Re: [gentoo-user] Postfix and Domainkeys
On 14.01.2009 06:24, Jason Carson wrote: >> On 12.01.2009 00:13, Jason Carson wrote: >>> Greetings, >>> >>> I am trying to setup postfix with domainkeys. I installed dk-milter and >>> ran the following as I was told to do after emerging it ... >> DomainKeys is deprecated and is replaced by DKIM. You are much better >> off using mail-filter/dkim-milter. If you are using amavisd-new with >> your postfix, I suggest you use amavisd-new to check and sign your mail >> and do not use milters at all. > > Can I use both dk-milter and dkim-milter simultaneously? Yes you can use both simultaneously. First sign with domainkeys and then with DKIM. -- Eray
Re: [gentoo-user] Postfix and Domainkeys
> On 12.01.2009 00:13, Jason Carson wrote: >> Greetings, >> >> I am trying to setup postfix with domainkeys. I installed dk-milter and >> ran the following as I was told to do after emerging it ... > > DomainKeys is deprecated and is replaced by DKIM. You are much better > off using mail-filter/dkim-milter. If you are using amavisd-new with > your postfix, I suggest you use amavisd-new to check and sign your mail > and do not use milters at all. Can I use both dk-milter and dkim-milter simultaneously? > [...] >> * After you configured your MTA, publish your key by adding this TXT >> record to your domain: >> * default._domainkey IN TXT "g=; k=rsa; t=y; o=~; p=keygoeshere" >> >> * t=y signifies you only test the DK on your domain. >> * See the DomainKeys specification for more info. >> >> but I don't understand what this part mean... > > You need to publish your public key in your DNS server so that others > can check your signature. > >> * Make sure you add these parameters to your dk-filter command line: >> * -b sv -d your-domain.com -H -s /etc/mail/dk-filter/default.private -S >> default >> >> ...Anyone know what to do? > > You need to read up on DKIM (or domainkeys if you want to go that way). > Links below should get you started: > > http://www.dkim.org/ > http://en.wikipedia.org/wiki/DomainKeys > http://www.ijs.si/software/amavisd/amavisd-new-docs.html#dkim > http://www.postfix.org/MILTER_README.html > > -- > Eray > >
Re: [gentoo-user] Postfix and Domainkeys
>> On 12.01.2009 17:33, Jason Carson wrote: >> [...] >>> I don't understand what this part below means... >>> >>> Make sure you add these parameters to your dk-filter command line: >>> -b sv -d your-domain.com -H -s /etc/mail/dk-filter/default.private >>> -S default >>> >>> I tried the following two commands with no luck >>> >>> dk-filter -b sv -d jasoncarson.ca -H -s >>> /etc/mail/dk-filter/default.private -S default >>> >>> ...and... >>> >>> /etc/init.d/dk-filter -b sv -d jasoncarson.ca -H -s >>> /etc/mail/dk-filter/default.private -S default >>> >>> ...any other suggestions or am I doing something wrong? >> >> It's been awhile but: >> >> Make the necessary changes: >> vi /etc/mail/dk-filter/dk-filter.conf >> >> and start the milter: >> /etc/init.d/dk-filter start >> >> -- >> Eray > > ok, the file is /usr/portage/mail-filter/dk-milter/files/dk-filter.conf or > /etc/conf.d/dk-filter (they both look the same when you open them up)so I > modified /etc/conf.d/dk-filter and started the milter but Postfix still > isn't signing emails. The only two options I was told to add to the > postfix main.cf file was... > > smtpd_milters = unix:/var/run/dk-filter/dk-filter.sock > non_smtpd_milters = unix:/var/run/dk-filter/dk-filter.sock > Here is what I have added to /etc/conf.d/dk-filter ADDITIONAL_OPTS="-l -b sv -d jasoncarson.ca -H -s /etc/mail/dk-filter/jason.private -S jason \ -C badsignature=reject,dnserror=tempfail,internal=tempfail,nosignature=accept,signaturemissing=reject" The emails are now being signed with a domainkey but when I run a test here http://www.mailradar.com/domainkeys/ it comes back as... "Domain-Key Status: NOT PASSED" Anyone have any suggestions as to what I am doing wrong?
