MailServer Configuration (autodiscover, SPF, DKIM)


#38

This is my second time doing DKIM, per the instructions on this page, this time I get the following errors:

amavisd -u amavis -g amavis showkeys#
No DKIM private keys declared in a config file

amavisd -u amavis -g amavis showkeys
Error in config file “/etc/amavisd.conf”: Undefined subroutine &Amavis::Conf::HASH called at /etc/amavisd.conf line 295.

sed -n 291,300p /etc/amavisd.conf
$enable_dkim_verification = 1;
$enable_dkim_signing = 1;
dkim_key(‘example.com’, ‘dkim’, ‘/etc/pki/tls/private/example.com-dkim.key.pem’);
@dkim_signature_options_bysender_maps = (
HASH(0x14c88f0) );

ls -alF /etc/pki/tls/private
-rw-------. 1 root root 1675 Jan 14 23:11 server1.example.com.pem
-rw-------. 1 root root 1704 Sep 1 18:55 httpd-admin.key
-rw-------. 1 root root 1704 Sep 1 19:58 localhost.key
-rw-------. 1 root root 1704 Sep 1 18:54 NSRV.key
-rw-r-----. 1 root amavis 891 Jan 14 22:56 example.com-dkim.key.pem

cat /etc/e-smith/templates-custom/etc/amavisd.conf/95dkim
$enable_dkim_verification = 1;
$enable_dkim_signing = 1;
dkim_key(‘example.com’, ‘dkim’, ‘/etc/pki/tls/private/example.com-dkim.key.pem’);
@dkim_signature_options_bysender_maps = (
{ ‘.’ => { ttl => 21243600, c => ‘relaxed/relaxed’ } } );

Where did I go WRONG?


(Davide Principi) #39

Could you check all backslashes are in place in /etc/e-smith/templates-custom/etc/amavisd.conf/95dkim

@dkim_signature_options_bysender_maps = ( \{ '.' => \{ ttl => 21*24*3600, c => 'relaxed/simple' \} \} );

(Artem Fedai) #40

Hi @tzar,

Please regenerate this file by the command below:

signal-event nethserver-mail-filter-update

amavisd -u amavis -g amavis -c /etc/amavisd.conf showkeys

#41

thank you very much for your assistance. DKIM, SPF, and DMARC records are up and working.

$ amavisd genrsa /etc/pki/tls/private/example.com-dkim.key.pem
$ chgrp amavis /etc/pki/tls/private/example.com-dkim.key.pem
$ chmod g+r /etc/pki/tls/private/example…com-dkim.key.pem
$ mkdir -p /etc/e-smith/templates-custom/etc/amavisd.conf

$ nano /etc/e-smith/templates-custom/etc/amavisd.conf/95dkim

#filippo enable dkim
$enable_dkim_verification = 1;
$enable_dkim_signing = 1;
$log_level = 5;
dkim_key('example.com', 'dkim', '/etc/pki/tls/private/example.com-dkim.key.pem');
@dkim_signature_options_bysender_maps = ( \{ '.' => \{ ttl => 21*24*3600, c => 'relaxed/simple' \} \} );

$ signal-event nethserver-mail-filter-update
$ signal-event nethserver-mail-server-update
$ amavisd -u amavis -g amavis -c /etc/amavisd.conf showkeys

https://support.google.com/a/answer/2466563?hl=en - used for DMARC
http://www.mailradar.com/spf/ - used for SPF


(Alessio Fattorini) #42

Great job man! Thanks for your feedback :wink:
@filippo_carletti is it ready to be added to the core? Or needs more tests?


(Kaloyan Taralov) #43

Happy New Year!
Is it possible someone to confirm that recently, dkim signing of outgoing mails is working, as discussed here a year ago?


(Filippo Carletti) #44

I didn’t check recently, but I think that DKIM signing works only if you use a disclaimer text.


(Kaloyan Taralov) #45

Hi Fillipo !
Thanks for your feedback - you are absolutely correct, DKIM signing works only when disclaimer text is used.


(Jonathan Dumont) #47

Sorry to bring on this subject under the carpet again but
I followed the @tzar instruction on a Nethserver 7
and the result is :

$ signal-event nethserver-mail-filter-update
$ signal-event nethserver-mail-server-update
$ amavisd -u amavis -g amavis -c /etc/amavisd/amavisd.conf showkeys
No DKIM private keys declared in a config file.

