subject:"dkimproxy_out doesn't sign my outgoing messages"

Re: dkimproxy_out doesn't sign my outgoing messages

2016-11-09 Thread Walter Alejandro Iglesias

On Wed, Nov 09, 2016 at 06:13:47PM +0100, Walter Alejandro Iglesias wrote:
> Taking in care /etc/rc.d/dkimproxy_out flags:
> 
> daemon_flags="--conf_file=/etc/dkimproxy_out.conf --user=_dkimproxy 
> --group=_dkimproxy"
> 
> These files should be owned by _dkimproxy user and group.
> 

It worked!


Big thanks trondd!  (Next time I promise to read the logs more carefully)

Re: dkimproxy_out doesn't sign my outgoing messages

2016-11-09 Thread Walter Alejandro Iglesias

On Wed, Nov 09, 2016 at 11:57:18AM -0500, trondd wrote:
> Should also be in the maillog.

Hey, I think I found the problem:

Nov  9 10:37:12 server dkimproxy.out[38514]: signing error: Error: cannot read 
/var/dkimproxy/default.private: Permission denied


The permissions are:

# ls -l /var/dkimproxy/
total 8
-rw---  1 root  wheel  887 Nov  9 10:50 default.private
-rw---  1 root  wheel  313 Nov  9 10:50 default.txt


Taking in care /etc/rc.d/dkimproxy_out flags:

daemon_flags="--conf_file=/etc/dkimproxy_out.conf --user=_dkimproxy 
--group=_dkimproxy"

These files should be owned by _dkimproxy user and group.

Re: dkimproxy_out doesn't sign my outgoing messages

2016-11-09 Thread Walter Alejandro Iglesias

trondd,

Your response was also useful to me in another more important way.

I took a look to the headers of your message and I observe gmail says
your dkim is correct:

Authentication-Results: mx.google.com;
dkim=pass header.i=@kagu-tsuchi.com;

However, I had to rescue your message from my gmail SPAM folder!

So, I wonder if all these efforts are in vain. :-)

(I'm starting to think spammers are sponsored by them)

Re: dkimproxy_out doesn't sign my outgoing messages

2016-11-09 Thread trondd

On Wed, November 9, 2016 11:39 am, Walter Alejandro Iglesias wrote:
> On Wed, Nov 09, 2016 at 09:27:58AM -0500, trondd wrote:
>> On Wed, November 9, 2016 9:14 am, Walter Alejandro Iglesias wrote:
>> > Hi everyone,
>> >
>> > First of all, is dkimproxy a work in progress?
>> >
>> > If it's not, then the long one.  I've tried something similar to
>> > the example in smtpd.conf(5).  Outgoing messages don't get signed.
>> >
>> >
>> > # dkim-genkey -s default -d mydomain.com -r -D /var/dkimproxy
>> >
>> > /etc/dkimproxy_out.conf
>> > ---
>> > listen127.0.0.1:10027
>> > relay 127.0.0.1:10028
>> > domainmydomain.com
>> > signature dkim(c=relaxed)
>> > signature domainkeys(c=nofws)
>> > keyfile   /var/dkimproxy/default.private
>> > selector  default
>> >
>> >
>> > /etc/mail/smptd.conf
>> > ---
>> > egress_int="em0"
>> > server="server.mydomain.com"
>> > ca $server certificate "/etc/ssl/acme/chain.pem"
>> >
>> > table aliases file:/etc/mail/aliases
>> > table valiases file:/etc/mail/valiases
>> > table vdomains file:/etc/mail/vdomains
>> > table addresses file:/etc/mail/addresses
>> > table users file:/etc/mail/users
>> >
>> > pki $server certificate "/etc/ssl/acme/cert.pem"
>> > pki $server key "/etc/ssl/acme/private/privkey.pem"
>> >
>> > listen on lo0
>> > listen on lo0 port 10028 tag DKIM
>> > listen on $egress_int port 25 tls pki $server
>> > listen on $egress_int port 465 smtps pki $server auth senders 
>> > masquerade
>> >
>> > accept from any for domain  virtual  deliver to
>> mbox
>> > accept for local alias  deliver to mbox
>> > accept tagged DKIM for any relay
>> > accept from local sender  for any relay via
>> > smtp://127.0.0.1:10027
>> >
>> >
>> > Do I need to do something else?  (running current)
>> >
>> >
>> >Walter
>> >
>>
>> Did you add the public key part to DNS for your domain?  What's going on
>> in maillog?
>
> I forgot to mention that, yes, I added the DNS record and checked its
> validity using this site:
>
> http://dkimcore.org/tools/keycheck.html
>
> That tells me it's ok.  Then I been sending to this testing address:
>
> check-a...@verifier.port25.com
>
> where I'm told (in a replay to my same address) the message isn't signed.
>
> /var/log/maillog just shows the message as correctly delivered:
>
> Nov  9 14:16:39 server smtpd[68603]: 44fc40aeb913cba0 mta event=delivery
> evpid=1da22dbaa5825b53 from=<.*@mydomain.com>
> to= rcpt=<-> source="192.168.1.101"
> relay="??.??.??.??" (verifier.port25.com)" delay=2s result="Ok" stat="250
> 2.6.0 message received"
>
>
>>  Are the mails being forwarded to dkimproxy_out and back into
>> smtpd as expected?
>>
>
> How can I check this?
>

