MRatWork Forum by Mustafa Ramadhan
Sawo Project - Kloxo-MR Discussions => Kloxo-MR Tips and Tricks => Topic started by: chrisf on 2013-09-08, 00:46:35
-
ATTENTION: if you are using any version of KloxoMR with 2014 in the revision date, DKIM is available and this does not need to be done.
DKIM signing is not available in KloxoMR. It is not KloxoMR problem, it is a qmail-toaster problem. This solution has been around for a while, however I perfected it to work with KloxoMR with minimal changes needed.
First login to ssh on your server.
cd /tmp
yum install perl-Mail-DKIM
wget http://cc-server1.us/dkimsign.pl
wget http://cc-server1.us/qmail-remote.new
cp dkimsign.pl /usr/bin/
chmod 755 /usr/bin/dkimsign.pl
qmailctl stop
mv /var/qmail/bin/qmail-remote /var/qmail/bin/qmail-remote.orig
cp qmail-remote.new /var/qmail/bin/qmail-remote
chown root:qmail /var/qmail/bin/qmail-remote
chmod 755 /var/qmail/bin/qmail-remote
rm /var/qmail/bin/qmail-queue
mv /var/qmail/bin/qmail-queue.orig /var/qmail/bin/qmail-queue
qmailctl start
That will enable DKIM signature of mail sent using qmail-toaster remote. I have found that if you use standard php sendmail function it will not get signed, I suggest piping your php applications through smtp.
You can see that DKIM is working by clicking the "view original" link in Gmail. It will say DKIM: passed.
This will help a lot of your problems. <!-- s:) -->:)<!-- s:) -->
-
Can you make diff file for different between qmail-remote.orig and qmail-remote.new
-
Mustafa, qmail-remote.new is a script you can view with text editor.
What it does is - use KloxoMR private dkim key to sign out going mail through perl script, then pipes it to the original qmail-remote.
Works great.
Look at the script for details.
-
in term of rpm, better make diff file and then this diff file as patch to original file.
-
It is not a patch. I have tried patches and numerous other ways of trying to get qmail-toaster to use Domain Keys and DKIM signing.... This is the only way I could get it working properly.
chattr +i /var/qmail/bin/qmail-remote
Will stop any updates from changing the script. It has been working under stress with decent load avg - could be better but perl is to blame.
My mail goes to inbox. My domains mail goes to inbox.
I am happy.
If you know of a better way please explain all steps.
-
The problem is how to know (with simple way) if admin disable domainkeys?. Because your code work with assumption domainkeys always enabled.
-
This is true. DKIM is a MUST now. It is a standard. Domainkeys is nearly obsolete - DKIM signing is the newer version? -- but without DKIM signing almost ALL major mail services will spam you - and in the case of hotmail and aol - they will black hole you.
So in my opinion - option to turn on and off is nusaince. MUST be on if you plan to send mail to major email providers.
Same with SPF. KloxoMR needs new SPF record. NOT TXT spf, but new standard is a SPF dns record. It is supported by bind. Hotmail requires it now.
KloxoMR is behind in the email game.
-
In term of domainkey, DKIM is the same as domainkeys except little different text in "TEXT record' in dns.
So, I mean 'domainkeys' in Kloxo-MR panel where we can enable or disable. Say it, someone need/want disable 'domainkeys' for dns setting and then how we know user select as 'disable' for 'domainkeys'.
-
Great !! Exactly what i was looking for.. i hope this will solve my issue..
-
Please add DKIM to Kloxo !
-
I just did :) my method works without a problem.
-
Hello Chrisf,
I don't know why but DKIM dont work anymore, now I get reply message 'Unable to run qmail-remote.' when try send mails. As soon as I do 'yum reinstall *-toaster' and then 'sh /script/fixmail-all' and then yum clean all
yum update
sh /script/cleanup
sh /script/restart-all
mail start to work but DKIM is gone. If I follow your tutorial after that, the problem comes back 'Unable to run qmail-remote.'
I did 'chmod 755' for 'qmail-remote'.
-
Ihave tried to use this tutorial too http://wiki.qmailtoaster.com/index.php/ ... il_Toaster (http://wiki.qmailtoaster.com/index.php/How_to_Setup_DKIM_with_Qmail_Toaster) but I get the same error after it even with qmail-remote chmod 777
-
My friend, you are quick to say something doesn't work when usually we find the problem to be something you have done.
I just checked on my 4 servers. All mail is sending fine. All mail is DKIM signed. I am about to add it to server 5 here is a few moments.
