tzar
January 19, 2016, 6:42pm
41
thank you very much for your assistance. DKIM, SPF, and DMARC records are up and working.
$ amavisd genrsa /etc/pki/tls/private/example.com-dkim.key.pem
$ chgrp amavis /etc/pki/tls/private/example.com-dkim.key.pem
$ chmod g+r /etc/pki/tls/private/example…com-dkim.key.pem
$ mkdir -p /etc/e-smith/templates-custom/etc/amavisd.conf
$ nano /etc/e-smith/templates-custom/etc/amavisd.conf/95dkim
#filippo enable dkim
$enable_dkim_verification = 1;
$enable_dkim_signing = 1;
$log_level = 5;
dkim_key('example.com', 'dkim', '/etc/pki/tls/private/example.com-dkim.key.pem');
@dkim_signature_options_bysender_maps = ( \{ '.' => \{ ttl => 21*24*3600, c => 'relaxed/simple' \} \} );
$ signal-event nethserver-mail-filter-update
$ signal-event nethserver-mail-server-update
$ amavisd -u amavis -g amavis -c /etc/amavisd.conf showkeys
https://support.google.com/a/answer/2466563?hl=en - used for DMARC
http://www.mailradar.com/spf/ - used for SPF
3 Likes
alefattorini
(Alessio Fattorini)
January 19, 2016, 7:13pm
42
Great job man! Thanks for your feedback
@filippo_carletti is it ready to be added to the core? Or needs more tests?
tarkal
(Kaloyan Taralov)
January 3, 2017, 9:43am
43
Happy New Year!
Is it possible someone to confirm that recently, dkim signing of outgoing mails is working, as discussed here a year ago?
I didn’t check recently, but I think that DKIM signing works only if you use a disclaimer text.
1 Like
tarkal
(Kaloyan Taralov)
January 3, 2017, 4:26pm
45
Hi Fillipo !
Thanks for your feedback - you are absolutely correct, DKIM signing works only when disclaimer text is used.
1 Like
JOduMonT
(Jonathan Dumont)
March 18, 2017, 8:56am
47
Sorry to bring on this subject under the carpet again but
I followed the @tzar instruction on a Nethserver 7
and the result is :
$ signal-event nethserver-mail-filter-update
$ signal-event nethserver-mail-server-update
$ amavisd -u amavis -g amavis -c /etc/amavisd/amavisd.conf showkeys
No DKIM private keys declared in a config file.
####and
cat /etc/amavisd/amavisd.conf |grep dkim
$enable_dkim_verification = 0; # disable DKIM signatures verification
$enable_dkim_signing = 0; # disable DKIM signing code
###So I double check and obviously can’t see my mistake
####95dkim config file
cat /etc/e-smith/templates-custom/etc/amavisd.conf/95dkim
# filippo enable dkim
$enable_dkim_verification = 1;
$enable_dkim_signing = 1;
$log_level = 5;
dkim_key(‘domain1.tld’, ‘dkim’, ‘/etc/pki/tls/private/domain1.tld-dkim.key.pem’);
@dkim_signature_options_bysender_maps = ( { ‘.’ => { ttl => 2124 3600, c => ‘relaxed/simple’ } } );
# filippo enable dkim
$enable_dkim_verification = 1;
$enable_dkim_signing = 1;
$log_level = 5;
dkim_key(‘domain2.tld’, ‘dkim’, ‘/etc/pki/tls/private/domain2.tld-dkim.key.pem’);
@dkim_signature_options_bysender_maps = ( { ‘.’ => { ttl => 2124 3600, c => ‘relaxed/simple’ } } );
#####REMARK:
the @dkim_signature_options_bysender_maps = is in one line
the file is group owned by amavis and this group have the right to read
paolo
(Paolo)
March 29, 2017, 7:31am
48
I think you have to give the command
amavisd -u amavis -g amavis -c /etc/amavisd.conf showkeys
instead of
amavisd -u amavis -g amavis -c /etc/amavisd/amavisd.conf showkeys
JOduMonT
(Jonathan Dumont)
March 29, 2017, 8:55am
49
Thank paolo;
but the file amavisd.conf is, in my case at least, really in /etc/amavisd/amavisd.conf
tzar
April 25, 2017, 8:55pm
50
Any luck with DKIM for Nethserver 7?
I’ve followed these instructions successfully on NS7. The configuration file is now /etc/amavisd/amavisd.conf and so you’ll need to edit /etc/e-smith/templates-custom/etc/amavisd/amavisd.conf/95dkim (for example) rather than /etc/e-smith/templates-custom/etc/amavisd.conf/95dkim.
tzar
June 10, 2017, 3:24am
52
It works!!! Happy signing…
$ amavisd genrsa /etc/pki/tls/private/example.com-dkim.key.pem
$ chgrp amavis /etc/pki/tls/private/example.com-dkim.key.pem
$ chmod g+r /etc/pki/tls/private/example…com-dkim.key.pem
$ mkdir -p /etc/e-smith/templates-custom/etc/amavisd/amavisd.conf
$ nano /etc/e-smith/templates-custom/etc/amavisd/amavisd.conf/95dkim
#filippo enable dkim
$enable_dkim_verification = 1;
$enable_dkim_signing = 1;
$log_level = 5;
dkim_key('example.com', 'dkim', '/etc/pki/tls/private/example.com-dkim.key.pem');
@dkim_signature_options_bysender_maps = ( \{ '.' => \{ ttl => 21*24*3600, c => 'relaxed/simple' \} \} );
$ signal-event nethserver-mail-filter-update
$ signal-event nethserver-mail-server-update
$ amavisd -u amavis -g amavis -c /etc/amavisd/amavisd.conf showkeys
Add the disclaimer by going to the server control panel, on the left hand side, Configuration -> Email. Press edit beside your domain name and add your disclaimer.
danb35
(Dan)
April 2, 2018, 3:50pm
53
I know this is an old thread, but for the sake of anyone finding it in a search, this setting won’t (by itself) do anything to make email clients automatically discover your server settings. Information on a simple configuration for this purpose is in this thread , and hopefully an automx module will be available soon which will handle all this stuff.
1 Like
JOduMonT
(Jonathan Dumont)
April 5, 2018, 12:01pm
54
Hi @danb35
I tried to edit it to remove this part but I think because @alefattorini edit it after me I lost the edtion right on it .
my sending score is exceptional. thanks to the dkim signing in nethserver and other spf configurations
5 Likes
davidep
(Davide Principi)
July 7, 2018, 11:00pm
56
This old topic was about DKIM with amavisd…
I guess you got that score with the new mail module of NethServer 7.5, right?
[pablo (26)]
I'm excited to announce that NethServer 7.5 has been released and is publicly available.
We’re confident that it will be as always a great release and it will achieve our mission: making sysadmin’s life easier with Open Source. This is thanks to the most vibrant, supportive and friendly community in the Open Source space (and not only Open Source).
About NethServer
NethServer is an Open Source operating system for the Linux enthusiast, designed for small offices, medium enterpr…
2 Likes