1 Topic by wrdamron

  • wrdamron
  • Member
  • Offline
  • Registered: 2024-08-19
  • Posts: 15

Topic: dkim key - amavisd.conf

==== REQUIRED BASIC INFO OF YOUR IREDMAIL SERVER ====
- iRedMail version (check /etc/iredmail-release):
- Deployed with iRedMail Easy or the downloadable installer?
- Linux/BSD distribution name and version:
- Store mail accounts in which backend (LDAP/MySQL/PGSQL):
- Web server (Apache or Nginx):
- Manage mail accounts with iRedAdmin-Pro?
- [IMPORTANT] Related original log or error message is required if you're experiencing an issue.
====

So after spending several hours trying to setup two domains on the server and trying to configure the dkim in DNS, all instructions point to a amavisd.conf file.  However, I only have this fine in "iRedmail-1.7.1/samples.  So at this point I am at a loss as to allowing both domains to use this one key which is located in /var/lib/dkim. So, my question is do I edit the amavisd.conf in samples or is it to be moved to another directory and do I rename or copy the existing .pem file or leave it as is?

----

Spider Email Archiver: On-Premises, lightweight email archiving software developed by iRedMail team. Supports Amazon S3 compatible storage and custom branding.

2 Reply by jackb

  • jackb
  • Member
  • Offline
  • From: Ireland
  • Registered: 2019-05-06
  • Posts: 117

Re: dkim key - amavisd.conf

wrdamron wrote:

==== REQUIRED BASIC INFO OF YOUR IREDMAIL SERVER ====
- iRedMail version (check /etc/iredmail-release):
- Deployed with iRedMail Easy or the downloadable installer?
- Linux/BSD distribution name and version:
- Store mail accounts in which backend (LDAP/MySQL/PGSQL):
- Web server (Apache or Nginx):
- Manage mail accounts with iRedAdmin-Pro?
- [IMPORTANT] Related original log or error message is required if you're experiencing an issue.
====

So after spending several hours trying to setup two domains on the server and trying to configure the dkim in DNS, all instructions point to a amavisd.conf file.  However, I only have this fine in "iRedmail-1.7.1/samples.  So at this point I am at a loss as to allowing both domains to use this one key which is located in /var/lib/dkim. So, my question is do I edit the amavisd.conf in samples or is it to be moved to another directory and do I rename or copy the existing .pem file or leave it as is?

It's been awhile,

Try

sudo amavisd-new showkeys

Once you generated the Key you need to add it as a TXT Record.

Name dkim_domainkey
Value v=DKIM1; p= Key_from_amavis_output

For multiple domains,
sudo nano /etc/amavis/conf.d/50-user

Find the line with domain0 of course your domain,
dkim_key('domain0.com', 'dkim', '/var/lib/dkim/domain0.com.pem');

Add the second Domain
dkim_key('domain1.com', 'dkim', '/var/lib/dkim/domain1.com.pem');

In the dkim_signature_options_bysender_maps section,
add the following
"domain1.com" => { d => "domain1.com", a => 'rsa-sha256', ttl => 10*24*3600 },

Then generate the key
sudo amavisd-new genrsa /var/lib/dkim/domain1.com.pem 2048

Restart Amavis
sudo systemctl restart amavis

Make sure to set the permissions to amavis:amavis
sudo chown amavis:amavis /var/lib/dkim/ -R

Then show the keys for the domains add the key to DNS
sudo amavisd-new showkeys

Regards

3 Reply by wrdamron

  • wrdamron
  • Member
  • Offline
  • Registered: 2024-08-19
  • Posts: 15

Re: dkim key - amavisd.conf

Yeah, I had tried the amavisd-new showkeys command already, but I did it again just to be sure and I still get command not found error.

This is what has been so frustrating about this process.  None of the commands are found for amavisd work I've tried the ones for Ubuntu and others and nothing works.  I'm assuming that amavisd-new or some variant is the one that was generated when installing iRedMail, but I'm not really sure.

4 Reply by jackb

  • jackb
  • Member
  • Offline
  • From: Ireland
  • Registered: 2019-05-06
  • Posts: 117

Re: dkim key - amavisd.conf

Post the output,
cd /etc/amavis/
ls -la

Regards

5 Reply by ZhangHuangbin

  • ZhangHuangbin
  • ZhangHuangbin
  • iRedMail Developers
  • Offline
  • Registered: 2009-05-06
  • Posts: 31,082

Re: dkim key - amavisd.conf

FYI https://docs.iredmail.org/file.locations.html

6 Reply by ZhangHuangbin

  • ZhangHuangbin
  • ZhangHuangbin
  • iRedMail Developers
  • Offline
  • Registered: 2009-05-06
  • Posts: 31,082

Re: dkim key - amavisd.conf

Some linux distros use "amavisd" as the command, but some uses "amavisd-new".

7 Reply by wrdamron

  • wrdamron
  • Member
  • Offline
  • Registered: 2024-08-19
  • Posts: 15

Re: dkim key - amavisd.conf

I'm using Debin 12:

root@mailhost:/etc/amavis# ls -la
total 28
drwxr-xr-x   4 root root  4096 Aug 17 13:01 .
drwxr-xr-x 150 root root 12288 Aug 18 19:54 ..
drwxr-xr-x   2 root root  4096 Aug 17 13:07 conf.d
drwxr-xr-x   2 root root  4096 Aug 17 13:01 en_US
-rw-r--r--   1 root root   978 Feb 29 14:56 README.l10n

8 Reply by wrdamron

  • wrdamron
  • Member
  • Offline
  • Registered: 2024-08-19
  • Posts: 15

Re: dkim key - amavisd.conf

Actually, can I use the current dkim key that iRedMail generated for my domain and use it for all other domains?  If so what would I need to do?

Thanks

9 Reply by ZhangHuangbin

  • ZhangHuangbin
  • ZhangHuangbin
  • iRedMail Developers
  • Offline
  • Registered: 2009-05-06
  • Posts: 31,082

Re: dkim key - amavisd.conf

wrdamron wrote:

Actually, can I use the current dkim key that iRedMail generated for my domain and use it for all other domains?  If so what would I need to do?

FYI https://docs.iredmail.org/sign.dkim.sig … omain.html

10 Reply by wrdamron

  • wrdamron
  • Member
  • Offline
  • Registered: 2024-08-19
  • Posts: 15

Re: dkim key - amavisd.conf

Well the link kind of doesn't help, because there is no amavisd.conf file anywhere to be found.  I'm really at a loss here.  I put my dkim record in my dns with the key that was generated after install, yet when I run a test on dkim for that domain it fails.

I'm really at a loss on this issue.

11 Reply by wrdamron

  • wrdamron
  • Member
  • Offline
  • Registered: 2024-08-19
  • Posts: 15

Re: dkim key - amavisd.conf

Sorry the only location that I found for the amavisd.conf file was mentioned in my original post which was not answered in its entirety. 

Question: amavisd.conf is in iRedmail-1.7.1/samples.  Do I edit the amavisd.conf in samples or is it to be moved to another directory?

12 Reply by jackb (edited by jackb 2024-08-21 09:56:11)

  • jackb
  • Member
  • Offline
  • From: Ireland
  • Registered: 2019-05-06
  • Posts: 117

Re: dkim key - amavisd.conf

wrdamron wrote:

Sorry the only location that I found for the amavisd.conf file was mentioned in my original post which was not answered in its entirety. 

Question: amavisd.conf is in iRedmail-1.7.1/samples.  Do I edit the amavisd.conf in samples or is it to be moved to another directory?

No leave the sample.conf alone. When you do sudo amavisd-new showkeys do you get a output ?

