RE: Fwd: Re: [qmailtoaster] dmarc implementation
eric and jaime thank you very much for your help i have dkim, dmarc and simscan on ramdisk implemented. regds rajesh - Original Message - From: Eric Broch [mailto:ebr...@whitehorsetc.com] To: qmailtoaster-list@qmailtoaster.com Sent: Wed, 10 Jan 2018 08:32:35 -0700 Subject: dknewkey domain.tld.key 1024 > domain.tld.txt On 1/10/2018 6:51 AM, Rajesh M wrote: > eric > > concerning dkim signing > > i was testing the records for a sample domain i got messages that the "key is > insecure since it is less than 384 characters" > > is it advisable to increase this to 1024 bits ? > > if yes then how do i do that ? > > thanks, > rajesh > > > - Original Message - > From: Eric Broch [mailto:ebr...@whitehorsetc.com] > To:qmailtoaster-list@qmailtoaster.com > Sent: Tue, 9 Jan 2018 17:05:02 -0700 > Subject: > > I'm sure it will, but I don't know how much. > > > On 1/9/2018 9:55 AM, Rajesh M wrote: >> eric >> >> it worked correctly but the dns record generated in the MYDOMAIN.com.txt >> file was not correct ... not sure what i was doing wrong. >> >> i used this >> >> perl -pi -e 's/.key._domainkey//' /var/qmail/control/dkim/otherdomain.com.txt >> >> googled a bit and entered in the following in my zone file >> >> selector = otherdomain.com >> >> _domainkey.otherdomain.com. IN TXT"o=!;r=x...@y.com" >> >> otherdomain.com._domainkey.otherdomain.com. IN TXT "v=DKIM1;k=rsa;p=" >> >> >> Also will changing the qmail-remote file increase the load on the server, >> especially since qmail-remote is no longer a binary ? My servers are quite >> busy. >> >> >> >> >> rajesh >> >> - Original Message - >> From: Eric Broch [mailto:ebr...@whitehorsetc.com] >> To:qmailtoaster-list@qmailtoaster.com >> Sent: Tue, 2 Jan 2018 15:09:34 -0700 >> Subject: >> >> Rajesh, >> >> 1) Yes >> >> 2) tcp.smtp >> >> 127.:allow,RELAYCLIENT="",RBLSMTPD="",NOP0FCHECK="1" >> :allow,SPFBEHAVIOR="1",BADMIMETYPE="",BADLOADERTYPE="M",CHKUSER_RCPTLIMIT="200",CHKUSER_WRONGRCPTLIMIT="10",QMAILQUEUE="/var/qmail/bin/qmail-queue.orig",NOP0FCHECK="1",SENDER_NOCHECK="1" >> >> Eric >> >> >> On 1/2/2018 11:20 AM, Rajesh M wrote: >>> Eric >>> >>> 2 questions please >>> >>> Question 1) >>> >>> the default qmail install points the symlink for qmailqueue to qmail-dk >>> >>> which i have changed to >>> >>> qmail-queue -> qmail-queue.orig >>> >>> Do keep the same setting which is >>> >>> qmail-queue -> qmail-queue.orig >>> >>> >>> Question 2) >>> >>> Could you please send me the corresponding settings required in the >>> tcp.smtp file ? >>> >>> thanks, >>> rajesh >>> >>> >>> >>> - Original Message - >>> From: Eric Broch [mailto:ebr...@whitehorsetc.com] >>> To:qmailtoaster-list@qmailtoaster.com >>> Sent: Tue, 2 Jan 2018 08:51:07 -0700 >>> Subject: >>> >>> Hi Rajesh, >>> >>> Thank you! I appreciate your sentiments and hope your New Year brings >>> blessings of health and happiness as well. >>> >>> This is a better link: >>> >>> http://qmailtoaster.org/dkim.html >>> >>> which will show you how to implement per domain. >>> >>> Remember this is only signing messages going out. As of yet there is no >>> dkim checking coming in, I'm looking into that. >>> >>> Eric >>> >>> >>> On 1/2/2018 7:50 AM, Rajesh M wrote: eric, Wish you a wonderful New Year, full of health and happiness. I wish to implement dmarc on my qmailtoaster servers i am using centos6 64 bit with the latest versions of qmailtoaster SPF is already being used on my server Concerning dkim, currently my qmail-queue is symlinked to qmail-queue.orig and not pointing to qmail-dk qmail-queue -> qmail-queue.orig could you please guide me on the implementation of DMARC i am planning to implement this for all the domains in my server. I saw this link while searching for a solution. https://github.com/qmtoaster/dkim Should i follow these steps as per the above link or would you like recommend some other document. thanks as always, rajesh - To unsubscribe, e-mail:qmailtoaster-list-unsubscr...@qmailtoaster.com For additional commands, e-mail:qmailtoaster-list-h...@qmailtoaster.com >>> - >>> To unsubscribe, e-mail:qmailtoaster-list-unsubscr...@qmailtoaster.com >>> For additional commands, e-mail:qmailtoaster-list-h...@qmailtoaster.com >> - >> To unsubscribe, e-mail:qmailtoaster-list-unsubscr...@qmailtoaster.com >> For additional commands, e-mail:qmailtoaster-list-h...@qmailtoaster.com > > > - > To unsubscribe, e-mail:qmailtoaster-list-unsubscr...@qmailtoaster.com > For additional commands, e-mail:qmailtoaster-list-h...@qmailtoaster.com --
Fwd: Re: [qmailtoaster] dmarc implementation