Re: [gentoo-user] Postfix and Domainkeys
> On 12.01.2009 17:33, Jason Carson wrote: > [...] >> I don't understand what this part below means... >> >> Make sure you add these parameters to your dk-filter command line: >> -b sv -d your-domain.com -H -s /etc/mail/dk-filter/default.private >> -S default >> >> I tried the following two commands with no luck >> >> dk-filter -b sv -d jasoncarson.ca -H -s >> /etc/mail/dk-filter/default.private -S default >> >> ...and... >> >> /etc/init.d/dk-filter -b sv -d jasoncarson.ca -H -s >> /etc/mail/dk-filter/default.private -S default >> >> ...any other suggestions or am I doing something wrong? > > It's been awhile but: > > Make the necessary changes: > vi /etc/mail/dk-filter/dk-filter.conf > > and start the milter: > /etc/init.d/dk-filter start > > -- > Eray ok, the file is /usr/portage/mail-filter/dk-milter/files/dk-filter.conf or /etc/conf.d/dk-filter (they both look the same when you open them up)so I modified /etc/conf.d/dk-filter and started the milter but Postfix still isn't signing emails. The only two options I was told to add to the postfix main.cf file was... smtpd_milters = unix:/var/run/dk-filter/dk-filter.sock non_smtpd_milters = unix:/var/run/dk-filter/dk-filter.sock
Re: [gentoo-user] Postfix and Domainkeys
On 12.01.2009 17:33, Jason Carson wrote: [...] > I don't understand what this part below means... > > Make sure you add these parameters to your dk-filter command line: > -b sv -d your-domain.com -H -s /etc/mail/dk-filter/default.private > -S default > > I tried the following two commands with no luck > > dk-filter -b sv -d jasoncarson.ca -H -s > /etc/mail/dk-filter/default.private -S default > > ...and... > > /etc/init.d/dk-filter -b sv -d jasoncarson.ca -H -s > /etc/mail/dk-filter/default.private -S default > > ...any other suggestions or am I doing something wrong? It's been awhile but: Make the necessary changes: vi /etc/mail/dk-filter/dk-filter.conf and start the milter: /etc/init.d/dk-filter start -- Eray
Re: [gentoo-user] Postfix and Domainkeys
> On 12.01.2009 00:13, Jason Carson wrote: >> Greetings, >> >> I am trying to setup postfix with domainkeys. I installed dk-milter and >> ran the following as I was told to do after emerging it ... > > DomainKeys is deprecated and is replaced by DKIM. You are much better > off using mail-filter/dkim-milter. If you are using amavisd-new with > your postfix, I suggest you use amavisd-new to check and sign your mail > and do not use milters at all. > > [...] >> * After you configured your MTA, publish your key by adding this TXT >> record to your domain: >> * default._domainkey IN TXT "g=; k=rsa; t=y; o=~; p=keygoeshere" >> >> * t=y signifies you only test the DK on your domain. >> * See the DomainKeys specification for more info. >> >> but I don't understand what this part mean... I don't understand what this part below means... Make sure you add these parameters to your dk-filter command line: -b sv -d your-domain.com -H -s /etc/mail/dk-filter/default.private -S default I tried the following two commands with no luck dk-filter -b sv -d jasoncarson.ca -H -s /etc/mail/dk-filter/default.private -S default ...and... /etc/init.d/dk-filter -b sv -d jasoncarson.ca -H -s /etc/mail/dk-filter/default.private -S default ...any other suggestions or am I doing something wrong? > http://www.dkim.org/ > http://en.wikipedia.org/wiki/DomainKeys > http://www.ijs.si/software/amavisd/amavisd-new-docs.html#dkim > http://www.postfix.org/MILTER_README.html Thanks for the links, I will check them out.
Re: [gentoo-user] Postfix and Domainkeys
On 12.01.2009 00:13, Jason Carson wrote: > Greetings, > > I am trying to setup postfix with domainkeys. I installed dk-milter and > ran the following as I was told to do after emerging it ... DomainKeys is deprecated and is replaced by DKIM. You are much better off using mail-filter/dkim-milter. If you are using amavisd-new with your postfix, I suggest you use amavisd-new to check and sign your mail and do not use milters at all. [...] > * After you configured your MTA, publish your key by adding this TXT > record to your domain: > * default._domainkey IN TXT "g=; k=rsa; t=y; o=~; p=keygoeshere" > > * t=y signifies you only test the DK on your domain. > * See the DomainKeys specification for more info. > > but I don't understand what this part mean... You need to publish your public key in your DNS server so that others can check your signature. > * Make sure you add these parameters to your dk-filter command line: > * -b sv -d your-domain.com -H -s /etc/mail/dk-filter/default.private -S > default > > ...Anyone know what to do? You need to read up on DKIM (or domainkeys if you want to go that way). Links below should get you started: http://www.dkim.org/ http://en.wikipedia.org/wiki/DomainKeys http://www.ijs.si/software/amavisd/amavisd-new-docs.html#dkim http://www.postfix.org/MILTER_README.html -- Eray