Are you renaming qmail-remote properly? The script should work no matter what qmail is doing - I say this because we are not modifing qmail at all - this script simply takes an outgoing mail, signs it, then pipes it to the original qmail-remote.
I will install on server 5 now and report.
-
Installed - verified - signing. No problems.
I ran yum update prior to, therefore I am running latest KloxoMR 6.5.0f stable.
I checked using check-auth@verifier.port25.com using webmail @ the server and it worked without a problem.
I did notice one thing, when running qmailctl stop, KloxoMR watchdog restarts qmail. I realized this when I ran qmailctl start and was advised it was running.
I did (qmailctl stop) and (qmailctl start) again before testing.
This solution works perfect for KloxoMR 6.5.0f.
-
Check example video working/not working http://zumzi.eu/info/ (http://zumzi.eu/info/)
-
Because using pl make sure perl component already exist.
Try install components with "yum perl-Mail-DKIM-Signer perl-Mail-DKIM-TextWrap perl-Getopt-Long perl-Pod-Usage'
-
Please checking 'TXT record' for yahoo.com and google.com.
-
Works for me ;)
Return-Path: <admin@nowosci.org>
Delivered-To: http://domainkeys.sourceforge.net/ (http://domainkeys.sourceforge.net/)
DomainKey-Signature: a=rsa-sha1; q=dns; c=nofws;
s=private; d=nowosci.org;
b=pP/NScVPlJPkCeY6gqnm+y5J1rw+E2X6xyWgENVpFk33EpQjGeuPTczH7/AxVHXRCERPDS5miedB63w0cJN/7ck4wnEZakz0gw3kIX57M5M436llfIggS17dIpCta9w6087R0r4WR54qia/7+da15sCpc5jJseVG/Z5qCo9MHWQ=;
h=Received:Received:From:To:References:In-Reply-To:Subject:Date:Message-ID:MIME-Version:Content-Type:X-Mailer:Thread-Index:X-MimeOLE;
DKIM-Signature: v=1; a=rsa-sha1; c=relaxed; d=nowosci.org; h=from:to
:references:in-reply-to:subject:date:message-id:mime-version
:content-type; s=private; bh=pQ0jH1cp/WZVIjffFv1brvxAtBQ=; b=Vga
EnWApFDrxpHTXg64WWflaTEupb4z2GGtpfrLmrt+j5LChuVPuuGqOdYcX5oVUxgZ
+Jfh6m7JgXITS85kOIWaJJlH4i87KZjHZChbkREcK+Dih78EhkEeoR/bgvrj0CaG
zQ6ijOYnwwZ4iA9VXY3YFeo3Uk2zXQrIAjm7GRDw=
Received: (qmail 26091 invoked from network); 29 Sep 2013 17:44:51 -0000
Received: from unknown (HELO MacPro) (admin@nowosci.org@62.21.14.29)
by nowosci.org with ESMTPA; 29 Sep 2013 17:44:51 -0000
From: "aaa" <admin@nowosci.org>
To: "test" <test@wp.pl>
References: <F2A081A478154348AB6867EDBFFE43C7@MacPro>
In-Reply-To: <F2A081A478154348AB6867EDBFFE43C7@MacPro>
Subject: RE: test
Date: Sun, 29 Sep 2013 19:44:52 +0200
Message-ID: <4A9832AAB89A40509BEF76B186943167@MacPro>
MIME-Version: 1.0
Content-Type: multipart/alternative;
boundary="----=_NextPart_000_0016_01CEBD4C.5D9DA620"
X-Mailer: Microsoft Office Outlook 11
Thread-Index: Ac69O45hkkUXbf6ARAqBofS4utVSGgAAAqhg
X-MimeOLE: Produced By Microsoft MimeOLE V6.1.7601.17609
X-WP-DKIM-Status: good (id: nowosci.org)
X-WP-AV: skaner antywirusowy poczty Wirtualnej Polski S. A.
X-WP-SPAM: NO (U9) 0000019 [sUd2]
-
I reinstalled CentOS and Kloxo-MR just because of this problem, then followed your tutorial and nothing happent, gmail 'show original' shows no DKIM and this is the message from check-auth@verifier.port25.com.
SPF check: pass
DomainKeys check: neutral
DKIM check: neutral
Sender-ID check: pass
SpamAssassin check: ham
-
Why setting 'full' config in 'domain panel'?.
-
Why setting 'full' config in 'domain panel'?.
I don't understand what you meant.
-
I found your setting for SPF and TXT records in your domain panel. It's identical with setting in your Kloxo-MR panel.
