1 Topic by WNGJay

  • WNGJay
  • Member
  • Offline
  • Registered: 2023-06-18
  • Posts: 8

Topic: I had iremail working, then well oooops

==== REQUIRED BASIC INFO OF YOUR IREDMAIL SERVER ====
- iRedMail version (check /etc/iredmail-release):
1.6.3
- Deployed with iRedMail Easy or the downloadable installer?
INSTALLER
- Linux/BSD distribution name and version:
Ubuntu 20.0.4
- Store mail accounts in which backend (LDAP/MySQL/PGSQL):
"unknown"
- Web server (Apache or Nginx):
Nginx
- Manage mail accounts with iRedAdmin-Pro?
Just says Iredmail Admin on the Web UI Backend
- [IMPORTANT] Related original log or error message is required if you're experiencing an issue.
====

Attached screenshot showing issue

Description

The iRedMail was installed and working successfully, but we noticed when we set up the SPF-DMARC-DKIM setup that is required for any non spam mail domain, that the DKIM was not changing. We did some digging and found out that the DKIM is signed in the message sent by iRedMail (in older setups we used the DKIM was housed on the DNS server) which is great because I would think it would make it more secure then a generic DKIM on the DNS server (which is not hosted at the same location as the iRedMail server btw)

I edited a file in the /etc/amavis/conf.d file called user-50.conf, i changed the following

1. I edited the area where the keys (pem files) are referenced by adding a secondary pem file, which i created in nano, then saved properly (i think)
2. I then edited the area @dkim_signature_options_bysender_maps to add the additional domain, i thought my syntax was ok, but when i tried to save the file and reload systemctl restart amavis-new, the service failed to start and said it was due to an error in the conf,

I went back and read it over and made sure everything was good, then the error came back as some line somewhere (line 540) that I never touched

I can load roundcube and iredmailadmin no issues, but emails say they send and do not arrive, i am certain something got mixed up, i could use some help

thanks so much

Post's attachments

iredmail-current.jpg
iredmail-current.jpg 93.51 kb, file has never been downloaded. 

You don't have the permssions to download the attachments of this post.

----

Spider Email Archiver: On-Premises, lightweight email archiving software developed by iRedMail team. Supports Amazon S3 compatible storage and custom branding.

2 Reply by Cthulhu

  • Cthulhu
  • Member
  • Offline
  • Registered: 2019-06-04
  • Posts: 907

Re: I had iremail working, then well oooops

you forgot to change @dkim_signature_options_bysender_maps, it still looks for mydomain.com which is not defined and thus crashes

3 Reply by WNGJay

  • WNGJay
  • Member
  • Offline
  • Registered: 2023-06-18
  • Posts: 8

Re: I had iremail working, then well oooops

Cthulhu wrote:

you forgot to change @dkim_signature_options_bysender_maps, it still looks for mydomain.com which is not defined and thus crashes

I thought I was following the instructions that were located at this site

LINK REMOVED I tried posting a link but this forum seems to be more interested in policing then helping users, so i put the link in a photo below, sorry about that!



Specifically this section (Attached below), Am I missing something?

Post's attachments

2023-06-18_7-20-01.jpg 171.68 kb, file has never been downloaded. 

2023-06-18_7-24-57.jpg
2023-06-18_7-24-57.jpg 5.24 kb, file has never been downloaded. 

You don't have the permssions to download the attachments of this post.

4 Reply by Cthulhu

  • Cthulhu
  • Member
  • Offline
  • Registered: 2019-06-04
  • Posts: 907

Re: I had iremail working, then well oooops

First of all, iRedMail is a FREE software solution, so if you have a problem caused by yourself because of misconfiguration, ppl need to volunteer in their free unpaid time to solve an issue.

this forum seems to be more interested in policing then helping users

Something like this won't increase your chances to get help at all.

