Jakes, Please find the config file attached with this mail.
I have not changed anything in the conf file and i copied it as it is in the /var/qmail/control/dkim folder persmission are: -rw-r--r-- 1 qmailr qmail 891 Oct 29 17:06 global.key -rw-r--r-- 1 qmailr qmail 241 Oct 29 17:07 public.txt -rw-r--r-- 1 qmailr qmail 250 Oct 29 17:10 signconf.xml I performed following steps to install the DKIM: ----install required perl packages---- perl-XML-Simple perl-Mail-DKIM perl-XML-Parser --------------------------------------- mkdir /var/qmail/control/dkim dknewkey /var/qmail/control/dkim/global.key > /var/qmail/control/dkim/public.txt perl -pi -e 's/global.key._domainkey/dkim1/' /var/qmail/control/dkim/public.txt ---Download DKIM Package --- wget http://qmailtoaster.org/dkim.tgz tar zxvf dkim.tgz cd dkim qmailctl stop mv signconf.xml /var/qmail/control/dkim/ chown -R qmailr:qmail /var/qmail/control/dkim mv /var/qmail/bin/qmail-remote /var/qmail/bin/qmail-remote.orig mv qmail-remote /var/qmail/bin/ chmod 777 /var/qmail/bin/qmail-remote chown root:qmail /var/qmail/bin/qmail-remote qmailctl start Copy Contents of public.key and paste into dns zone as it is without any modifications. --------------------------------------------- ----- Original Message ----- From: Jake Vickers To: qmailtoaster-list@qmailtoaster.com Sent: Friday, October 30, 2009 10:16 PM Subject: Re: [qmailtoaster] DKIM Error Anil Aliyan wrote: Dear All, I have setup DKIM as per instution in the DKIM video. Everything is setup correctly but still when i see mail hearders on yahoo or gmail i see Authentication-Results: mta164.mail.in.yahoo.com from=gnvfc.net; domainkeys=pass (ok); from=mail.gnvfc.net; dkim=permerror (no key) Secondly, for domain keys it says from=gnvfc.net; domainkeys=pass (ok); and for DKIM is says from=mail.gnvfc.net; dkim=permerror (no key) why is says from=? different in both the cases in domainkeys its gnvfc.net and in DKIM its mail.gnvfc.net. When recipient mail server verifies the key it might be looking for the domain name instead of hostname+domain name. DKIM reads the domain name from the me file in control dir, if i am not wrong. while Domain keys only selects the actual domain name from the email address or sending mailserver. DKIM-Signature: v=1; a=rsa-sha1; c=simple; d=mail.gnvfc.net; h= message-id:reply-to:from:to:subject:date:mime-version :content-type; s=dkim1; DomainKey-Signature: a=rsa-sha1; q=dns; c=nofws; s=private; d=gnvfc.net; I have 5 virtual domains and if i use globalkey for the severs all maildomains will have samekey and every mail deliverd on yahoo will look for d=gnvfc.net for public key. How can i setup dkim for individual domain. and how can i get d=gnvfc.net as shown in RED above in both Signature headers. And is my DKIM entry in DNS is in the format given below, is it correct. I have simply copied it from the public.txt file and pasted into my dns, you can check the same from http://domainkeys.sourceforge.net/selectorcheck.html with dkim.gnvfc.net: dkim1 IN TXT "k=rsa; p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQD0KkrMRWFDOYr41TzzIDAzXVumAXtAXw4XthJPLZ22YwZhh2jtu1V7jnvrywT2aMhh03UdxrGlipI2waX2m1JyTxp5sy07Bgm4AvYZXtm90Jq74b6V7jZqF04ur9IoaN9HEUdaFeY5HeYgab53phMOvwX5UH8Z6qgj3rC7hWtQPwIDAQAB" Regards, Anil Aliyan Show us your DKIM config file. I suspect you have something configured incorrectly there. The DKIM patch for Qmail will allow you to sign multiple domains individually (when configured correctly, Yahoo will look at each domain for the DKIM key). The patch will force you to use ONE key to sign the domains however. So you use the same hash to sign, but each domain will get a DNS entry and each domain will sign for itself by configuring the DKIM config file correctly.
<dkimsign> <!-- per default sign all mails using dkim --> <global algorithm="rsa-sha1" domain="/var/qmail/control/me" keyfile="/var/qmail/control/dkim/global.key" method="simple" selector="dkim1"> <types id="dkim" /> </global> </dkimsign>
--------------------------------------------------------------------------------- Qmailtoaster is sponsored by Vickers Consulting Group (www.vickersconsulting.com) Vickers Consulting Group offers Qmailtoaster support and installations. If you need professional help with your setup, contact them today! --------------------------------------------------------------------------------- Please visit qmailtoaster.com for the latest news, updates, and packages. To unsubscribe, e-mail: qmailtoaster-list-unsubscr...@qmailtoaster.com For additional commands, e-mail: qmailtoaster-list-h...@qmailtoaster.com