The questions is why?. Setting only in Kloxo-MR panel not enough?.
-
I use CloudFlare as CDN. I don't understand why domainkey and DKIM doesn't work anymore.
-
response from check-auth@verifier.port25.com<check-auth@verifier.port25.com>;
----------------------------------------------------------
DomainKeys check details:
----------------------------------------------------------
Result: neutral (message not signed)
ID(s) verified: header.From=marius@zumzi.eu
DNS record(s):
----------------------------------------------------------
DKIM check details:
----------------------------------------------------------
Result: neutral (message not signed)
ID(s) verified:
NOTE: DKIM checking has been performed based on the latest DKIM specs
(RFC 4871 or draft-ietf-dkim-base-10) and verification may fail for
older versions. If you are using Port25's PowerMTA, you need to use
version 3.2r11 or later to get a compatible version of DKIM.
----------------------------------------------------------
-
As I know I did nothing wrong, why it doesn't work ??
-
This email is an automatic response from AdminSystem DKIM verifier service (1.0.0.5).
The service allows email senders to perform a simple check of SPF, DKIM and DomainKeys.
It is provided free of charge, in the hope that it is useful to the email community.
We welcome any feedback you may have at <support@emailarchitect.net>.
Thank you for using the service.
AdminSystem Software Limited
============================================================
SPF result: Pass
============================================================
============================================================
DomainKey result: pass
============================================================
============================================================
DKIM result: pass
============================================================
-
==========================================================
Summary of Results
==========================================================
SPF check: pass
DomainKeys check: pass
DKIM check: pass
Sender-ID check: pass
SpamAssassin check: ham
-
How this informations supposed to help me to fix the problem..?
-
I think what spacedust and myself as well as mustafa is saying - it is a problem on your server.
I do not use cloudflare, I am not familiar with it as far as from a server admin point of view.
Check to make sure your private key is generated.
Since the problem is not being recreated on other servers it is hard to diagnose as to why yours is not working.
-
I am also having problems with this. My main problem is when I run this command...
mv /var/qmail/bin/qmail-queue.orig /var/qmail/bin/qmail-queue
Which returns the following...
mv: cannot stat `/var/qmail/bin/qmail-queue.orig': No such file or directory
Of course having issued this command...
rm /var/qmail/bin/qmail-queue
There is no way to fix this other than reinstalling qmail...
Can someone please help with this? I totally need it :-(
-
If you are using up to date KloxoMR version, this is already part of it and you don't need to do this. ;)
-
Hi,
I'm having a ton of trouble with this... DKIM is pretty much mandatory if you want an email delivered. Here's some information and hope it helps figure out what is wrong...
I run sh /script/sysinfo
A. Kloxo-MR: 6.5.0.f-2014013101
B. OS: CentOS release 6.5 (Final) i686
C. Apps:
1. MySQL: mysql-5.5.34-1.el6.i686
2. PHP: php53u-5.3.28-1.ius.el6.i686
3. Httpd: httpd-2.2.26-1.el6.i686
4. Lighttpd: --uninstalled--
5. Nginx: --uninstalled--
6. Qmail: qmail-toaster-1.03-1.3.35.mr.el6.i386
- with: courier-imap-toaster-4.1.2-1.3.14.mr.el6.i686
7. Dns: bind-9.9.5-1.el6.i686
D. Php-type (for Httpd/proxy):
I believe that is everything up to date. However, sending an email to check-auth@verifier.port25.com gives me these results...
==========================================================
Summary of Results
==========================================================
SPF check: pass
DomainKeys check: fail
DKIM check: fail
Sender-ID check: pass
SpamAssassin check: ham
==========================================================
It isn't working. Any ideas?
-
I'm running this... Kloxo-MR: 6.5.0.f-2014013101 - is that the latest that should have DKIM enabled? Do I have to setup any settings in the kloxo gui?
-
Did you enable Domainkeys for the mail server? That is first step... we'll go step by step. :)
Yes DKIM is enabled in that version.
-
Home > Server Mail Settings > Enable Domain Key == checked
What's next?
-
SSH:
sh /script/fixdomainkeys
sh /script/restart-all
What DNS are you using?
-
Hi,
I want to apologize. I found the problem. I have cloudflare setup for my website. I HAD IT PAUSED - no lie. However, it appears it was still giving the wrong DNS records - from before I rebuild my VPS. Despite the fact it was paused it was still providing the DNS rather than passing through to kloxomr. Not sure if this is intentional or if it takes a while (has been paused for 1 hr for sure). It is all working now. Sorry to bother you.