dknewkey domain.tld.key 1024 > domain.tld.txt On 1/10/2018 6:51 AM, Rajesh M wrote: eric concerning dkim signing i was testing the records for a sample domain i got messages that the "key is insecure since it is less than 384 characters" is it advisable to increase this to 1024 bits ? if yes then how do i do that ? thanks, rajesh - Original Message - From: Eric Broch [mailto:ebr...@whitehorsetc.com] To:qmailtoaster-list@qmailtoaster.com Sent: Tue, 9 Jan 2018 17:05:02 -0700 Subject: I'm sure it will, but I don't know how much. On 1/9/2018 9:55 AM, Rajesh M wrote: eric it worked correctly but the dns record generated in the MYDOMAIN.com.txt file was not correct ... not sure what i was doing wrong. i used this perl -pi -e 's/.key._domainkey//' /var/qmail/control/dkim/otherdomain.com.txt googled a bit and entered in the following in my zone file selector = otherdomain.com _domainkey.otherdomain.com. IN TXT"o=!;r=x...@y.com" otherdomain.com._domainkey.otherdomain.com. IN TXT "v=DKIM1;k=rsa;p=" Also will changing the qmail-remote file increase the load on the server, especially since qmail-remote is no longer a binary ? My servers are quite busy. rajesh - Original Message - From: Eric Broch [mailto:ebr...@whitehorsetc.com] To:qmailtoaster-list@qmailtoaster.com Sent: Tue, 2 Jan 2018 15:09:34 -0700 Subject: Rajesh, 1) Yes 2) tcp.smtp 127.:allow,RELAYCLIENT="",RBLSMTPD="",NOP0FCHECK="1" :allow,SPFBEHAVIOR="1",BADMIMETYPE="",BADLOADERTYPE="M",CHKUSER_RCPTLIMIT="200",CHKUSER_WRONGRCPTLIMIT="10",QMAILQUEUE="/var/qmail/bin/qmail-queue.orig",NOP0FCHECK="1",SENDER_NOCHECK="1" Eric On 1/2/2018 11:20 AM, Rajesh M wrote: Eric 2 questions please Question 1) the default qmail install points the symlink for qmailqueue to qmail-dk which i have changed to qmail-queue -> qmail-queue.orig Do keep the same setting which is qmail-queue -> qmail-queue.orig Question 2) Could you please send me the corresponding settings required in the tcp.smtp file ? thanks, rajesh - Original Message - From: Eric Broch [mailto:ebr...@whitehorsetc.com] To:qmailtoaster-list@qmailtoaster.com Sent: Tue, 2 Jan 2018 08:51:07 -0700 Subject: Hi Rajesh, Thank you! I appreciate your sentiments and hope your New Year brings blessings of health and happiness as well. This is a better link: http://qmailtoaster.org/dkim.html which will show you how to implement per domain. Remember this is only signing messages going out. As of yet there is no dkim checking coming in, I'm looking into that. Eric On 1/2/2018 7:50 AM, Rajesh M wrote: eric, Wish you a wonderful New Year, full of health and happiness. I wish to implement dmarc on my qmailtoaster servers i am using centos6 64 bit with the latest versions of qmailtoaster SPF is already being used on my server Concerning dkim, currently my qmail-queue is symlinked to qmail-queue.orig and not pointing to qmail-dk qmail-queue -> qmail-queue.orig could you please guide me on the implementation of DMARC i am planning to implement this for all the domains in my server. I saw this link while searching for a solution. https://github.com/qmtoaster/dkim Should i follow these steps as per the above link or would you like recommend some other document. thanks as always, rajesh - To unsubscribe, e-mail:qmailtoaster-list-unsubscr...@qmailtoaster.com For additional commands, e-mail:qmailtoaster-list-h...@qmailtoaster.com - To unsubscribe, e-mail:qmailtoaster-list-unsubscr...@qmailtoaster.com For additional commands, e-mail:qmailtoaster-list-h...@qmailtoaster.com - To unsubscribe, e-mail:qmailtoaster-list-unsubscr...@qmailtoaster.com For additional commands, e-mail:qmailtoaster-list-h...@qmailtoaster.com - To unsubscribe, e-mail:qmailtoaster-list-unsubscr...@qmailtoaster.com For additional commands, e-mail:qmailtoaster-list-h...@qmailtoaster.com -- Eric Broch White Horse Technical Consulting (WHTC)
Re: [qmailtoaster] dmarc implementation
Eric can chime in also, but I used this site to generate my key pairs. And YES you should go to 1024 or Google will not accept it. https://www.port25.com/dkim-wizard/ From: Rajesh M <24x7ser...@24x7server.net> Reply-To: <qmailtoaster-list@qmailtoaster.com> Date: Wednesday, January 10, 2018 at 8:51 AM To: <qmailtoaster-list@qmailtoaster.com> Subject: Re: [qmailtoaster] dmarc implementation eric concerning dkim signing i was testing the records for a sample domain i got messages that the "key is insecure since it is less than 384 characters" is it advisable to increase this to 1024 bits ? if yes then how do i do that ? thanks, rajesh - Original Message - From: Eric Broch [mailto:ebr...@whitehorsetc.com] To: qmailtoaster-list@qmailtoaster.com Sent: Tue, 9 Jan 2018 17:05:02 -0700 Subject: I'm sure it will, but I don't know how much. On 1/9/2018 9:55 AM, Rajesh M wrote: > eric > > it worked correctly but the dns record generated in the MYDOMAIN.com.txt file > was not correct ... not sure what i was doing wrong. > > i used this > > perl -pi -e 's/.key._domainkey//' /var/qmail/control/dkim/otherdomain.com.txt > > googled a bit and entered in the following in my zone file > > selector = otherdomain.com > > _domainkey.otherdomain.com. IN TXT "o=!;r=x...