxx.ro> -> <PKFMOOHRQTTFMQOCFOKS@dk.mailradar.com> SIZE=345 Received: from xxxxx.ro ([127.0.0.1]) by localhost (xxxxx.ro [127.0.0.1]) (amavisd-new, port 10024) with ESMTP for <PKFMOOHRQTTFMQOCFOKS@dk.mailradar.com>; Fri, 11 Apr 2014 16:06:25 +0300 (EEST)
Apr 11 16:06:25 xxxxx amavis[122166]: (122166-02) dkim: VALID Author+Sender+MailFrom signature by d=xxxxx.ro, From: <root@xxxxx.ro>, a=rsa-sha256, c=relaxed/simple, s=default, i=@xxxxx.ro, ORIG []:
Apr 11 16:06:25 xxxxx amavis[122166]: (122166-02) Checking: puc6kwQ5Vp48 DKIM_ALWAYS <root@xxxxx.ro> -> <PKFMOOHRQTTFMQOCFOKS@dk.mailradar.com>
Apr 11 16:06:25 xxxxx amavis[122166]: (122166-02) p001 1 Content-Type: text/plain, size: 5 B, name:
RESPONSE FROM MAILRADAR :
The message does not have a domain key signature!
Domain-Key Status: NOT PASSED
Return-Path: <root@xxxxx.ro>
Authentication-Results: node6.(none) from=root@xxxxx.ro; domainkeys=neutral
Received: from node6.gecad.com [127.0.0.1] by node6 (Axigen) with (AES256-SHA
encrypted) ESMTPS id 11A421; Fri, 11 Apr 2014 16:06:31 +0300
Received: from xxxxx.ro [80.80.80.80] by node6 (Axigen) with ESMTP id
2A8742; Fri, 11 Apr 2014 16:06:29 +0300
Received: from localhost (localhost [127.0.0.1]) by xxxxx.ro (Postfix) with
ESMTP id 609D64C0085 for <PKFMOOHRQTTFMQOCFOKS@dk.mailradar.com>; Fri, 11 Apr
2014 16:06:29 +0300 (EEST)
X-Virus-Scanned: amavisd-new at xxxxx.ro
Received: from xxxxx.ro ([127.0.0.1]) by localhost (xxxxx.ro
[127.0.0.1]) (amavisd-new, port 10024) with ESMTP id puc6kwQ5Vp48 for
<PKFMOOHRQTTFMQOCFOKS@dk.mailradar.com>; Fri, 11 Apr 2014 16:06:25 +0300
(EEST)
Received: by xxxxx.ro (Postfix, from userid 0) id E925E4C0510; Fri, 11 Apr
2014 16:06:24 +0300 (EEST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=xxxxx.ro; s=default;
t=1397221584; bh=g3zLYH4xKxcPrHOD18z9YfpQcnk/GaJedfustWU5uGs=;
h=To:Subject:Date:From:From;
b=B3X9TrYcphxK2GX5zqouHmdtNqqUzquJctMcIrVxjqIJvSno2Nom1jbbsCBkn99hB
9q8DHLfmoyeQPjDjd7N+pMlJYUhlUs1ZYHd/tLVzafOKv67fQJi4F2FJIcZG1XVA5Y
I6nyPjTx9+fSR8ohIUN3HJ3+wA1PnNIjhxOgHxkg=
To: PKFMOOHRQTTFMQOCFOKS@dk.mailradar.com
Subject: test
Message-Id: <20140411130624.E925E4C0510@xxxxx.ro>
Date: Fri, 11 Apr 2014 16:06:24 +0300 (EEST)
From: root@xxxxx.ro (root)
X-Spam-Status: No, score=2.167, required=5
tests=DKIM_SIGNED,DKIM_VALID,DKIM_VALID_AU,HELO_NO_DOMAIN,JR_RCVD_HOST_PROBS2,RCVD_IN_BRBL_LASTEXT,RDNS_NONE,SPF_PASS
X-Spam-Level: **
X-Spam-Checker-Version: SpamAssassin 3.003001
X-Scanned-By: MIMEDefang 2.67 on 193.230.245.6
NS records:
# dig +short TXT default._domainkey.xxxxx.ro
"v=DKIM1\; k=rsa\; p=EBAQUAA4GNADCBiQKBgQC8yeiJCxmKV6PcqGpW1UB0kFNJ6dkmIpKGiE30zviqis7yNirhsLn3AagHKHtBHz2E1Dx8vFGylQ9aaNif/caK+cyNx3cDMxVveK03OjJB/hzAv/kMNz2qhRl6yAl9i55RxPgpJVY9E2w0zlzetwIDAQAB"
# amavisd-new showkeys
; key#1, domain xxxxx.ro, /etc/opendkim/keys/xxxxx.ro/default.private
default._domainkey.xxxxx.ro. 3600 TXT (
"v=DKIM1; p="
"DQEBAQUAA4GNADCBiQKBgQC8yeiJCxmKV6PcqGpW1UB0kFNJ"
"kpKGiE30zviqis7yNirhsLn3AagHKHtBHz2E1Dx8vFGylQ9"
"VveK03OjJB/hzAv/kMNz2qhRl6yAl9iN7lrg3UQdmI55R"
"xPgpJVY9E2w0zlzetwIDAQAB")
# amavisd-new testkeys
TESTING#1: default._domainkey.xxxxx.ro => pass
(some data has been changed for privacy reasons)
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment