[qmailtoaster] Re: qmail-dk
On 04/26/2011 09:04 PM, Helmut Fritz wrote: Hello! I am running latest version of toaster and had a client run into the qmail-dk signing issue last night – with only one email recipient. He tried multiple times to send the email – same thing. “554 qmail-dk: Cannot sign message due to invalid message syntax. (#5.3.0)” There are very rare (unidentified) circumstances where this error occurs. Is it still best practice to unlink qmail-dk and use qmail-queue.orig? TTBOMK, yes. Is there a good way to use DKSIGNing? I found a reference to some scripts by a Kyle Wheeler. http://qmail.jms1.net/patches/domainkeys.shtml JMS recommends *not* patching qmail to implement DK. Kyle's method uses perl scripts, which is much more flexible. See http://www.memoryhole.net/qmail/#dkim I haven't implemented Jake's DKIM scripts yet personally. I suspect they're the same as Kyle's, but I'm not sure. Would someone care to compare these with what Jake's video uses and verify if they're the same or not? If they're not the same, I'd like to see a comparison. is DKSIGNing necessary or suggested? Is qmail-dk now reliable and something different caused the issue with this one recipient address? opinion If DK isn't yet deprecated, it probably should be. DKIM is preferable. /opinion DKIM is not required. It *may* affect deliverability to some destinations, but I'm not sure to what degree. Someone else may have some experiences to share in this area. -- -Eric 'shubes' - Qmailtoaster is sponsored by Vickers Consulting Group (www.vickersconsulting.com) Vickers Consulting Group offers Qmailtoaster support and installations. If you need professional help with your setup, contact them today! - Please visit qmailtoaster.com for the latest news, updates, and packages. To unsubscribe, e-mail: qmailtoaster-list-unsubscr...@qmailtoaster.com For additional commands, e-mail: qmailtoaster-list-h...@qmailtoaster.com
RE: [qmailtoaster] Re: qmail-dk
Thx Eric. Yeah I was more pointing out the scripts. I will check out Jakes, and it would be great to get opinions on DKIM. Necessary? Or just good to do? Or not really needed? Helmut -Original Message- From: Eric Shubert [mailto:e...@shubes.net] Sent: Wednesday, April 27, 2011 7:43 AM To: qmailtoaster-list@qmailtoaster.com Subject: [qmailtoaster] Re: qmail-dk On 04/26/2011 09:04 PM, Helmut Fritz wrote: Hello! I am running latest version of toaster and had a client run into the qmail-dk signing issue last night - with only one email recipient. He tried multiple times to send the email - same thing. 554 qmail-dk: Cannot sign message due to invalid message syntax. (#5.3.0) There are very rare (unidentified) circumstances where this error occurs. Is it still best practice to unlink qmail-dk and use qmail-queue.orig? TTBOMK, yes. Is there a good way to use DKSIGNing? I found a reference to some scripts by a Kyle Wheeler. http://qmail.jms1.net/patches/domainkeys.shtml JMS recommends *not* patching qmail to implement DK. Kyle's method uses perl scripts, which is much more flexible. See http://www.memoryhole.net/qmail/#dkim I haven't implemented Jake's DKIM scripts yet personally. I suspect they're the same as Kyle's, but I'm not sure. Would someone care to compare these with what Jake's video uses and verify if they're the same or not? If they're not the same, I'd like to see a comparison. is DKSIGNing necessary or suggested? Is qmail-dk now reliable and something different caused the issue with this one recipient address? opinion If DK isn't yet deprecated, it probably should be. DKIM is preferable. /opinion DKIM is not required. It *may* affect deliverability to some destinations, but I'm not sure to what degree. Someone else may have some experiences to share in this area. -- -Eric 'shubes' - Qmailtoaster is sponsored by Vickers Consulting Group (www.vickersconsulting.com) Vickers Consulting Group offers Qmailtoaster support and installations. If you need professional help with your setup, contact them today! - Please visit qmailtoaster.com for the latest news, updates, and packages. To unsubscribe, e-mail: qmailtoaster-list-unsubscr...