MailServer Configuration (autodiscover, SPF, DKIM)

$enable_dkim_verification = 1;
$enable_dkim_signing = 1;
dkim_key(“deass.net”, ‘“dkim”, “/etc/pki/tls/private/deass-dkim.key.pem”);
@dkim_signature_options_bysender_maps = (
{ “deass.net” => { d => “deass.net”, a => ‘rsa-sha256’, ttl => 10243600’ } } );
$originating = 1;

ADD LOGING
$log_level = 5;

send mail to check-auth@verifier.port25.com and it ansver to you with all info about your mail .
https://www.port25.com/support/authentication-center/email-verification/

GoodMorning Everyones;

So yesterday I did yum upgrade, change my plan at DigitalOcean for a bigger server
and figure my public DNS propagation was’nt totally spread because, sometimes, I was receiving a response from my old smtp.

So this morning I emailed at check-auth@verifier.port25.com
with and without the AntiVirus on and
1st : it’s work I send and receive
2nd : I receive the same result.

###Summary of Results
SPF check: pass
DomainKeys check: neutral
DKIM check: pass
Sender-ID check: pass
SpamAssassin check: ham

Everything looks good for me, and you ?
Thanks for your concern :slight_smile:

all is ok ! have a nice Ride :slight_smile:

When I type hostname -f
I get SERVER.DOMAIN not SERVER.DOMAIN.TLD

so to get SERVER.DOMAIN.TLD

I had to set my domain to DOMAIN.TLD ie. example.com

Silly mistake, Reading is fundamental, I wish I read the documentation before installing and using the software. ooppss…

@JOduMonT Also Please Note in your Original Post please stress the importance that the CNAME records MUST end with a period (.) To aid with deliver-ability I would like to ask for you to add to your original post a section about RDNS and advising the Admins to contact their ISPs to configure reverse DNS

at&t uverse rdns request form - https://www.att.com/gen/general?pid=17307&cdvn=formbuilder&formName=ATT_DSL_Uverse_DNS_Request_Form_1600

thank @tzar, i’ll look on it when i’ll understand how to take the right to edit my post :wink:

GoodLuck with asking to configure the r-dns to your ISP,
unless it’s a professional ISP.

Please retype the minute I install command, respectively.
give me error

amavisd -u amavis -g amavis showkeys
Error in config file “/etc/amavisd.conf”

I’m sure the error is different and it says which line the error is. Look at the line and you’ll find the problem.
Please, cut’n’paste the error (or take a picture/screenshot).

# amavisd -u amavis -g amavis showkeys
**No DKIM private keys declared in a config file. **ERROR****

I get an error in the command. It has engaged in the installation process.?

amavisd -u amavis -g amavis showkeys
No DKIM private keys declared in a config file

Generate it by yourself and add in custom template of amavisd

@giacomo @davidep @filippo_carletti @Ctek @alefattorini
maybe we should inplement this feature , for Security reason and Validation ?
almoust all have been done , staging :

  1. amavisd genrsa /etc/pki/tls/private/new_domain.com.pem 2048

  2. add to /etc/amavisd/amavisd.conf
    $enable_dkim_signing = 1;
    dkim_key(“new_domain.com”, ‘“dkim”, “/etc/pki/tls/private//new_domain.com.pem”);
    @dkim_signature_options_bysender_maps = (
    { “new_domain.com” => { d => “new_domain.com”, a => ‘rsa-sha256’, ttl => 10243600’ } } );
    $originating = 1;
    #$log_level = 5; # optional

  3. Add to web interface feature, when we create a domain it should generate DKIM and should be shown on it for copying it to provider (DNS server)

  4. Even we should create dkim key in db domains .

I think that the first implementation could live without a web interface.
We need to automatically create the key during domain creation.
The interface has to show the key only, it shouldn’t be hard to add.

$enable_dkim_verification is to check incoming mail, it could be a default regardless of this sign feature.

Yes, it would be great , when domain is created amavis should gen key and put it to db domains , and web ui could simply read key :smile:

I updated issue 1910 (http://dev.nethserver.org/issues/1910), but I’m still unsure about effectiveness of dkim (I’m using it).
Who has experience and wants to contribute data could add comments here.

@filippo_carletti DKIM is only for validating of our MAIL server for external servers like GOOGLE and so on , so without DKIM google could mark our letter like spam.

It’s not that easy, you control (through dns) how others should behave regarding dkim. And dkim setup is easy for a spammer. Assuming dkim pass as an ham indicator is a bad idea.

This is my second time doing DKIM, per the instructions on this page, this time I get the following errors:

amavisd -u amavis -g amavis showkeys#
No DKIM private keys declared in a config file

amavisd -u amavis -g amavis showkeys
Error in config file “/etc/amavisd.conf”: Undefined subroutine &Amavis::Conf::HASH called at /etc/amavisd.conf line 295.

sed -n 291,300p /etc/amavisd.conf
$enable_dkim_verification = 1;
$enable_dkim_signing = 1;
dkim_key(‘example.com’, ‘dkim’, ‘/etc/pki/tls/private/example.com-dkim.key.pem’);
@dkim_signature_options_bysender_maps = (
HASH(0x14c88f0) );

ls -alF /etc/pki/tls/private
-rw-------. 1 root root 1675 Jan 14 23:11 server1.example.com.pem
-rw-------. 1 root root 1704 Sep 1 18:55 httpd-admin.key
-rw-------. 1 root root 1704 Sep 1 19:58 localhost.key
-rw-------. 1 root root 1704 Sep 1 18:54 NSRV.key
-rw-r-----. 1 root amavis 891 Jan 14 22:56 example.com-dkim.key.pem

cat /etc/e-smith/templates-custom/etc/amavisd.conf/95dkim
$enable_dkim_verification = 1;
$enable_dkim_signing = 1;
dkim_key(‘example.com’, ‘dkim’, ‘/etc/pki/tls/private/example.com-dkim.key.pem’);
@dkim_signature_options_bysender_maps = (
{ ‘.’ => { ttl => 21243600, c => ‘relaxed/relaxed’ } } );

Where did I go WRONG?

Could you check all backslashes are in place in /etc/e-smith/templates-custom/etc/amavisd.conf/95dkim

@dkim_signature_options_bysender_maps = ( \{ '.' => \{ ttl => 21*24*3600, c => 'relaxed/simple' \} \} );
1 Like

Hi @tzar,

Please regenerate this file by the command below:

signal-event nethserver-mail-filter-update

amavisd -u amavis -g amavis -c /etc/amavisd.conf showkeys