Re: [qmailtoaster] Re: DKIM and DomainKeys and the Toaster
On 18-Feb-11 22:34, Eric Shubert wrote: qmail-dk (aka DomainKeys), I'm sad to say, has some bugs in the inbound (checking) area. Someone (I'm sorry I don't remember the name) spent some time on it a couple years ago, and ran out of time fixing the outbound portion. I recommend removing all DK* variables in the tcp.smtp file, except for DKSIGN. I believe DKSIGN works ok (I have it configured), but I wouldn't bet my life on it. I believe DKIM is preferred (a successor to DK). I haven't used it yet, but I believe Jake and Amit have implemented DKIM successfully. See http://wiki.qmailtoaster.com/index.php/How_to_Setup_DKIM_with_Qmail_Toaster I don't know how well DK and DKIM play together, but if I implemented DKIM, I would disable DK entirely, either by removing DKSIGN in tcp.smtp, or (better) change the /var/qmail/bin/qmail-queue symlink to point to qmail-queue.orig instead of qmail-dk. It appears to me that this DKIM implementation is for outbound only. I'm not aware of any implementation of inbound checking of DK (which works reliably) or DKIM for QMT. It'd be nice if someone would come up with a DKIM checking patch of some sort. although I have followed the steps but somehow I failed to implement dkim on server with following errors, 03-04 16:15:47 delivery 364: failure: se_of_uninitialized_value_in_substitution_(s///)_at_/usr/lib/perl5/vendor_perl/5.8.5/Mail/DKIM/Signature.pm_line_425./ZError_while_signing:_Intended_encoded_message_length_too_short._at_/usr/lib/perl5/vendor_perl/5.8.5/Mail/DKIM/Key.pm_line_84,__line_8./ Error_while_signing:_Intended_encoded_message_length_too_short._at_/usr/lib/perl5/vendor_perl/5.8.8/Mail/DKIM/Key.pm_line_84,__line_8./
Re: [qmailtoaster] Re: DKIM and DomainKeys and the Toaster
On 02/21/2011 02:56 AM, Martin Waschbüsch wrote: Hi Eric, Am 18.02.2011 um 17:07 schrieb Eric Shubert: Great. So the only piece that's missing is checking inbound messages. Anyone care to look into this? I don't know if Jake has already or not. -- -Eric 'shubes' I have been using SpamAssassin to do inbound verification. Obviously, this is not the ideal solution, but it works. Actually, I prefer this method myself. I would rather score a message with an invalid signature and give it a chance to get delivered rather than rejecting off-hand for a misconfigured DNS record or other oversight. My 2-cents. - Qmailtoaster is sponsored by Vickers Consulting Group (www.vickersconsulting.com) Vickers Consulting Group offers Qmailtoaster support and installations. If you need professional help with your setup, contact them today! - Please visit qmailtoaster.com for the latest news, updates, and packages. To unsubscribe, e-mail: qmailtoaster-list-unsubscr...@qmailtoaster.com For additional commands, e-mail: qmailtoaster-list-h...@qmailtoaster.com
[qmailtoaster] Re: DKIM and DomainKeys and the Toaster
On 02/21/2011 07:36 AM, Jake Vickers wrote: On 02/21/2011 02:56 AM, Martin Waschbüsch wrote: Hi Eric, Am 18.02.2011 um 17:07 schrieb Eric Shubert: Great. So the only piece that's missing is checking inbound messages. Anyone care to look into this? I don't know if Jake has already or not. -- -Eric 'shubes' I have been using SpamAssassin to do inbound verification. Obviously, this is not the ideal solution, but it works. Actually, I prefer this method myself. I would rather score a message with an invalid signature and give it a chance to get delivered rather than rejecting off-hand for a misconfigured DNS record or other oversight. My 2-cents. That sounds good to me. If someone wanted to reject outright, they could simply adjust the scoring. Case closed. -- -Eric 'shubes' - Qmailtoaster is sponsored by Vickers Consulting Group (www.vickersconsulting.com) Vickers Consulting Group offers Qmailtoaster support and installations. If you need professional help with your setup, contact them today! - Please visit qmailtoaster.com for the latest news, updates, and packages. To unsubscribe, e-mail: qmailtoaster-list-unsubscr...@qmailtoaster.com For additional commands, e-mail: qmailtoaster-list-h...@qmailtoaster.com
Re: [qmailtoaster] Re: DKIM and DomainKeys and the Toaster