@qmailtoaster.com For additional commands, e-mail: qmailtoaster-list-h...@qmailtoaster.com - Qmailtoaster is sponsored by Vickers Consulting Group (www.vickersconsulting.com) Vickers Consulting Group offers Qmailtoaster support and installations. If you need professional help with your setup, contact them today! - Please visit qmailtoaster.com for the latest news, updates, and packages. To unsubscribe, e-mail: qmailtoaster-list-unsubscr...@qmailtoaster.com For additional commands, e-mail: qmailtoaster-list-h...@qmailtoaster.com
[qmailtoaster] Re: qmail-dk
I would like to see opinions about this as well. Most of my QMT hosts have been on dynamic IPs in the past, so they use a smarthost relay. A few have been converted to static IPs recently, and I'm in the process of converting them to send mail out directly. I expect there will be a few hoops to jump through, for instance with yahoo. We should probably have a wiki page that addresses deliverability issues. Some are probably already covered in the faqs. Does anyone have any insights they'd care to share? -- -Eric 'shubes' On 04/27/2011 09:46 AM, Helmut Fritz wrote: Thx Eric. Yeah I was more pointing out the scripts. I will check out Jakes, and it would be great to get opinions on DKIM. Necessary? Or just good to do? Or not really needed? Helmut -Original Message- From: Eric Shubert [mailto:e...@shubes.net] Sent: Wednesday, April 27, 2011 7:43 AM To: qmailtoaster-list@qmailtoaster.com Subject: [qmailtoaster] Re: qmail-dk On 04/26/2011 09:04 PM, Helmut Fritz wrote: Hello! I am running latest version of toaster and had a client run into the qmail-dk signing issue last night - with only one email recipient. He tried multiple times to send the email - same thing. 554 qmail-dk: Cannot sign message due to invalid message syntax. (#5.3.0) There are very rare (unidentified) circumstances where this error occurs. Is it still best practice to unlink qmail-dk and use qmail-queue.orig? TTBOMK, yes. Is there a good way to use DKSIGNing? I found a reference to some scripts by a Kyle Wheeler. http://qmail.jms1.net/patches/domainkeys.shtml JMS recommends *not* patching qmail to implement DK. Kyle's method uses perl scripts, which is much more flexible. See http://www.memoryhole.net/qmail/#dkim I haven't implemented Jake's DKIM scripts yet personally. I suspect they're the same as Kyle's, but I'm not sure. Would someone care to compare these with what Jake's video uses and verify if they're the same or not? If they're not the same, I'd like to see a comparison. is DKSIGNing necessary or suggested? Is qmail-dk now reliable and something different caused the issue with this one recipient address? opinion If DK isn't yet deprecated, it probably should be. DKIM is preferable. /opinion DKIM is not required. It *may* affect deliverability to some destinations, but I'm not sure to what degree. Someone else may have some experiences to share in this area. -- -Eric 'shubes' - Qmailtoaster is sponsored by Vickers Consulting Group (www.vickersconsulting.com) Vickers Consulting Group offers Qmailtoaster support and installations. If you need professional help with your setup, contact them today! - Please visit qmailtoaster.com for the latest news, updates, and packages. To unsubscribe, e-mail: qmailtoaster-list-unsubscr...@qmailtoaster.com For additional commands, e-mail: qmailtoaster-list-h...@qmailtoaster.com
RE: [qmailtoaster] Re: qmail-dk