-
No problem. Glad it is working! Have a great day/night. :)
-
Hi chrisf
I have not "qmail-queue.orig"
Do you mean
mv /var/qmail/bin/qmail-queue.orig /var/qmail/bin/qmail-queue
or
mv /var/qmail/bin/qmail-remote.orig /var/qmail/bin/qmail-queue
??
-
You have recent version of KloxoMR, DKIM signing was added, if you have any version with 2014 in the version number you do not do this, it was already done by Mustafa. :)
If you messed up your qmail install simply
yum reinstall qmail*
Will fix all ;)
-
You have recent version of KloxoMR, DKIM signing was added, if you have any version with 2014 in the version number you do not do this, it was already done by Mustafa. :)
If you messed up your qmail install simply
yum reinstall qmail*
Will fix all ;)
I have 6.5.1.a-2014013101 but dkim didn't include and faild resulf from check-auth@verifier.port25.com
The Port25 Solutions, Inc. team
==========================================================
Summary of Results
==========================================================
SPF check: neutral
DomainKeys check: neutral
DKIM check: neutral
Sender-ID check: neutral
SpamAssassin check: ham
-
You need to enable email auth under the domain. Check domain keys under mail server settings.
A couple posts up you will find the fixdomainkeys post. Run that script.
What DNS are you using?
-
You need to enable email auth under the domain. Check domain keys under mail server settings.
A couple posts up you will find the fixdomainkeys post. Run that script.
What DNS are you using?
Use my own domain DNS
new result after enable "SPF"
==========================================================
Summary of Results
==========================================================
SPF check: pass
DomainKeys check: neutral
DKIM check: neutral
Sender-ID check: pass
SpamAssassin check: ham
-
What branch of DNS? Bind?
Did you run the fixdomainkey script? Domainkeys on in KloxoMR panel?
-
What branch of DNS? Bind?
Did you run the fixdomainkey script? Domainkeys on in KloxoMR panel?
Yes, bind
Yes also, ran sh /script/fixdomainkey
Yes again, tick on domainkeys too
and another things, emails to Yahoo and outlook rejected !!
only gmail and sometimes in spam !
-
Server mail name set to your fqdn? Reverse DNS match that name? (Set by hosting provider)
-
Server mail name set to your fqdn? Reverse DNS match that name? (Set by hosting provider)
No, "server mail name" and "Reverse lookup" are is not match
Must it be ?
-
Read http://forum.mratwork.com/kloxo-mr-tips-and-tricks/(tip)-how-to-setup-qmail-on-kloxo-mr/
-
Yes it must. +1 Mustafa reply, read that post.
-
Yes it must. +1 Mustafa reply, read that post.
Set same in "Server mail name" and "Reverse DNS" in kloxo panel, still same result
also I have IP management in my vps provider that can set my server name for my IP
Must it same as others too or not ?
Thank you Mustafa, I did read that topic too, I found the Yahoo ID 550[BL23]
-
Setting 'Reverse DNS' not in Kloxo-MR panel except if you have 256 IPs (aka Class-C IPs).
You must ask to your provider to setup Reverse-DNS or in VPS panel if exist.
-
Setting 'Reverse DNS' not in Kloxo-MR panel except if you have 256 IPs (aka Class-C IPs).
You must ask to your provider to setup Reverse-DNS or in VPS panel if exist.
Problem with yahoo and outlook resolved by set reverse ip in my VPS panel but still "DomainKeys" and "DKIM" not available under my emails and emails first go to spam but not rejected !
==========================================================
Summary of Results
==========================================================
SPF check: pass
DomainKeys check: neutral
DKIM check: neutral
Sender-ID check: pass
SpamAssassin check: ham
-
Inform here your 'dir -l /var/qmail/control'.