Should also be in the maillog.  You should see smtpd accept the initial
connection and relay it to 127.0.0.1 10027.  Then accept a new connection
from 127.0.0.1 or localhost and relay to the destination.

If you don't see that, you can use tcpdump to see if the proxy is ever
contacted.  You can also trace which rules smtpd matched on.  man smtpctl
and search for trace.

I run this at home, but can't access the machine from where I am.  I can
double check your configs later.

Re: dkimproxy_out doesn't sign my outgoing messages

2016-11-09 Thread Walter Alejandro Iglesias

On Wed, Nov 09, 2016 at 09:27:58AM -0500, trondd wrote:
> On Wed, November 9, 2016 9:14 am, Walter Alejandro Iglesias wrote:
> > Hi everyone,
> >
> > First of all, is dkimproxy a work in progress?
> >
> > If it's not, then the long one.  I've tried something similar to
> > the example in smtpd.conf(5).  Outgoing messages don't get signed.
> >
> >
> > # dkim-genkey -s default -d mydomain.com -r -D /var/dkimproxy
> >
> > /etc/dkimproxy_out.conf
> > ---
> > listen127.0.0.1:10027
> > relay 127.0.0.1:10028
> > domainmydomain.com
> > signature dkim(c=relaxed)
> > signature domainkeys(c=nofws)
> > keyfile   /var/dkimproxy/default.private
> > selector  default
> >
> >
> > /etc/mail/smptd.conf
> > ---
> > egress_int="em0"
> > server="server.mydomain.com"
> > ca $server certificate "/etc/ssl/acme/chain.pem"
> >
> > table aliases file:/etc/mail/aliases
> > table valiases file:/etc/mail/valiases
> > table vdomains file:/etc/mail/vdomains
> > table addresses file:/etc/mail/addresses
> > table users file:/etc/mail/users
> >
> > pki $server certificate "/etc/ssl/acme/cert.pem"
> > pki $server key "/etc/ssl/acme/private/privkey.pem"
> >
> > listen on lo0
> > listen on lo0 port 10028 tag DKIM
> > listen on $egress_int port 25 tls pki $server
> > listen on $egress_int port 465 smtps pki $server auth senders 
> > masquerade
> >
> > accept from any for domain  virtual  deliver to mbox
> > accept for local alias  deliver to mbox
> > accept tagged DKIM for any relay
> > accept from local sender  for any relay via
> > smtp://127.0.0.1:10027
> >
> >
> > Do I need to do something else?  (running current)
> >
> >
> > Walter
> >
> 
> Did you add the public key part to DNS for your domain?  What's going on
> in maillog?

I forgot to mention that, yes, I added the DNS record and checked its
validity using this site:

http://dkimcore.org/tools/keycheck.html

That tells me it's ok.  Then I been sending to this testing address:

check-a...@verifier.port25.com

where I'm told (in a replay to my same address) the message isn't signed.

/var/log/maillog just shows the message as correctly delivered:

Nov  9 14:16:39 server smtpd[68603]: 44fc40aeb913cba0 mta event=delivery 
evpid=1da22dbaa5825b53 from=<.*@mydomain.com> 
to= rcpt=<-> source="192.168.1.101" 
relay="??.??.??.??" (verifier.port25.com)" delay=2s result="Ok" stat="250 2.6.0 
message received"


>  Are the mails being forwarded to dkimproxy_out and back into
> smtpd as expected?
> 

How can I check this?