@y.com" > > otherdomain.com._domainkey.otherdomain.com. IN TXT "v=DKIM1;k=rsa;p=" > > > Also will changing the qmail-remote file increase the load on the server, > especially since qmail-remote is no longer a binary ? My servers are quite > busy. > > > > > rajesh > > - Original Message - > From: Eric Broch [mailto:ebr...@whitehorsetc.com] > To: qmailtoaster-list@qmailtoaster.com > Sent: Tue, 2 Jan 2018 15:09:34 -0700 > Subject: > > Rajesh, > > 1) Yes > > 2) tcp.smtp > > 127.:allow,RELAYCLIENT="",RBLSMTPD="",NOP0FCHECK="1" > > :allow,SPFBEHAVIOR="1",BADMIMETYPE="",BADLOADERTYPE="M",CHKUSER_RCPTLIMIT="200 > ",CHKUSER_WRONGRCPTLIMIT="10",QMAILQUEUE="/var/qmail/bin/qmail-queue.orig",NOP > 0FCHECK="1",SENDER_NOCHECK="1" > > Eric > > > On 1/2/2018 11:20 AM, Rajesh M wrote: >> Eric >> >> 2 questions please >> >> Question 1) >> >> the default qmail install points the symlink for qmailqueue to qmail-dk >> >> which i have changed to >> >> qmail-queue -> qmail-queue.orig >> >> Do keep the same setting which is >> >> qmail-queue -> qmail-queue.orig >> >> >> Question 2) >> >> Could you please send me the corresponding settings required in the tcp.smtp >> file ? >> >> thanks, >> rajesh >> >> >> >> - Original Message - >> From: Eric Broch [mailto:ebr...@whitehorsetc.com] >> To: qmailtoaster-list@qmailtoaster.com >> Sent: Tue, 2 Jan 2018 08:51:07 -0700 >> Subject: >> >> Hi Rajesh, >> >> Thank you! I appreciate your sentiments and hope your New Year brings >> blessings of health and happiness as well. >> >> This is a better link: >> >> http://qmailtoaster.org/dkim.html >> >> which will show you how to implement per domain. >> >> Remember this is only signing messages going out. As of yet there is no >> dkim checking coming in, I'm looking into that. >> >> Eric >> >> >> On 1/2/2018 7:50 AM, Rajesh M wrote: >>> eric, >>> >>> Wish you a wonderful New Year, full of health and happiness. >>> >>> I wish to implement dmarc on my qmailtoaster servers >>> >>> i am using centos6 64 bit with the latest versions of qmailtoaster >>> >>> SPF is already being used on my server >>> >>> Concerning dkim, currently my qmail-queue is symlinked to qmail-queue.orig >>> and not pointing to qmail-dk >>> >>> qmail-queue -> qmail-queue.orig >>> >>> could you please guide me on the implementation of DMARC >>> >>> i am planning to implement this for all the domains in my server. >>> >>> I saw this link while searching for a solution. >>> >>> https://github.com/qmtoaster/dkim >>> >>> Should i follow these steps as per the above link or would you like >>> recommend some other document. >>> >>> thanks as always, >>> rajesh >>> >>> >>> >>> >>&
Re: [qmailtoaster] dmarc implementation
eric concerning dkim signing i was testing the records for a sample domain i got messages that the "key is insecure since it is less than 384 characters" is it advisable to increase this to 1024 bits ? if yes then how do i do that ? thanks, rajesh - Original Message - From: Eric Broch [mailto:ebr...@whitehorsetc.com] To: qmailtoaster-list@qmailtoaster.com Sent: Tue, 9 Jan 2018 17:05:02 -0700 Subject: I'm sure it will, but I don't know how much. On 1/9/2018 9:55 AM, Rajesh M wrote: > eric > > it worked correctly but the dns record generated in the MYDOMAIN.com.txt file > was not correct ... not sure what i was doing wrong. > > i used this > > perl -pi -e 's/.key._domainkey//' /var/qmail/control/dkim/otherdomain.com.txt > > googled a bit and entered in the following in my zone file > > selector = otherdomain.com > > _domainkey.otherdomain.com. IN TXT "o=!;r=x...@y.com" > > otherdomain.com._domainkey.otherdomain.com. IN TXT "v=DKIM1;k=rsa;p=" > > > Also will changing the qmail-remote file increase the load on the server, > especially since qmail-remote is no longer a binary ? My servers are quite > busy. > > > > > rajesh > > - Original Message - > From: Eric Broch [mailto:ebr...@whitehorsetc.com] > To: qmailtoaster-list@qmailtoaster.com > Sent: Tue, 2 Jan 2018 15:09:34 -0700 > Subject: > > Rajesh, > > 1) Yes > > 2) tcp.smtp > > 127.:allow,RELAYCLIENT="",RBLSMTPD="",NOP0FCHECK="1" > :allow,SPFBEHAVIOR="1",BADMIMETYPE="",BADLOADERTYPE="M",CHKUSER_RCPTLIMIT="200",CHKUSER_WRONGRCPTLIMIT="10",QMAILQUEUE="/var/qmail/bin/qmail-queue.orig",NOP0FCHECK="1",SENDER_NOCHECK="1" > > Eric > > > On 1/2/2018 11:20 AM, Rajesh M wrote: >> Eric >> >> 2 questions please >> >> Question 1) >> >> the default qmail install points the symlink for qmailqueue to qmail-dk >> >> which i have changed to >> >> qmail-queue -> qmail-queue.orig >> >> Do keep the same setting which is >> >> qmail-queue -> qmail-queue.orig >> >> >> Question 2) >> >> Could you please send me the corresponding settings required in the tcp.smtp >> file ? >> >> thanks, >> rajesh >> >> >> >> - Original Message - >> From: Eric Broch [mailto:ebr...