MailServer Configuration (autodiscover, SPF, DKIM)

This is my second time doing DKIM, per the instructions on this page, this time I get the following errors:

amavisd -u amavis -g amavis showkeys#
No DKIM private keys declared in a config file

amavisd -u amavis -g amavis showkeys
Error in config file “/etc/amavisd.conf”: Undefined subroutine &Amavis::Conf::HASH called at /etc/amavisd.conf line 295.

sed -n 291,300p /etc/amavisd.conf
$enable_dkim_verification = 1;
$enable_dkim_signing = 1;
dkim_key(‘example.com’, ‘dkim’, ‘/etc/pki/tls/private/example.com-dkim.key.pem’);
@dkim_signature_options_bysender_maps = (
HASH(0x14c88f0) );

ls -alF /etc/pki/tls/private
-rw-------. 1 root root 1675 Jan 14 23:11 server1.example.com.pem
-rw-------. 1 root root 1704 Sep 1 18:55 httpd-admin.key
-rw-------. 1 root root 1704 Sep 1 19:58 localhost.key
-rw-------. 1 root root 1704 Sep 1 18:54 NSRV.key
-rw-r-----. 1 root amavis 891 Jan 14 22:56 example.com-dkim.key.pem

cat /etc/e-smith/templates-custom/etc/amavisd.conf/95dkim
$enable_dkim_verification = 1;
$enable_dkim_signing = 1;
dkim_key(‘example.com’, ‘dkim’, ‘/etc/pki/tls/private/example.com-dkim.key.pem’);
@dkim_signature_options_bysender_maps = (
{ ‘.’ => { ttl => 21243600, c => ‘relaxed/relaxed’ } } );

Where did I go WRONG?

Could you check all backslashes are in place in /etc/e-smith/templates-custom/etc/amavisd.conf/95dkim

@dkim_signature_options_bysender_maps = ( \{ '.' => \{ ttl => 21*24*3600, c => 'relaxed/simple' \} \} );
1 Like

Hi @tzar,

Please regenerate this file by the command below:

signal-event nethserver-mail-filter-update

amavisd -u amavis -g amavis -c /etc/amavisd.conf showkeys

thank you very much for your assistance. DKIM, SPF, and DMARC records are up and working.

$ amavisd genrsa /etc/pki/tls/private/example.com-dkim.key.pem
$ chgrp amavis /etc/pki/tls/private/example.com-dkim.key.pem
$ chmod g+r /etc/pki/tls/private/example…com-dkim.key.pem
$ mkdir -p /etc/e-smith/templates-custom/etc/amavisd.conf

$ nano /etc/e-smith/templates-custom/etc/amavisd.conf/95dkim

#filippo enable dkim
$enable_dkim_verification = 1;
$enable_dkim_signing = 1;
$log_level = 5;
dkim_key('example.com', 'dkim', '/etc/pki/tls/private/example.com-dkim.key.pem');
@dkim_signature_options_bysender_maps = ( \{ '.' => \{ ttl => 21*24*3600, c => 'relaxed/simple' \} \} );

$ signal-event nethserver-mail-filter-update
$ signal-event nethserver-mail-server-update
$ amavisd -u amavis -g amavis -c /etc/amavisd.conf showkeys

https://support.google.com/a/answer/2466563?hl=en - used for DMARC
http://www.mailradar.com/spf/ - used for SPF

3 Likes

Great job man! Thanks for your feedback :wink:
@filippo_carletti is it ready to be added to the core? Or needs more tests?

Happy New Year!
Is it possible someone to confirm that recently, dkim signing of outgoing mails is working, as discussed here a year ago?

I didn’t check recently, but I think that DKIM signing works only if you use a disclaimer text.

1 Like

Hi Fillipo !
Thanks for your feedback - you are absolutely correct, DKIM signing works only when disclaimer text is used.