Hi Eric, Am 18.02.2011 um 17:07 schrieb Eric Shubert: Great. So the only piece that's missing is checking inbound messages. Anyone care to look into this? I don't know if Jake has already or not. -- -Eric 'shubes' I have been using SpamAssassin to do inbound verification. Obviously, this is not the ideal solution, but it works. -- Martin Waschbüsch IT-Dienstleistungen Lautensackstr. 16 80687 München Telefon: +49 89 57005708 Fax: +49 89 57868023 Mobil: +49 170 2189794 mar...@waschbuesch.de http://martin.waschbuesch.de - Qmailtoaster is sponsored by Vickers Consulting Group (www.vickersconsulting.com) Vickers Consulting Group offers Qmailtoaster support and installations. If you need professional help with your setup, contact them today! - Please visit qmailtoaster.com for the latest news, updates, and packages. To unsubscribe, e-mail: qmailtoaster-list-unsubscr...@qmailtoaster.com For additional commands, e-mail: qmailtoaster-list-h...@qmailtoaster.com
[qmailtoaster] Re: DKIM and DomainKeys and the Toaster
qmail-dk (aka DomainKeys), I'm sad to say, has some bugs in the inbound (checking) area. Someone (I'm sorry I don't remember the name) spent some time on it a couple years ago, and ran out of time fixing the outbound portion. I recommend removing all DK* variables in the tcp.smtp file, except for DKSIGN. I believe DKSIGN works ok (I have it configured), but I wouldn't bet my life on it. I believe DKIM is preferred (a successor to DK). I haven't used it yet, but I believe Jake and Amit have implemented DKIM successfully. See http://wiki.qmailtoaster.com/index.php/How_to_Setup_DKIM_with_Qmail_Toaster I don't know how well DK and DKIM play together, but if I implemented DKIM, I would disable DK entirely, either by removing DKSIGN in tcp.smtp, or (better) change the /var/qmail/bin/qmail-queue symlink to point to qmail-queue.orig instead of qmail-dk. It appears to me that this DKIM implementation is for outbound only. I'm not aware of any implementation of inbound checking of DK (which works reliably) or DKIM for QMT. It'd be nice if someone would come up with a DKIM checking patch of some sort. -- -Eric 'shubes' On 02/17/2011 07:39 PM, Dan McAllister wrote: Greeting QMT and QTP affectionados... I endeavored to help PV Anthony resolve his SpamDyke issues a little bit ago and discovered to my dismay that my DomainKeys system was rejecting messages for no good reason -- ESPECIALLY if the sending domain had NO DomainKeys DNS entries! Needless to say, this is problematic, so I've temporarily suspended checking for DomainKeys Has anyone else experienced this recently? (I've used DomainKeys for quite some time without reason to suspect it was problematic! Was I just blind to the issues all this time??) Thanks in advance to any who choose to discuss this... Dan IT4SOHO - Qmailtoaster is sponsored by Vickers Consulting Group (www.vickersconsulting.com) Vickers Consulting Group offers Qmailtoaster support and installations. If you need professional help with your setup, contact them today! - Qmailtoaster is sponsored by Vickers Consulting Group (www.vickersconsulting.com) Vickers Consulting Group offers Qmailtoaster support and installations. If you need professional help with your setup, contact them today! - Please visit qmailtoaster.com for the latest news, updates, and packages. To unsubscribe, e-mail: qmailtoaster-list-unsubscr...@qmailtoaster.com For additional commands, e-mail: qmailtoaster-list-h...@qmailtoaster.com
Re: [qmailtoaster] Re: DKIM and DomainKeys and the Toaster
Eric, Jake's instructions work like a charm and also note: that implementation can take care of both DKIM and DK (both of which I am making use of on my toaster). Martin Von meinem iPhone gesendet Am 18.02.2011 um 16:34 schrieb Eric Shubert e...@shubes.net: qmail-dk (aka DomainKeys), I'm sad to say, has some bugs in the inbound (checking) area. Someone (I'm sorry I don't remember the name) spent some time on it a couple years ago, and ran out of time fixing the outbound portion. I recommend removing all DK* variables in the tcp.smtp file, except for DKSIGN. I believe DKSIGN works ok (I have it configured), but I wouldn't bet my life on it. I believe DKIM is preferred (a successor to DK). I haven't used it yet, but I believe Jake and Amit have implemented DKIM successfully. See http://wiki.qmailtoaster.com/index.php/How_to_Setup_DKIM_with_Qmail_Toaster I don't know how well DK and DKIM play together, but if I implemented DKIM, I would disable DK entirely, either by removing DKSIGN in tcp.smtp, or (better) change the /var/qmail/bin/qmail-queue symlink to point to qmail-queue.orig instead of qmail-dk. It appears to me that this DKIM implementation is for outbound only. I'm not aware of any implementation of inbound checking of DK (which works reliably) or DKIM for QMT. It'd be nice if someone would come up with a DKIM checking patch of some