Re: dkimproxy_out doesn't sign my outgoing messages

2016-11-09 Thread trondd

On Wed, November 9, 2016 9:14 am, Walter Alejandro Iglesias wrote:
> Hi everyone,
>
> First of all, is dkimproxy a work in progress?
>
> If it's not, then the long one.  I've tried something similar to
> the example in smtpd.conf(5).  Outgoing messages don't get signed.
>
>
> # dkim-genkey -s default -d mydomain.com -r -D /var/dkimproxy
>
> /etc/dkimproxy_out.conf
> ---
> listen127.0.0.1:10027
> relay 127.0.0.1:10028
> domainmydomain.com
> signature dkim(c=relaxed)
> signature domainkeys(c=nofws)
> keyfile   /var/dkimproxy/default.private
> selector  default
>
>
> /etc/mail/smptd.conf
> ---
> egress_int="em0"
> server="server.mydomain.com"
> ca $server certificate "/etc/ssl/acme/chain.pem"
>
> table aliases file:/etc/mail/aliases
> table valiases file:/etc/mail/valiases
> table vdomains file:/etc/mail/vdomains
> table addresses file:/etc/mail/addresses
> table users file:/etc/mail/users
>
> pki $server certificate "/etc/ssl/acme/cert.pem"
> pki $server key "/etc/ssl/acme/private/privkey.pem"
>
> listen on lo0
> listen on lo0 port 10028 tag DKIM
> listen on $egress_int port 25 tls pki $server
> listen on $egress_int port 465 smtps pki $server auth senders 
> masquerade
>
> accept from any for domain  virtual  deliver to mbox
> accept for local alias  deliver to mbox
> accept tagged DKIM for any relay
> accept from local sender  for any relay via
> smtp://127.0.0.1:10027
>
>
> Do I need to do something else?  (running current)
>
>
>   Walter
>

Did you add the public key part to DNS for your domain?  What's going on
in maillog?  Are the mails being forwarded to dkimproxy_out and back into
smtpd as expected?

dkimproxy_out doesn't sign my outgoing messages

2016-11-09 Thread Walter Alejandro Iglesias

Hi everyone,

First of all, is dkimproxy a work in progress?

If it's not, then the long one.  I've tried something similar to
the example in smtpd.conf(5).  Outgoing messages don't get signed.


# dkim-genkey -s default -d mydomain.com -r -D /var/dkimproxy

/etc/dkimproxy_out.conf
---
listen127.0.0.1:10027
relay 127.0.0.1:10028
domainmydomain.com
signature dkim(c=relaxed)
signature domainkeys(c=nofws)
keyfile   /var/dkimproxy/default.private
selector  default


/etc/mail/smptd.conf
---
egress_int="em0"
server="server.mydomain.com"
ca $server certificate "/etc/ssl/acme/chain.pem"

table aliases file:/etc/mail/aliases
table valiases file:/etc/mail/valiases
table vdomains file:/etc/mail/vdomains
table addresses file:/etc/mail/addresses
table users file:/etc/mail/users

pki $server certificate "/etc/ssl/acme/cert.pem"
pki $server key "/etc/ssl/acme/private/privkey.pem"

listen on lo0
listen on lo0 port 10028 tag DKIM
listen on $egress_int port 25 tls pki $server
listen on $egress_int port 465 smtps pki $server auth senders  masquerade

accept from any for domain  virtual  deliver to mbox
accept for local alias  deliver to mbox
accept tagged DKIM for any relay
accept from local sender  for any relay via smtp://127.0.0.1:10027


Do I need to do something else?  (running current)


Walter

Re: dkimproxy_out doesn't sign my outgoing messages

Re: dkimproxy_out doesn't sign my outgoing messages

Re: dkimproxy_out doesn't sign my outgoing messages

Re: dkimproxy_out doesn't sign my outgoing messages

Re: dkimproxy_out doesn't sign my outgoing messages

Re: dkimproxy_out doesn't sign my outgoing messages

dkimproxy_out doesn't sign my outgoing messages

7 matches

Site Navigation

Mail list logo

Footer information