The Board is FFA, so if you don't add policies to it, it will be abused and you have to use yur time to delete posts, ban users, moderate content etc etc

in older setups we used the DKIM was housed on the DNS server

this plain doesn't work, DKIM can ONLY be signed by the sending mail server, ever, there is no other possible solution

aswell, it doesn't matter at all at what locaion the DNS entrys are hosted, they just need to be public

maybe you misundertood what the docs say,
but if you add a domain key for whynotgus.com and use the catchall which references to mydomain.com, then it won't work

it is mentioned very clearly in this doc, so either you didn't read it correctly, or messed up something else

5 Reply by WNGJay

  • WNGJay
  • Member
  • Offline
  • Registered: 2023-06-18
  • Posts: 8

Re: I had iremail working, then well oooops

Cthulhu wrote:

First of all, iRedMail is a FREE software solution, so if you have a problem caused by yourself because of misconfiguration, ppl need to volunteer in their free unpaid time to solve an issue.

this forum seems to be more interested in policing then helping users

Something like this won't increase your chances to get help at all.

The Board is FFA, so if you don't add policies to it, it will be abused and you have to use yur time to delete posts, ban users, moderate content etc etc

in older setups we used the DKIM was housed on the DNS server

Look its frustrating, and in the old days that is the way it was for us, I am not saying it worked right or didnt, I also noticed that I can just uncomment the line that shuts the DKIM signing off on iRedMail and handle it at the DNS side, which for ME would be easier as I clearly did mess something up.

I realize help here is free and I am grateful to you and everyone for the resource, you did tell me I messed something up, and I follow what you want me to change, the issue I have here is I am not understanding what makes this a "Catchall" if a "hardcoded" domain is in the variable

I am not asking for hand holding, just a guide to understand, if there is a doc somewhere explaining this, please point me to that direction and I promise ill go over it all

If this is not resolved by tomorrow we will just switch off DKIM signing so we can get the darn thing to work again

did I break it? Yes
am I asking for someone to fix it? No
am I asking for help to be guided to learn and understand? Yes
Is that a guarantee? With linux help is NEVER guaranteed

Anyway that is where we are at

your saying "mydomain" needs to be replaced with "whynotgus.com" since it is the first domain that was installed on the server, but where do I set it for catchall for whynotgus.agency, whynotgus.net, whynotgus.info?

Thanks so much for all the help!
this plain doesn't work, DKIM can ONLY be signed by the sending mail server, ever, there is no other possible solution

as well, it doesn't matter at all at what location the DNS entrys are hosted, they just need to be public

maybe you misundertood what the docs say,
but if you add a domain key for whynotgus.com and use the catchall which references to mydomain.com, then it won't work

it is mentioned very clearly in this doc, so either you didn't read it correctly, or messed up something else

6 Reply by WNGJay

  • WNGJay
  • Member
  • Offline
  • Registered: 2023-06-18
  • Posts: 8

Re: I had iremail working, then well oooops

Look its frustrating, and in the old days that is the way it was for us, I am not saying it worked right or didnt, I also noticed that I can just uncomment the line that shuts the DKIM signing off on iRedMail and handle it at the DNS side, which for ME would be easier as I clearly did mess something up.

I realize help here is free and I am grateful to you and everyone for the resource, you did tell me I messed something up, and I follow what you want me to change, the issue I have here is I am not understanding what makes this a "Catchall" if a "hardcoded" domain is in the variable

I am not asking for hand holding, just a guide to understand, if there is a doc somewhere explaining this, please point me to that direction and I promise ill go over it all

If this is not resolved by tomorrow we will just switch off DKIM signing so we can get the darn thing to work again

did I break it? Yes
am I asking for someone to fix it? No
am I asking for help to be guided to learn and understand? Yes
Is that a guarantee? With linux help is NEVER guaranteed

Anyway that is where we are at

your saying "mydomain" needs to be replaced with "whynotgus.com" since it is the first domain that was installed on the server, but where do I set it for catchall for whynotgus.agency, whynotgus.net, whynotgus.info?

Thanks so much for all the help!