sort. -- -Eric 'shubes' On 02/17/2011 07:39 PM, Dan McAllister wrote: Greeting QMT and QTP affectionados... I endeavored to help PV Anthony resolve his SpamDyke issues a little bit ago and discovered to my dismay that my DomainKeys system was rejecting messages for no good reason -- ESPECIALLY if the sending domain had NO DomainKeys DNS entries! Needless to say, this is problematic, so I've temporarily suspended checking for DomainKeys Has anyone else experienced this recently? (I've used DomainKeys for quite some time without reason to suspect it was problematic! Was I just blind to the issues all this time??) Thanks in advance to any who choose to discuss this... Dan IT4SOHO - Qmailtoaster is sponsored by Vickers Consulting Group (www.vickersconsulting.com) Vickers Consulting Group offers Qmailtoaster support and installations. If you need professional help with your setup, contact them today! - Qmailtoaster is sponsored by Vickers Consulting Group (www.vickersconsulting.com) Vickers Consulting Group offers Qmailtoaster support and installations. If you need professional help with your setup, contact them today! - Please visit qmailtoaster.com for the latest news, updates, and packages. To unsubscribe, e-mail: qmailtoaster-list-unsubscr...@qmailtoaster.com For additional commands, e-mail: qmailtoaster-list-h...@qmailtoaster.com - Qmailtoaster is sponsored by Vickers Consulting Group (www.vickersconsulting.com) Vickers Consulting Group offers Qmailtoaster support and installations. If you need professional help with your setup, contact them today! - Please visit qmailtoaster.com for the latest news, updates, and packages. To unsubscribe, e-mail: qmailtoaster-list-unsubscr...@qmailtoaster.com For additional commands, e-mail: qmailtoaster-list-h...@qmailtoaster.com
[qmailtoaster] Re: DKIM and DomainKeys and the Toaster
Great. So the only piece that's missing is checking inbound messages. Anyone care to look into this? I don't know if Jake has already or not. -- -Eric 'shubes' On 02/18/2011 08:57 AM, Martin Waschbüsch wrote: Eric, Jake's instructions work like a charm and also note: that implementation can take care of both DKIM and DK (both of which I am making use of on my toaster). Martin Von meinem iPhone gesendet Am 18.02.2011 um 16:34 schrieb Eric Shuberte...@shubes.net: qmail-dk (aka DomainKeys), I'm sad to say, has some bugs in the inbound (checking) area. Someone (I'm sorry I don't remember the name) spent some time on it a couple years ago, and ran out of time fixing the outbound portion. I recommend removing all DK* variables in the tcp.smtp file, except for DKSIGN. I believe DKSIGN works ok (I have it configured), but I wouldn't bet my life on it. I believe DKIM is preferred (a successor to DK). I haven't used it yet, but I believe Jake and Amit have implemented DKIM successfully. See http://wiki.qmailtoaster.com/index.php/How_to_Setup_DKIM_with_Qmail_Toaster I don't know how well DK and DKIM play together, but if I implemented DKIM, I would disable DK entirely, either by removing DKSIGN in tcp.smtp, or (better) change the /var/qmail/bin/qmail-queue symlink to point to qmail-queue.orig instead of qmail-dk. It appears to me that this DKIM implementation is for outbound only. I'm not aware of any implementation of inbound checking of DK (which works reliably) or DKIM for QMT. It'd be nice if someone would come up with a DKIM checking patch of some sort. -- -Eric 'shubes' On 02/17/2011 07:39 PM, Dan McAllister wrote: Greeting QMT and QTP affectionados... I endeavored to help PV Anthony resolve his SpamDyke issues a little bit ago and discovered to my dismay that my DomainKeys system was rejecting messages for no good reason -- ESPECIALLY if the sending domain had NO DomainKeys DNS entries! Needless to say, this is problematic, so I've temporarily suspended checking for DomainKeys Has anyone else experienced this recently? (I've used DomainKeys for quite some time without reason to suspect it was problematic! Was I just blind to the issues all this time??) Thanks in advance to any who choose to discuss this... Dan IT4SOHO - - Qmailtoaster is sponsored by Vickers Consulting Group (www.vickersconsulting.com) Vickers Consulting Group offers Qmailtoaster support and installations. If you need professional help with your setup, contact them today! - Please visit qmailtoaster.com for the latest news, updates, and packages. To unsubscribe, e-mail: qmailtoaster-list-unsubscr...@qmailtoaster.com For additional commands, e-mail: qmailtoaster-list-h...@qmailtoaster.com