@whitehorsetc.com] >> To: qmailtoaster-list@qmailtoaster.com >> Sent: Tue, 2 Jan 2018 08:51:07 -0700 >> Subject: >> >> Hi Rajesh, >> >> Thank you! I appreciate your sentiments and hope your New Year brings >> blessings of health and happiness as well. >> >> This is a better link: >> >> http://qmailtoaster.org/dkim.html >> >> which will show you how to implement per domain. >> >> Remember this is only signing messages going out. As of yet there is no >> dkim checking coming in, I'm looking into that. >> >> Eric >> >> >> On 1/2/2018 7:50 AM, Rajesh M wrote: >>> eric, >>> >>> Wish you a wonderful New Year, full of health and happiness. >>> >>> I wish to implement dmarc on my qmailtoaster servers >>> >>> i am using centos6 64 bit with the latest versions of qmailtoaster >>> >>> SPF is already being used on my server >>> >>> Concerning dkim, currently my qmail-queue is symlinked to qmail-queue.orig >>> and not pointing to qmail-dk >>> >>> qmail-queue -> qmail-queue.orig >>> >>> could you please guide me on the implementation of DMARC >>> >>> i am planning to implement this for all the domains in my server. >>> >>> I saw this link while searching for a solution. >>> >>> https://github.com/qmtoaster/dkim >>> >>> Should i follow these steps as per the above link or would you like >>> recommend some other document. >>> >>> thanks as always, >>> rajesh >>> >>> >>> >>> >>> >>> - >>> To unsubscribe, e-mail: qmailtoaster-list-unsubscr...@qmailtoaster.com >>> For additional commands, e-mail: qmailtoaster-list-h...@qmailtoaster.com >> >> - >> To unsubscribe, e-mail: qmailtoaster-list-unsubscr...@qmailtoaster.com >> For additional commands, e-mail: qmailtoaster-list-h...@qmailtoaster.com > > > - > To unsubscribe, e-mail: qmailtoaster-list-unsubscr...@qmailtoaster.com > For additional commands, e-mail: qmailtoaster-list-h...@qmailtoaster.com -- Eric Broch White Horse Technical Consulting (WHTC) - To unsubscribe, e-mail: qmailtoaster-list-unsubscr...@qmailtoaster.com For additional commands, e-mail: qmailtoaster-list-h...@qmailtoaster.com
Re: [qmailtoaster] dmarc implementation
I'm sure it will, but I don't know how much. On 1/9/2018 9:55 AM, Rajesh M wrote: eric it worked correctly but the dns record generated in the MYDOMAIN.com.txt file was not correct ... not sure what i was doing wrong. i used this perl -pi -e 's/.key._domainkey//' /var/qmail/control/dkim/otherdomain.com.txt googled a bit and entered in the following in my zone file selector = otherdomain.com _domainkey.otherdomain.com. IN TXT "o=!;r=x...@y.com" otherdomain.com._domainkey.otherdomain.com. IN TXT "v=DKIM1;k=rsa;p=" Also will changing the qmail-remote file increase the load on the server, especially since qmail-remote is no longer a binary ? My servers are quite busy. rajesh - Original Message - From: Eric Broch [mailto:ebr...@whitehorsetc.com] To: qmailtoaster-list@qmailtoaster.com Sent: Tue, 2 Jan 2018 15:09:34 -0700 Subject: Rajesh, 1) Yes 2) tcp.smtp 127.:allow,RELAYCLIENT="",RBLSMTPD="",NOP0FCHECK="1" :allow,SPFBEHAVIOR="1",BADMIMETYPE="",BADLOADERTYPE="M",CHKUSER_RCPTLIMIT="200",CHKUSER_WRONGRCPTLIMIT="10",QMAILQUEUE="/var/qmail/bin/qmail-queue.orig",NOP0FCHECK="1",SENDER_NOCHECK="1" Eric On 1/2/2018 11:20 AM, Rajesh M wrote: Eric 2 questions please Question 1) the default qmail install points the symlink for qmailqueue to qmail-dk which i have changed to qmail-queue -> qmail-queue.orig Do keep the same setting which is qmail-queue -> qmail-queue.orig Question 2) Could you please send me the corresponding settings required in the tcp.smtp file ? thanks, rajesh - Original Message - From: Eric Broch [mailto:ebr...@whitehorsetc.com] To: qmailtoaster-list@qmailtoaster.com Sent: Tue, 2 Jan 2018 08:51:07 -0700 Subject: Hi Rajesh, Thank you! I appreciate your sentiments and hope your New Year brings blessings of health and happiness as well. This is a better link: http://qmailtoaster.org/dkim.html which will show you how to implement per domain. Remember this is only signing messages going out. As of yet there is no dkim checking coming in, I'm looking into that. Eric On 1/2/2018 7:50 AM, Rajesh M wrote: eric, Wish you a wonderful New Year, full of health and happiness. I wish to implement dmarc on my qmailtoaster servers i am using centos6 64 bit with the latest versions of qmailtoaster SPF is already being used on my server Concerning dkim, currently my qmail-queue is symlinked to qmail-queue.orig and not pointing to qmail-dk qmail-queue -> qmail-queue.orig could you please guide me on the implementation of DMARC i am planning to implement this for all the domains in my server. I saw this link while searching for a solution. https://github.com/qmtoaster/dkim Should i follow these steps as per the above link or would you like recommend some other document. thanks as always, rajesh - To unsubscribe, e-mail: qmailtoaster-list-unsubscr...@qmailtoaster.com For additional commands, e-mail: qmailtoaster-list-h...@qmailtoaster.com - To unsubscribe, e-mail: qmailtoaster-list-unsubscr...@qmailtoaster.com For additional commands, e-mail: qmailtoaster-list-h...@qmailtoaster.com - To unsubscribe, e-mail: qmailtoaster-list-unsubscr...@qmailtoaster.com For additional commands, e-mail: qmailtoaster-list-h...@qmailtoaster.com -- Eric Broch White Horse Technical Consulting (WHTC)