1 Like

Sorry to bring on this subject under the carpet again but
I followed the @tzar instruction on a Nethserver 7
and the result is :

$ signal-event nethserver-mail-filter-update
$ signal-event nethserver-mail-server-update
$ amavisd -u amavis -g amavis -c /etc/amavisd/amavisd.conf showkeys
No DKIM private keys declared in a config file.

####and

cat /etc/amavisd/amavisd.conf |grep dkim
$enable_dkim_verification = 0; # disable DKIM signatures verification
$enable_dkim_signing = 0; # disable DKIM signing code

###So I double check and obviously can’t see my mistake

####95dkim config file

cat /etc/e-smith/templates-custom/etc/amavisd.conf/95dkim
# filippo enable dkim
$enable_dkim_verification = 1;
$enable_dkim_signing = 1;
$log_level = 5;
dkim_key(‘domain1.tld’, ‘dkim’, ‘/etc/pki/tls/private/domain1.tld-dkim.key.pem’);
@dkim_signature_options_bysender_maps = ( { ‘.’ => { ttl => 21243600, c => ‘relaxed/simple’ } } );

# filippo enable dkim
$enable_dkim_verification = 1;
$enable_dkim_signing = 1;
$log_level = 5;
dkim_key(‘domain2.tld’, ‘dkim’, ‘/etc/pki/tls/private/domain2.tld-dkim.key.pem’);
@dkim_signature_options_bysender_maps = ( { ‘.’ => { ttl => 21243600, c => ‘relaxed/simple’ } } );

#####REMARK:

  • the @dkim_signature_options_bysender_maps = is in one line
  • the file is group owned by amavis and this group have the right to read

I think you have to give the command
amavisd -u amavis -g amavis -c /etc/amavisd.conf showkeys

instead of
amavisd -u amavis -g amavis -c /etc/amavisd/amavisd.conf showkeys

Thank paolo;
but the file amavisd.conf is, in my case at least, really in /etc/amavisd/amavisd.conf

Any luck with DKIM for Nethserver 7?

I’ve followed these instructions successfully on NS7. The configuration file is now /etc/amavisd/amavisd.conf and so you’ll need to edit /etc/e-smith/templates-custom/etc/amavisd/amavisd.conf/95dkim (for example) rather than /etc/e-smith/templates-custom/etc/amavisd.conf/95dkim.

It works!!! Happy signing…
$ amavisd genrsa /etc/pki/tls/private/example.com-dkim.key.pem
$ chgrp amavis /etc/pki/tls/private/example.com-dkim.key.pem
$ chmod g+r /etc/pki/tls/private/example…com-dkim.key.pem
$ mkdir -p /etc/e-smith/templates-custom/etc/amavisd/amavisd.conf

$ nano /etc/e-smith/templates-custom/etc/amavisd/amavisd.conf/95dkim

#filippo enable dkim
$enable_dkim_verification = 1;
$enable_dkim_signing = 1;
$log_level = 5;
dkim_key('example.com', 'dkim', '/etc/pki/tls/private/example.com-dkim.key.pem');
@dkim_signature_options_bysender_maps = ( \{ '.' => \{ ttl => 21*24*3600, c => 'relaxed/simple' \} \} );

$ signal-event nethserver-mail-filter-update
$ signal-event nethserver-mail-server-update
$ amavisd -u amavis -g amavis -c /etc/amavisd/amavisd.conf showkeys

Add the disclaimer by going to the server control panel, on the left hand side, Configuration -> Email. Press edit beside your domain name and add your disclaimer.

I know this is an old thread, but for the sake of anyone finding it in a search, this setting won’t (by itself) do anything to make email clients automatically discover your server settings. Information on a simple configuration for this purpose is in this thread, and hopefully an automx module will be available soon which will handle all this stuff.

1 Like

Hi @danb35

I tried to edit it to remove this part but I think because @alefattorini edit it after me I lost the edtion right on it .

my sending score is exceptional. thanks to the dkim signing in nethserver and other spf configurations

5 Likes

This old topic was about DKIM with amavisd…

I guess you got that score with the new mail module of NethServer 7.5, right?

2 Likes

yes that was the case

1 Like