ATT/Bellsouth (now part of Yahoo's email) have always been difficult for deliverability from private mail servers. This is even evident when using static IP's on commercial lines (T1/T3/SHDSL). -P. Ring -Original Message- From: Eric Shubert [mailto:e...@shubes.net] Sent: Wednesday, April 27, 2011 12:06 PM To: qmailtoaster-list@qmailtoaster.com Subject: [qmailtoaster] Re: qmail-dk I would like to see opinions about this as well. Most of my QMT hosts have been on dynamic IPs in the past, so they use a smarthost relay. A few have been converted to static IPs recently, and I'm in the process of converting them to send mail out directly. I expect there will be a few hoops to jump through, for instance with yahoo. We should probably have a wiki page that addresses deliverability issues. Some are probably already covered in the faqs. Does anyone have any insights they'd care to share? -- -Eric 'shubes' On 04/27/2011 09:46 AM, Helmut Fritz wrote: Thx Eric. Yeah I was more pointing out the scripts. I will check out Jakes, and it would be great to get opinions on DKIM. Necessary? Or just good to do? Or not really needed? Helmut -Original Message- From: Eric Shubert [mailto:e...@shubes.net] Sent: Wednesday, April 27, 2011 7:43 AM To: qmailtoaster-list@qmailtoaster.com Subject: [qmailtoaster] Re: qmail-dk On 04/26/2011 09:04 PM, Helmut Fritz wrote: Hello! I am running latest version of toaster and had a client run into the qmail-dk signing issue last night - with only one email recipient. He tried multiple times to send the email - same thing. 554 qmail-dk: Cannot sign message due to invalid message syntax. (#5.3.0) There are very rare (unidentified) circumstances where this error occurs. Is it still best practice to unlink qmail-dk and use qmail-queue.orig? TTBOMK, yes. Is there a good way to use DKSIGNing? I found a reference to some scripts by a Kyle Wheeler. http://qmail.jms1.net/patches/domainkeys.shtml JMS recommends *not* patching qmail to implement DK. Kyle's method uses perl scripts, which is much more flexible. See http://www.memoryhole.net/qmail/#dkim I haven't implemented Jake's DKIM scripts yet personally. I suspect they're the same as Kyle's, but I'm not sure. Would someone care to compare these with what Jake's video uses and verify if they're the same or not? If they're not the same, I'd like to see a comparison. is DKSIGNing necessary or suggested? Is qmail-dk now reliable and something different caused the issue with this one recipient address? opinion If DK isn't yet deprecated, it probably should be. DKIM is preferable. /opinion DKIM is not required. It *may* affect deliverability to some destinations, but I'm not sure to what degree. Someone else may have some experiences to share in this area. -- -Eric 'shubes' - Qmailtoaster is sponsored by Vickers Consulting Group (www.vickersconsulting.com) Vickers Consulting Group offers Qmailtoaster support and installations. If you need professional help with your setup, contact them today! - Please visit qmailtoaster.com for the latest news, updates, and packages. To unsubscribe, e-mail: qmailtoaster-list-unsubscr...@qmailtoaster.com For additional commands, e-mail: qmailtoaster-list-h...@qmailtoaster.com - Qmailtoaster is sponsored by Vickers Consulting Group (www.vickersconsulting.com) Vickers Consulting Group offers Qmailtoaster support and installations. If you need professional help with your setup, contact them today! - Please visit qmailtoaster.com for the latest news, updates, and packages. To unsubscribe, e-mail: qmailtoaster-list-unsubscr...@qmailtoaster.com For additional commands, e-mail: qmailtoaster-list-h...@qmailtoaster.com
RE: [qmailtoaster] Re: qmail-dk
-Original Message- From: Eric Shubert [mailto:e...@shubes.net] Sent: Wednesday, April 27, 2011 12:06 PM To: qmailtoaster-list@qmailtoaster.com Subject: [qmailtoaster] Re: qmail-dk I would like to see opinions about this as well. Most of my QMT hosts have been on dynamic IPs in the past, so they use a smarthost relay. A few have been converted to static IPs recently, and I'm in the process of converting them to send mail out directly. I expect there will be a few hoops to jump through, for instance with yahoo. We should probably have a wiki page that addresses deliverability issues. Some are probably already covered in the faqs. Does anyone have any insights they'd care to share? -- I have found that SPF / DomainKeys / DKIM increases the correct delivery to services list MSN, Yahoo, Gmail, etc whereas before some of our emails would go into the Spam folder instead of the Inbox. Scott - Qmailtoaster is sponsored by Vickers Consulting Group (www.vickersconsulting.com) Vickers Consulting Group offers Qmailtoaster support and installations. If you need professional help with your setup, contact them today! - Please visit qmailtoaster.com for the latest news, updates, and packages. To unsubscribe, e-mail: qmailtoaster-list-unsubscr...@qmailtoaster.com For additional commands, e-mail: qmailtoaster-list-h...@qmailtoaster.com