-
results
[root@ZTZN001 ~]# dir -l /var/qmail/control
total 136
-rw-r--r-- 1 root qmail 32 Jan 17 07:15 badloadertypes
-rw-r--r-- 1 root root 2048 Feb 1 14:48 badloadertypes.cdb
-rw-r--r-- 1 root qmail 25 Jan 17 07:15 badmailfrom
-rw-r--r-- 1 root qmail 29 Jan 17 07:15 badmailto
-rw-r--r-- 1 root qmail 360 Jan 17 07:15 badmimetypes
-rw-r--r-- 1 root root 2048 Feb 1 14:48 badmimetypes.cdb
-rw-r--r-- 1 root qmail 20 Jan 17 07:15 blacklists
lrwxrwxrwx 1 root qmail 14 Feb 1 14:48 clientcert.pem -> servercert.pem
-rw-r--r-- 1 root qmail 3 Feb 1 19:42 concurrencyincoming
-rw-r--r-- 1 root qmail 3 Jan 17 07:15 concurrencyremote
-rw-r--r-- 1 root qmail 8 Feb 1 19:42 databytes
-rw-r--r-- 1 root qmail 10 Jan 17 07:15 defaultdelivery
-rw-r--r-- 1 root qmail 15 Feb 1 19:42 defaultdomain
-rw-r--r-- 1 root qmail 15 Feb 1 19:42 defaulthost
-rw-r--r-- 1 root qmail 245 Feb 1 14:49 dh1024.pem
-rw-r--r-- 1 root qmail 156 Feb 1 14:48 dh512.pem
drwxr-xr-x 2 qmailr qmail 4096 Feb 1 14:22 dkim
drwxr-xr-x 10 root qmail 4096 Feb 1 17:08 domainkeys
-rw-r--r-- 1 root qmail 10 Feb 1 14:49 locals
-rw------- 1 root root 0 Jan 25 16:11 locals.lock
-rw-r--r-- 1 root qmail 4 Jan 17 07:15 logcount
-rw-r--r-- 1 root qmail 8 Jan 17 07:15 logsize
-rw-r--r-- 1 root qmail 15 Feb 1 19:42 me
-rw-r--r-- 1 root qmail 17 Jan 25 15:45 plusdomain
-rw-r--r-- 1 root qmail 0 Jan 17 07:15 policy
-rw-r--r-- 1 root qmail 6 Feb 1 19:42 queuelifetime
-rw-r--r-- 1 root root 153 Feb 1 17:08 rcpthosts
-rw------- 1 root root 0 Jan 25 16:11 rcpthosts.lock
-rw-r--r-- 1 root qmail 497 Feb 1 14:48 rsa512.pem
-rw-r--r-- 1 root qmail 1693 Jan 17 07:15 servercert.pem
-rw-r--r-- 1 clamav root 59 Jul 4 2013 simcontrol
-rw-r--r-- 1 root clamav 2129 Feb 1 15:56 simcontrol.cdb
-rw-r--r-- 1 root clamav 2165 Feb 1 15:56 simversions.cdb
-rw-r--r-- 1 root qmail 34 Feb 1 19:42 smtpgreeting
-rw-r--r-- 1 root qmail 0 Jan 17 07:15 smtproutes
-rw-r--r-- 1 root qmail 2 Jan 17 07:15 spfbehavior
lrwxrwxrwx 1 root root 35 Feb 1 14:48 tlsclientciphers -> /var/qmail/control/tlsserverciphers
drwxr-xr-x 3 root qmail 4096 Jan 17 07:15 tlshosts
-rw-r--r-- 1 root qmail 1838 Feb 1 14:48 tlsserverciphers
-rw-r--r-- 1 root root 272 Feb 1 17:08 virtualdomains
-rw------- 1 root root 0 Jan 25 16:11 virtualdomains.lock
-
Why 'dkim' directory exist?.
-
Why 'dkim' directory exist?.
nothing in it, removed
-
and ...
----------------------------------------------------------
DomainKeys check details:
----------------------------------------------------------
Result: neutral (message not signed)
ID(s) verified: header.From=info@mydomain.com
DNS record(s):
----------------------------------------------------------
DKIM check details:
----------------------------------------------------------
Result: neutral (message not signed)
ID(s) verified:
NOTE: DKIM checking has been performed based on the latest DKIM specs
(RFC 4871 or draft-ietf-dkim-base-10) and verification may fail for
older versions. If you are using Port25's PowerMTA, you need to use
version 3.2r11 or later to get a compatible version of DKIM.
-
Better chrisf answerinf for this issue.
-
Are you sending the mail through webmail or smtp?
Php sendmail function doesn't get signed.
Are you using cloudflare?
-
Are you sending the mail through webmail or smtp?
Php sendmail function doesn't get signed.
Are you using cloudflare?
Sending through webmail, didn't test smtp
no, don't use.
-
Update my kloxo-mr and now every thing look fine !
==========================================================
Summary of Results
==========================================================
SPF check: pass
DomainKeys check: pass
DKIM check: pass
Sender-ID check: pass
SpamAssassin check: ham
==========================================================
-
Glad it works. :)
-
Hi Crist,
Can u reupload two file qmail-remote.new and dkimsign.pl