Eric can chime in also, but I used this site to generate my key pairs. And YES you should go to 1024 or Google will not accept it.
https://www.port25.com/dkim-wizard/ From: Rajesh M <24x7ser...@24x7server.net> Reply-To: <qmailtoaster-list@qmailtoaster.com> Date: Wednesday, January 10, 2018 at 8:51 AM To: <qmailtoaster-list@qmailtoaster.com> Subject: Re: [qmailtoaster] dmarc implementation eric concerning dkim signing i was testing the records for a sample domain i got messages that the "key is insecure since it is less than 384 characters" is it advisable to increase this to 1024 bits ? if yes then how do i do that ? thanks, rajesh ----- Original Message ----- From: Eric Broch [mailto:ebr...@whitehorsetc.com] To: qmailtoaster-list@qmailtoaster.com Sent: Tue, 9 Jan 2018 17:05:02 -0700 Subject: I'm sure it will, but I don't know how much. On 1/9/2018 9:55 AM, Rajesh M wrote: > eric > > it worked correctly but the dns record generated in the MYDOMAIN.com.txt file > was not correct ... not sure what i was doing wrong. > > i used this > > perl -pi -e 's/.key._domainkey//' /var/qmail/control/dkim/otherdomain.com.txt > > googled a bit and entered in the following in my zone file > > selector = otherdomain.com > > _domainkey.otherdomain.com. IN TXT "o=!;r=x...@yyyyy.com" > > otherdomain.com._domainkey.otherdomain.com. IN TXT "v=DKIM1;k=rsa;p=<mykey>" > > > Also will changing the qmail-remote file increase the load on the server, > especially since qmail-remote is no longer a binary ? My servers are quite > busy. > > > > > rajesh > > ----- Original Message ----- > From: Eric Broch [mailto:ebr...@whitehorsetc.com] > To: qmailtoaster-list@qmailtoaster.com > Sent: Tue, 2 Jan 2018 15:09:34 -0700 > Subject: > > Rajesh, > > 1) Yes > > 2) tcp.smtp > > 127.:allow,RELAYCLIENT="",RBLSMTPD="",NOP0FCHECK="1" > > :allow,SPFBEHAVIOR="1",BADMIMETYPE="",BADLOADERTYPE="M",CHKUSER_RCPTLIMIT="200 > ",CHKUSER_WRONGRCPTLIMIT="10",QMAILQUEUE="/var/qmail/bin/qmail-queue.orig",NOP > 0FCHECK="1",SENDER_NOCHECK="1" > > Eric > > > On 1/2/2018 11:20 AM, Rajesh M wrote: >> Eric >> >> 2 questions please >> >> Question 1) >> >> the default qmail install points the symlink for qmailqueue to qmail-dk >> >> which i have changed to >> >> qmail-queue -> qmail-queue.orig >> >> Do keep the same setting which is >> >> qmail-queue -> qmail-queue.orig >> >> >> Question 2) >> >> Could you please send me the corresponding settings required in the tcp.smtp >> file ? >> >> thanks, >> rajesh >> >> >> >> ----- Original Message ----- >> From: Eric Broch [mailto:ebr...@whitehorsetc.com] >> To: qmailtoaster-list@qmailtoaster.com >> Sent: Tue, 2 Jan 2018 08:51:07 -0700 >> Subject: >> >> Hi Rajesh, >> >> Thank you! I appreciate your sentiments and hope your New Year brings >> blessings of health and happiness as well. >> >> This is a better link: >> >> http://qmailtoaster.org/dkim.html >> >> which will show you how to implement per domain. >> >> Remember this is only signing messages going out. As of yet there is no >> dkim checking coming in, I'm looking into that. >> >> Eric >> >> >> On 1/2/2018 7:50 AM, Rajesh M wrote: >>> eric, >>> >>> Wish you a wonderful New Year, full of health and happiness. >>> >>> I wish to implement dmarc on my qmailtoaster servers >>> >>> i am using centos6 64 bit with the latest versions of qmailtoaster >>> >>> SPF is already being used on my server >>> >>> Concerning dkim, currently my qmail-queue is symlinked to qmail-queue.orig >>> and not pointing to qmail-dk >>> >>> qmail-queue -> qmail-queue.orig >>> >>> could you please guide me on the implementation of DMARC >>> >>> i am planning to implement this for all the domains in my server. >>> >>> I saw this link while searching for a solution. >>> >>> https://github.com/qmtoaster/dkim >>> >>> Should i follow these steps as per the above link or would you like >>> recommend some other document. >>> >>> thanks as always, >>> rajesh >>> >>> >>> >>> >>> >>> --------------------------------------------------------------------- >>> To unsubscribe, e-mail: qmailtoaster-list-unsubscr...@qmailtoaster.com >>> For additional commands, e-mail: qmailtoaster-list-h...@qmailtoaster.com >> >> --------------------------------------------------------------------- >> To unsubscribe, e-mail: qmailtoaster-list-unsubscr...@qmailtoaster.com >> For additional commands, e-mail: qmailtoaster-list-h...@qmailtoaster.com > > > --------------------------------------------------------------------- > To unsubscribe, e-mail: qmailtoaster-list-unsubscr...@qmailtoaster.com > For additional commands, e-mail: qmailtoaster-list-h...@qmailtoaster.com -- Eric Broch White Horse Technical Consulting (WHTC) --------------------------------------------------------------------- To unsubscribe, e-mail: qmailtoaster-list-unsubscr...@qmailtoaster.com For additional commands, e-mail: qmailtoaster-list-h...@qmailtoaster.com