RE: [qmailtoaster] Re: qmail-dk
Scott, Are all three of those necessary? Desired? What if one has SPF records but does not implement DKIM? Personally I have been running without DKIM. The most trouble I have had has been with AOL, but I implemented a feedback loop and all seems good so far. I have had occasional problems with SBCGlobal as well, but only when a registration process for an event creates a flood of emails to a particular email address (the event organizer). The only issue there is that there is no real way to follow up on a complaint from AOL. Someone can report an email as a SPAM, AOL forwards it to the feedback email address, but removes the reporting email address to protect their customer. So now I cannot actually have that email address removed from the list that sent the email. And even though removal links are included in all list emails sent (I run the system for my client) the spam reporter does not bother to use those and just reports it to AOL abuse. arrgh! -Original Message- From: Scott Hughes [mailto:sc...@renshawauto.net] Sent: Wednesday, April 27, 2011 11:10 AM To: qmailtoaster-list@qmailtoaster.com Subject: RE: [qmailtoaster] Re: qmail-dk -Original Message- From: Eric Shubert [mailto:e...@shubes.net] Sent: Wednesday, April 27, 2011 12:06 PM To: qmailtoaster-list@qmailtoaster.com Subject: [qmailtoaster] Re: qmail-dk I would like to see opinions about this as well. Most of my QMT hosts have been on dynamic IPs in the past, so they use a smarthost relay. A few have been converted to static IPs recently, and I'm in the process of converting them to send mail out directly. I expect there will be a few hoops to jump through, for instance with yahoo. We should probably have a wiki page that addresses deliverability issues. Some are probably already covered in the faqs. Does anyone have any insights they'd care to share? -- I have found that SPF / DomainKeys / DKIM increases the correct delivery to services list MSN, Yahoo, Gmail, etc whereas before some of our emails would go into the Spam folder instead of the Inbox. Scott - Qmailtoaster is sponsored by Vickers Consulting Group (www.vickersconsulting.com) Vickers Consulting Group offers Qmailtoaster support and installations. If you need professional help with your setup, contact them today! - Please visit qmailtoaster.com for the latest news, updates, and packages. To unsubscribe, e-mail: qmailtoaster-list-unsubscr...@qmailtoaster.com For additional commands, e-mail: qmailtoaster-list-h...@qmailtoaster.com - Qmailtoaster is sponsored by Vickers Consulting Group (www.vickersconsulting.com) Vickers Consulting Group offers Qmailtoaster support and installations. If you need professional help with your setup, contact them today! - Please visit qmailtoaster.com for the latest news, updates, and packages. To unsubscribe, e-mail: qmailtoaster-list-unsubscr...@qmailtoaster.com For additional commands, e-mail: qmailtoaster-list-h...@qmailtoaster.com
Re: [qmailtoaster] Re: using registrar's DNS instead of djbdns or Bind