Re: [qmailtoaster] dmarc implementation
eric it worked correctly but the dns record generated in the MYDOMAIN.com.txt file was not correct ... not sure what i was doing wrong. i used this perl -pi -e 's/.key._domainkey//' /var/qmail/control/dkim/otherdomain.com.txt googled a bit and entered in the following in my zone file selector = otherdomain.com _domainkey.otherdomain.com. IN TXT "o=!;r=x...@y.com" otherdomain.com._domainkey.otherdomain.com. IN TXT "v=DKIM1;k=rsa;p=" Also will changing the qmail-remote file increase the load on the server, especially since qmail-remote is no longer a binary ? My servers are quite busy. rajesh - Original Message - From: Eric Broch [mailto:ebr...@whitehorsetc.com] To: qmailtoaster-list@qmailtoaster.com Sent: Tue, 2 Jan 2018 15:09:34 -0700 Subject: Rajesh, 1) Yes 2) tcp.smtp 127.:allow,RELAYCLIENT="",RBLSMTPD="",NOP0FCHECK="1" :allow,SPFBEHAVIOR="1",BADMIMETYPE="",BADLOADERTYPE="M",CHKUSER_RCPTLIMIT="200",CHKUSER_WRONGRCPTLIMIT="10",QMAILQUEUE="/var/qmail/bin/qmail-queue.orig",NOP0FCHECK="1",SENDER_NOCHECK="1" Eric On 1/2/2018 11:20 AM, Rajesh M wrote: > Eric > > 2 questions please > > Question 1) > > the default qmail install points the symlink for qmailqueue to qmail-dk > > which i have changed to > > qmail-queue -> qmail-queue.orig > > Do keep the same setting which is > > qmail-queue -> qmail-queue.orig > > > Question 2) > > Could you please send me the corresponding settings required in the tcp.smtp > file ? > > thanks, > rajesh > > > > - Original Message - > From: Eric Broch [mailto:ebr...@whitehorsetc.com] > To: qmailtoaster-list@qmailtoaster.com > Sent: Tue, 2 Jan 2018 08:51:07 -0700 > Subject: > > Hi Rajesh, > > Thank you! I appreciate your sentiments and hope your New Year brings > blessings of health and happiness as well. > > This is a better link: > > http://qmailtoaster.org/dkim.html > > which will show you how to implement per domain. > > Remember this is only signing messages going out. As of yet there is no > dkim checking coming in, I'm looking into that. > > Eric > > > On 1/2/2018 7:50 AM, Rajesh M wrote: >> eric, >> >> Wish you a wonderful New Year, full of health and happiness. >> >> I wish to implement dmarc on my qmailtoaster servers >> >> i am using centos6 64 bit with the latest versions of qmailtoaster >> >> SPF is already being used on my server >> >> Concerning dkim, currently my qmail-queue is symlinked to qmail-queue.orig >> and not pointing to qmail-dk >> >> qmail-queue -> qmail-queue.orig >> >> could you please guide me on the implementation of DMARC >> >> i am planning to implement this for all the domains in my server. >> >> I saw this link while searching for a solution. >> >> https://github.com/qmtoaster/dkim >> >> Should i follow these steps as per the above link or would you like >> recommend some other document. >> >> thanks as always, >> rajesh >> >> >> >> >> >> - >> To unsubscribe, e-mail: qmailtoaster-list-unsubscr...@qmailtoaster.com >> For additional commands, e-mail: qmailtoaster-list-h...@qmailtoaster.com > > > - > To unsubscribe, e-mail: qmailtoaster-list-unsubscr...@qmailtoaster.com > For additional commands, e-mail: qmailtoaster-list-h...@qmailtoaster.com -- Eric Broch White Horse Technical Consulting (WHTC) - To unsubscribe, e-mail: qmailtoaster-list-unsubscr...@qmailtoaster.com For additional commands, e-mail: qmailtoaster-list-h...@qmailtoaster.com
Re: [qmailtoaster] dmarc implementation
eric thank you. i will check this out and revert. regds rajesh - Original Message - From: Eric Broch [mailto:ebr...@whitehorsetc.com] To: qmailtoaster-list@qmailtoaster.com Sent: Tue, 2 Jan 2018 15:09:34 -0700 Subject: Rajesh, 1) Yes 2) tcp.smtp 127.:allow,RELAYCLIENT="",RBLSMTPD="",NOP0FCHECK="1" :allow,SPFBEHAVIOR="1",BADMIMETYPE="",BADLOADERTYPE="M",CHKUSER_RCPTLIMIT="200",CHKUSER_WRONGRCPTLIMIT="10",QMAILQUEUE="/var/qmail/bin/qmail-queue.orig",NOP0FCHECK="1",SENDER_NOCHECK="1" Eric On 1/2/2018 11:20 AM, Rajesh M wrote: > Eric > > 2 questions please > > Question 1) > > the default qmail install points the symlink for qmailqueue to qmail-dk > > which i have changed to > > qmail-queue -> qmail-queue.orig > > Do keep the same setting which is > > qmail-queue -> qmail-queue.orig > > > Question 2) > > Could you please send me the corresponding settings required in the tcp.smtp > file ? > > thanks, > rajesh > > > > - Original Message - > From: Eric Broch [mailto:ebr...