####and

cat /etc/amavisd/amavisd.conf |grep dkim
$enable_dkim_verification = 0; # disable DKIM signatures verification
$enable_dkim_signing = 0; # disable DKIM signing code

###So I double check and obviously can’t see my mistake

####95dkim config file

cat /etc/e-smith/templates-custom/etc/amavisd.conf/95dkim
# filippo enable dkim
$enable_dkim_verification = 1;
$enable_dkim_signing = 1;
$log_level = 5;
dkim_key(‘domain1.tld’, ‘dkim’, ‘/etc/pki/tls/private/domain1.tld-dkim.key.pem’);
@dkim_signature_options_bysender_maps = ( { ‘.’ => { ttl => 21243600, c => ‘relaxed/simple’ } } );

# filippo enable dkim
$enable_dkim_verification = 1;
$enable_dkim_signing = 1;
$log_level = 5;
dkim_key(‘domain2.tld’, ‘dkim’, ‘/etc/pki/tls/private/domain2.tld-dkim.key.pem’);
@dkim_signature_options_bysender_maps = ( { ‘.’ => { ttl => 21243600, c => ‘relaxed/simple’ } } );

#####REMARK:

  • the @dkim_signature_options_bysender_maps = is in one line
  • the file is group owned by amavis and this group have the right to read

(Paolo) #48

I think you have to give the command
amavisd -u amavis -g amavis -c /etc/amavisd.conf showkeys

instead of
amavisd -u amavis -g amavis -c /etc/amavisd/amavisd.conf showkeys


(Jonathan Dumont) #49

Thank paolo;
but the file amavisd.conf is, in my case at least, really in /etc/amavisd/amavisd.conf


#50

Any luck with DKIM for Nethserver 7?


(Daniel Roe) #51

I’ve followed these instructions successfully on NS7. The configuration file is now /etc/amavisd/amavisd.conf and so you’ll need to edit /etc/e-smith/templates-custom/etc/amavisd/amavisd.conf/95dkim (for example) rather than /etc/e-smith/templates-custom/etc/amavisd.conf/95dkim.


#52

It works!!! Happy signing…
$ amavisd genrsa /etc/pki/tls/private/example.com-dkim.key.pem
$ chgrp amavis /etc/pki/tls/private/example.com-dkim.key.pem
$ chmod g+r /etc/pki/tls/private/example…com-dkim.key.pem
$ mkdir -p /etc/e-smith/templates-custom/etc/amavisd/amavisd.conf

$ nano /etc/e-smith/templates-custom/etc/amavisd/amavisd.conf/95dkim

#filippo enable dkim
$enable_dkim_verification = 1;
$enable_dkim_signing = 1;
$log_level = 5;
dkim_key('example.com', 'dkim', '/etc/pki/tls/private/example.com-dkim.key.pem');
@dkim_signature_options_bysender_maps = ( \{ '.' => \{ ttl => 21*24*3600, c => 'relaxed/simple' \} \} );

$ signal-event nethserver-mail-filter-update
$ signal-event nethserver-mail-server-update
$ amavisd -u amavis -g amavis -c /etc/amavisd/amavisd.conf showkeys

Add the disclaimer by going to the server control panel, on the left hand side, Configuration -> Email. Press edit beside your domain name and add your disclaimer.


Add DKIM for Nethserver 7 Rc1
(Dan) #53

I know this is an old thread, but for the sake of anyone finding it in a search, this setting won’t (by itself) do anything to make email clients automatically discover your server settings. Information on a simple configuration for this purpose is in this thread, and hopefully an automx module will be available soon which will handle all this stuff.


(Jonathan Dumont) #54

Hi @danb35

I tried to edit it to remove this part but I think because @alefattorini edit it after me I lost the edtion right on it .


(Nitram Oneito) #55

my sending score is exceptional. thanks to the dkim signing in nethserver and other spf configurations


(Davide Principi) #56

This old topic was about DKIM with amavisd…

I guess you got that score with the new mail module of NethServer 7.5, right?


(Nitram Oneito) #57

yes that was the case


(Davide Principi) #58