Sorry to be a pest... The config docs at http://wiki.qmailtoaster.com/index.php/CentOS_5_QmailToaster_Install says the following Make dns entry: BIND - in the your-domain.com zone file (see public.txt for the private._domainkey.your-domain.com entry): _domainkey.your-domain.com. IN TXT t=y; o=- Note: This is putting it into test mode. If you are done testing, and want to take it out of testing mode, change the above to reflect below. _domainkey.your-domain.com. IN TXT o=- Then also add this to your zone file: private._domainkey.your-domain.com. IN TXT k=rsa; p=MEwwDQY . . . to end of key (NOTE QUOTATION MARKS MUST BE THERE) - - - - - - I can replace that with : # yum install caching-nameserver # service start named # chkconfig named on Then put nameserver 127.0.0.1 as the first record in your /etc/resolv.conf file. Add the A and MX records at my registrar and I'm done other than the testing you suggest in the config docs. Thanks again for all your support and guidance! - - - - - On Tue, Apr 26, 2011 at 2:30 PM, Eric Shubert e...@shubes.net wrote: On 04/26/2011 02:08 PM, Scott Hughes wrote: -Original Message- From: Eric Shubert [mailto:e...@shubes.net] Sent: Tuesday, April 26, 2011 4:01 PM To: qmailtoaster-list@qmailtoaster.com Subject: [qmailtoaster] Re: using registrar's DNS instead of djbdns or Bind Just set up your authoritative DNS (A,MX) records at your registrar. QMT doesn't need to know about that at all. Then on QMT, simply: # yum install caching-nameserver # service start named # chkconfig named on Then put nameserver 127.0.0.1 as the first record in your /etc/resolv.conf file. That's all you need to do. Your QMT host doesn't give a hoot about authoritative DNS. It'll get everything it needs from the recursor (aka caching-nameserver). Eric, When I installed the caching-nameserver on my main QMT server I had to edit the config file so that it would forward lookups. I had to do this on the new machine I just recently built as well. Thanks, Scott That's a good thing to do, but it isn't required. I was a little lazy writing the post. Plus, the upstream recursor you choose can vary depending on you ISP or geographical location. Here's what I'm presently using in my /etc/named.conf file: // // named.conf // options { forward first; forwarders { 205.171.3.25; 208.67.222.220; 205.171.2.25; 208.67.222.222; }; }; logging { category lame-servers { null; }; }; The 205.171.n.25 recursors are Qwest's, and the 208.67.222.220 (there are others as well) are OpenDNS. It's be really nice if someone would write up a wiki page. I'd be glad to edit it. The existing DomainKeys page would be a good starting point. That page is obsolete when it comes to the DomainKeys part (DKIM is replacing DK), but I think the general DNS stuff there will continue to be valid. Would someone care to do this? -- -Eric 'shubes' - Qmailtoaster is sponsored by Vickers Consulting Group ( www.vickersconsulting.com) Vickers Consulting Group offers Qmailtoaster support and installations. If you need professional help with your setup, contact them today! - Please visit qmailtoaster.com for the latest news, updates, and packages. To unsubscribe, e-mail: qmailtoaster-list-unsubscr...@qmailtoaster.com For additional commands, e-mail: qmailtoaster-list-h...@qmailtoaster.com
[qmailtoaster] open relay
Hey I wanted to verify I am not running an open relay. I asked the question on the Phoenix Linux User's Group list and was given a link that requires I install some software. I thought I better ask here because I'm running Qmail Toaster on CentOS 5.6 and you guys are the experts. I appreciate all your guidance and help! -- Keith Smith Internet Marketing LLC (480) 272-9268 PHP Programming Services Search Engine Optimization
Re: [qmailtoaster] open relay
On 04/28/2011 11:07 AM, Keith Smith wrote: Hey I wanted to verify I am not running an open relay. I asked the question on the Phoenix Linux User's Group list and was given a link that requires I install some software. I thought I better ask here because I'm running Qmail Toaster on CentOS 5.6 and you guys are the experts. I did a google search and this come up. http://www.spamhelp.org/shopenrelay/ P.V.Anthony - Qmailtoaster is sponsored by Vickers Consulting Group (www.vickersconsulting.com) Vickers Consulting Group offers Qmailtoaster support and installations. If you need professional help with your setup, contact them today! - Please visit qmailtoaster.com for the latest news, updates, and packages. To unsubscribe, e-mail: qmailtoaster-list-unsubscr...@qmailtoaster.com For additional commands, e-mail: qmailtoaster-list-h...@qmailtoaster.com