@whitehorsetc.com] > To: qmailtoaster-list@qmailtoaster.com > Sent: Tue, 2 Jan 2018 08:51:07 -0700 > Subject: > > Hi Rajesh, > > Thank you! I appreciate your sentiments and hope your New Year brings > blessings of health and happiness as well. > > This is a better link: > > http://qmailtoaster.org/dkim.html > > which will show you how to implement per domain. > > Remember this is only signing messages going out. As of yet there is no > dkim checking coming in, I'm looking into that. > > Eric > > > On 1/2/2018 7:50 AM, Rajesh M wrote: >> eric, >> >> Wish you a wonderful New Year, full of health and happiness. >> >> I wish to implement dmarc on my qmailtoaster servers >> >> i am using centos6 64 bit with the latest versions of qmailtoaster >> >> SPF is already being used on my server >> >> Concerning dkim, currently my qmail-queue is symlinked to qmail-queue.orig >> and not pointing to qmail-dk >> >> qmail-queue -> qmail-queue.orig >> >> could you please guide me on the implementation of DMARC >> >> i am planning to implement this for all the domains in my server. >> >> I saw this link while searching for a solution. >> >> https://github.com/qmtoaster/dkim >> >> Should i follow these steps as per the above link or would you like >> recommend some other document. >> >> thanks as always, >> rajesh >> >> >> >> >> >> - >> To unsubscribe, e-mail: qmailtoaster-list-unsubscr...@qmailtoaster.com >> For additional commands, e-mail: qmailtoaster-list-h...@qmailtoaster.com > > > - > To unsubscribe, e-mail: qmailtoaster-list-unsubscr...@qmailtoaster.com > For additional commands, e-mail: qmailtoaster-list-h...@qmailtoaster.com -- Eric Broch White Horse Technical Consulting (WHTC) - To unsubscribe, e-mail: qmailtoaster-list-unsubscr...@qmailtoaster.com For additional commands, e-mail: qmailtoaster-list-h...@qmailtoaster.com
RE: [qmailtoaster] dmarc implementation
Dan thanks for your detailed reply. i will be testing out the communications in between my multiple mailservers before i go into production. regds rajesh - Original Message - From: Dan McAllister - QMT DNS Admin [mailto:q...@it4soho.com] To: qmailtoaster-list@qmailtoaster.com Sent: Tue, 2 Jan 2018 16:54:39 -0500 Subject: A couple of things: 1) The QMail DKIM solution works well -- EXCEPT when connecting to other QMail DKIM enabled systems, at which point it tends to disallow messages. No one has found a fix for this, to the standard is to keep DKIM turned OFF. 2) DMARC is not a security implementation like SPF or DKIM, it is more of a reporting and admin tool, the former being the original intent. Your DMARC settings tell other servers that they should send reports about failed connects to an email address. That way, should you misconfigure your DKIM or SPF settings and someone starts blocking your messages, you don't have to wait for USERS to complain to know about it! Thus, DMARC is a purely DNS setting -- there is nothing to do in QMail to manage DMARC. If you follow the project lead and leave DKIM turned off, you simply indicate as such in your DMARC setting for your domain. Finally, to my knowledge, only the "Big Guns" have implemented the email-server side of DMARC (that is, the side that generates reports and sends them). Hotmail/MSN/Outlook.com, Gmail, and Yahoo being the ones I've received reports from. I hope this helps Dan -Original Message- From: Rajesh M [mailto:24x7ser...@24x7server.net] Sent: Tuesday, January 2, 2018 1:21 PM To: qmailtoaster-list@qmailtoaster.com Subject: Re: [qmailtoaster] dmarc implementation Eric 2 questions please Question 1) the default qmail install points the symlink for qmailqueue to qmail-dk which i have changed to qmail-queue -> qmail-queue.orig Do keep the same setting which is qmail-queue -> qmail-queue.orig Question 2) Could you please send me the corresponding settings required in the tcp.smtp file ? thanks, rajesh - Original Message - From: Eric Broch [mailto:ebr...@whitehorsetc.com] To: qmailtoaster-list@qmailtoaster.com Sent: Tue, 2 Jan 2018 08:51:07 -0700 Subject: Hi Rajesh, Thank you! I appreciate your sentiments and hope your New Year brings blessings of health and happiness as well. This is a better link: http://qmailtoaster.org/dkim.html which will show you how to implement per domain. Remember this is only signing messages going out. As of yet there is no dkim checking coming in, I'm looking into that. Eric On 1/2/2018 7:50 AM, Rajesh M wrote: > eric, > > Wish you a wonderful New Year, full of health and happiness. > > I wish to implement dmarc on my qmailtoaster servers > > i am using centos6 64 bit with the latest versions of qmailtoaster > > SPF is already being used on my server > > Concerning dkim, currently my qmail-queue is symlinked to > qmail-queue.orig and not pointing to qmail-dk > > qmail-queue -> qmail-queue.orig > > could you please guide me on the implementation of DMARC > > i am planning to implement this for all the domains in my server. > > I saw this link while searching for a solution. > > https://github.com/qmtoaster/dkim > > Should i follow these steps as per the above link or would you like recommend > some other document. > > thanks as always, > rajesh > > > > > > - > To unsubscribe, e-mail: qmailtoaster-list-unsubscr...@qmailtoaster.com > For additional commands, e-mail: > qmailtoaster-list-h...@qmailtoaster.com -- Eric Broch White Horse Technical Consulting (WHTC) - To unsubscribe, e-mail: qmailtoaster-list-unsubscr...@qmailtoaster.com For additional commands, e-mail: qmailtoaster-list-h...@qmailtoaster.com - To unsubscribe, e-mail: qmailtoaster-list-unsubscr...@qmailtoaster.com For additional commands, e-mail: qmailtoaster-list-h...@qmailtoaster.com