Re: [qmailtoaster] open relay
P.V.Anthony wrote: On 04/28/2011 11:07 AM, Keith Smith wrote: Hey I wanted to verify I am not running an open relay. I asked the question on the Phoenix Linux User's Group list and was given a link that requires I install some software. I thought I better ask here because I'm running Qmail Toaster on CentOS 5.6 and you guys are the experts. I did a google search and this come up. http://www.spamhelp.org/shopenrelay/ P.V.Anthony - Qmailtoaster is sponsored by Vickers Consulting Group (www.vickersconsulting.com) Vickers Consulting Group offers Qmailtoaster support and installations. If you need professional help with your setup, contact them today! - Please visit qmailtoaster.com for the latest news, updates, and packages. To unsubscribe, e-mail: qmailtoaster-list-unsubscr...@qmailtoaster.com For additional commands, e-mail: qmailtoaster-list-h...@qmailtoaster.com Here is what I have used in the past. http://www.mxtoolbox.com/diagnostic.aspx -- Cecil Yother, Jr. "cj" cj's 2318 Clement Ave Alameda, CA 94501 tel 510.865.2787 http://yother.com Check out the new Volvo classified resource http://www.volvoclassified.com - Qmailtoaster is sponsored by Vickers Consulting Group (www.vickersconsulting.com) Vickers Consulting Group offers Qmailtoaster support and installations. If you need professional help with your setup, contact them today! - Please visit qmailtoaster.com for the latest news, updates, and packages. To unsubscribe, e-mail: qmailtoaster-list-unsubscr...@qmailtoaster.com For additional commands, e-mail: qmailtoaster-list-h...@qmailtoaster.com
Re: [qmailtoaster] Re: using registrar's DNS instead of djbdns or Bind
On 04/28/11 7:34, Keith Smith wrote: Sorry to be a pest... The config docs at http://wiki.qmailtoaster.com/index.php/CentOS_5_QmailToaster_Install says the following Make dns entry: BIND - in the your-domain.com http://your-domain.com zone file (see public.txt for the private._domainkey.your-domain.com http://domainkey.your-domain.com entry): _domainkey.your-domain.com http://domainkey.your-domain.com. IN TXT t=y; o=- Note: This is putting it into test mode. If you are done testing, and want to take it out of testing mode, change the above to reflect below. _domainkey.your-domain.com http://domainkey.your-domain.com. IN TXT o=- Then also add this to your zone file: private._domainkey.your-domain.com http://domainkey.your-domain.com. IN TXT k=rsa; p=MEwwDQY . . . to end of key (NOTE QUOTATION MARKS MUST BE THERE) - - - - - - I can replace that with : # yum install caching-nameserver # service start named # chkconfig named on Then put nameserver 127.0.0.1 as the first record in your /etc/resolv.conf file. Add the A and MX records at my registrar and I'm done other than the testing you suggest in the config docs. Thanks again for all your support and guidance! - - - - - Yes you may, go ahead. DNS Authoritative is optional on QMT BOX BUT DNS Cache is conditionally must have on QMT BOX if on your LAN don't have DNS Cache server see here where I put note regarding QMT-ISO install http://wiki.qmailtoaster.com/index.php/QMT-ISO_Manual_Guide#Add_DNS_server http://wiki.qmailtoaster.com/index.php/QMT-ISO_Manual_Guide#Configure_Bind
Re: [qmailtoaster] open relay
On 04/28/2011 09:50 AM, Maxwell Smart wrote: P.V.Anthony wrote: On 04/28/2011 11:07 AM, Keith Smith wrote: Hey I wanted to verify I am not running an open relay. I asked the question on the Phoenix Linux User's Group list and was given a link that requires I install some software. I thought I better ask here because I'm running Qmail Toaster on CentOS 5.6 and you guys are the experts. I did a google search and this come up. http://www.spamhelp.org/shopenrelay/ P.V.Anthony Here is what I have used in the past. http://www.mxtoolbox.com/diagnostic.aspx Abuse.net - http://abuse.net/relay.html - is the standard for checking open relays. Bharath