Re: [qmailtoaster] dmarc implementation
Rajesh, 1) Yes 2) tcp.smtp 127.:allow,RELAYCLIENT="",RBLSMTPD="",NOP0FCHECK="1" :allow,SPFBEHAVIOR="1",BADMIMETYPE="",BADLOADERTYPE="M",CHKUSER_RCPTLIMIT="200",CHKUSER_WRONGRCPTLIMIT="10",QMAILQUEUE="/var/qmail/bin/qmail-queue.orig",NOP0FCHECK="1",SENDER_NOCHECK="1" Eric On 1/2/2018 11:20 AM, Rajesh M wrote: Eric 2 questions please Question 1) the default qmail install points the symlink for qmailqueue to qmail-dk which i have changed to qmail-queue -> qmail-queue.orig Do keep the same setting which is qmail-queue -> qmail-queue.orig Question 2) Could you please send me the corresponding settings required in the tcp.smtp file ? thanks, rajesh - Original Message - From: Eric Broch [mailto:ebr...@whitehorsetc.com] To: qmailtoaster-list@qmailtoaster.com Sent: Tue, 2 Jan 2018 08:51:07 -0700 Subject: Hi Rajesh, Thank you! I appreciate your sentiments and hope your New Year brings blessings of health and happiness as well. This is a better link: http://qmailtoaster.org/dkim.html which will show you how to implement per domain. Remember this is only signing messages going out. As of yet there is no dkim checking coming in, I'm looking into that. Eric On 1/2/2018 7:50 AM, Rajesh M wrote: eric, Wish you a wonderful New Year, full of health and happiness. I wish to implement dmarc on my qmailtoaster servers i am using centos6 64 bit with the latest versions of qmailtoaster SPF is already being used on my server Concerning dkim, currently my qmail-queue is symlinked to qmail-queue.orig and not pointing to qmail-dk qmail-queue -> qmail-queue.orig could you please guide me on the implementation of DMARC i am planning to implement this for all the domains in my server. I saw this link while searching for a solution. https://github.com/qmtoaster/dkim Should i follow these steps as per the above link or would you like recommend some other document. thanks as always, rajesh - To unsubscribe, e-mail: qmailtoaster-list-unsubscr...@qmailtoaster.com For additional commands, e-mail: qmailtoaster-list-h...@qmailtoaster.com - To unsubscribe, e-mail: qmailtoaster-list-unsubscr...@qmailtoaster.com For additional commands, e-mail: qmailtoaster-list-h...@qmailtoaster.com -- Eric Broch White Horse Technical Consulting (WHTC)
RE: [qmailtoaster] dmarc implementation
A couple of things: 1) The QMail DKIM solution works well -- EXCEPT when connecting to other QMail DKIM enabled systems, at which point it tends to disallow messages. No one has found a fix for this, to the standard is to keep DKIM turned OFF. 2) DMARC is not a security implementation like SPF or DKIM, it is more of a reporting and admin tool, the former being the original intent. Your DMARC settings tell other servers that they should send reports about failed connects to an email address. That way, should you misconfigure your DKIM or SPF settings and someone starts blocking your messages, you don't have to wait for USERS to complain to know about it! Thus, DMARC is a purely DNS setting -- there is nothing to do in QMail to manage DMARC. If you follow the project lead and leave DKIM turned off, you simply indicate as such in your DMARC setting for your domain. Finally, to my knowledge, only the "Big Guns" have implemented the email-server side of DMARC (that is, the side that generates reports and sends them). Hotmail/MSN/Outlook.com, Gmail, and Yahoo being the ones I've received reports from. I hope this helps Dan -Original Message- From: Rajesh M [mailto:24x7ser...@24x7server.net] Sent: Tuesday, January 2, 2018 1:21 PM To: qmailtoaster-list@qmailtoaster.com Subject: Re: [qmailtoaster] dmarc implementation Eric 2 questions please Question 1) the default qmail install points the symlink for qmailqueue to qmail-dk which i have changed to qmail-queue -> qmail-queue.orig Do keep the same setting which is qmail-queue -> qmail-queue.orig Question 2) Could you please send me the corresponding settings required in the tcp.smtp file ? thanks, rajesh - Original Message - From: Eric Broch [mailto:ebr...@whitehorsetc.com] To: qmailtoaster-list@qmailtoaster.com Sent: Tue, 2 Jan 2018 08:51:07 -0700 Subject: Hi Rajesh, Thank you! I appreciate your sentiments and hope your New Year brings blessings of health and happiness as well. This is a better link: http://qmailtoaster.org/dkim.html which will show you how to implement per domain. Remember this is only signing messages going out. As of yet there is no dkim checking coming in, I'm looking into that. Eric On 1/2/2018 7:50 AM, Rajesh M wrote: > eric, > > Wish you a wonderful New Year, full of health and happiness. > > I wish to implement dmarc on my qmailtoaster servers > > i am using centos6 64 bit with the latest versions of qmailtoaster > > SPF is already being used on my server > > Concerning dkim, currently my qmail-queue is symlinked to > qmail-queue.orig and not pointing to qmail-dk > > qmail-queue -> qmail-queue.orig > > could you please guide me on the implementation of DMARC > > i am planning to implement this for all the domains in my server. > > I saw this link while searching for a solution. > > https://github.com/qmtoaster/dkim > > Should i follow these steps as per the above link or would you like recommend > some other document. > > thanks as always, > rajesh > > > > > > - > To unsubscribe, e-mail: qmailtoaster-list-unsubscr...@qmailtoaster.com > For additional commands, e-mail: > qmailtoaster-list-h...@qmailtoaster.com -- Eric Broch White Horse Technical Consulting (WHTC) - To unsubscribe, e-mail: qmailtoaster-list-unsubscr...@qmailtoaster.com For additional commands, e-mail: qmailtoaster-list-h...@qmailtoaster.com
Re: [qmailtoaster] dmarc implementation
Eric 2 questions please Question 1) the default qmail install points the symlink for qmailqueue to qmail-dk which i have changed to qmail-queue -> qmail-queue.orig Do keep the same setting which is qmail-queue -> qmail-queue.orig Question 2) Could you please send me the corresponding settings required in the tcp.smtp file ? thanks, rajesh - Original Message - From: Eric Broch [mailto:ebr...@whitehorsetc.com] To: qmailtoaster-list@qmailtoaster.com Sent: Tue, 2 Jan 2018 08:51:07 -0700 Subject: Hi Rajesh, Thank you! I appreciate your sentiments and hope your New Year brings blessings of health and happiness as well. This is a better link: http://qmailtoaster.org/dkim.html which will show you how to implement per domain. Remember this is only signing messages going out. As of yet there is no dkim checking coming in, I'm looking into that. Eric On 1/2/2018 7:50 AM, Rajesh M wrote: > eric, > > Wish you a wonderful New Year, full of health and happiness. > > I wish to implement dmarc on my qmailtoaster servers > > i am using centos6 64 bit with the latest versions of qmailtoaster > > SPF is already being used on my server > > Concerning dkim, currently my qmail-queue is symlinked to qmail-queue.orig > and not pointing to qmail-dk > > qmail-queue -> qmail-queue.orig > > could you please guide me on the implementation of DMARC > > i am planning to implement this for all the domains in my server. > > I saw this link while searching for a solution. > > https://github.com/qmtoaster/dkim > > Should i follow these steps as per the above link or would you like recommend > some other document. > > thanks as always, > rajesh > > > > > > - > To unsubscribe, e-mail: qmailtoaster-list-unsubscr...@qmailtoaster.com > For additional commands, e-mail: qmailtoaster-list-h...@qmailtoaster.com -- Eric Broch White Horse Technical Consulting (WHTC) - To unsubscribe, e-mail: qmailtoaster-list-unsubscr...@qmailtoaster.com For additional commands, e-mail: qmailtoaster-list-h...@qmailtoaster.com
Re: [qmailtoaster] dmarc implementation
Hi Rajesh, Thank you! I appreciate your sentiments and hope your New Year brings blessings of health and happiness as well. This is a better link: http://qmailtoaster.org/dkim.html which will show you how to implement per domain. Remember this is only signing messages going out. As of yet there is no dkim checking coming in, I'm looking into that. Eric On 1/2/2018 7:50 AM, Rajesh M wrote: eric, Wish you a wonderful New Year, full of health and happiness. I wish to implement dmarc on my qmailtoaster servers i am using centos6 64 bit with the latest versions of qmailtoaster SPF is already being used on my server Concerning dkim, currently my qmail-queue is symlinked to qmail-queue.orig and not pointing to qmail-dk qmail-queue -> qmail-queue.orig could you please guide me on the implementation of DMARC i am planning to implement this for all the domains in my server. I saw this link while searching for a solution. https://github.com/qmtoaster/dkim Should i follow these steps as per the above link or would you like recommend some other document. thanks as always, rajesh - To unsubscribe, e-mail: qmailtoaster-list-unsubscr...@qmailtoaster.com For additional commands, e-mail: qmailtoaster-list-h...@qmailtoaster.com -- Eric Broch White Horse Technical Consulting (WHTC)