You only need to edit 50-user

 sudo nano /etc/amavis/conf.d/50-user
 
 Find the following line,
 
 dkim_key('domain0.com', 'dkim', '/var/lib/dkim/domain0.com.pem');
 
 Add another line with,
 
 dkim_key('domain1.com', 'dkim', '/var/lib/dkim/domain1.com.pem');
 
 look for the line dkim_signature_options_bysender_maps then add,
  
 "domain2.com" => { d => "domain2.com", a => 'rsa-sha256', ttl => 10*24*3600 },

 Once done run the following,
 
 sudo amavisd-new genrsa /var/lib/dkim/domain1.com.pem 2048

 Change Permissions,
 
 sudo chown amavis:amavis /var/lib/dkim/ -R

 Restart Amavis,
 
 sudo systemctl restart amavis

 Then run the following,
  
 sudo amavisd-new showkeys

Once you got the new keys, add a TXT Record to your Name Servers.

Regards

13 Reply by wrdamron

  • wrdamron
  • Member
  • Offline
  • Registered: 2024-08-19
  • Posts: 15

Re: dkim key - amavisd.conf

I do not have amavisd-new.  it says command not found

14 Reply by jackb

  • jackb
  • Member
  • Offline
  • From: Ireland
  • Registered: 2019-05-06
  • Posts: 117

Re: dkim key - amavisd.conf

wrdamron wrote:

I do not have amavisd-new.  it says command not found

Are you sure you are using iRedMail? I would suggest starting from scratch and install https://www.iredmail.org/download.html

On all installations of iRedMail amavis-new has been installed.

Regards

15 Reply by wrdamron (edited by wrdamron 2024-08-22 01:29:21)

  • wrdamron
  • Member
  • Offline
  • Registered: 2024-08-19
  • Posts: 15

Re: dkim key - amavisd.conf

Really?!  First I tried iRedMail on raspberry pi 5, but it had limitations.  Then I changed to Debian 12, on i5, and followed iRedMail-1.7.1 instructions from iRedMail website.  amavis seems to have most everything except the command itself.  How can I install it or add it without going through reinstallation of iRedMail.
???

16 Reply by jackb

  • jackb
  • Member
  • Offline
  • From: Ireland
  • Registered: 2019-05-06
  • Posts: 117

Re: dkim key - amavisd.conf

wrdamron wrote:

Really?!  First I tried iRedMail on raspberry pi 5, but it had limitations.  Then I changed to Debian 12, on i5, and followed iRedMail-1.7.1 instructions from iRedMail website.  amavis seems to have most everything except the command itself.  How can I install it or add it without going through reinstallation of iRedMail.
???

Yep, fresh install on a Ubuntu 24.04 Staging Environment,

root@mx.stage04:/etc/amavis# ls -la
total 28
drwxr-xr-x   4 root root  4096 Aug 17 20:05 .
drwxr-xr-x 127 root root 12288 Aug 17 20:32 ..
drwxr-xr-x   2 root root  4096 Aug 17 20:06 conf.d
drwxr-xr-x   2 root root  4096 Aug 17 20:05 en_US
-rw-r--r--   1 root root   978 Jul 17  2023 README.l10n
root@mx.stage04:/etc/amavis# cd conf.d
root@mx.stage04:/etc/amavis/conf.d# ls -la
total 112
drwxr-xr-x 2 root root  4096 Aug 17 20:06 .
drwxr-xr-x 4 root root  4096 Aug 17 20:05 ..
-rw-r--r-- 1 root root  1610 Jul 17  2023 01-debian
-rw-r--r-- 1 root root   692 Jul 17  2023 05-domain_id
-rw-r--r-- 1 root root   429 Jul 17  2023 05-node_id
-rw-r--r-- 1 root root 20791 Jul 17  2023 15-av_scanners
-rw-r--r-- 1 root root   717 Jul 17  2023 15-content_filter_mode
-rw-r--r-- 1 root root  9511 Jul 17  2023 20-debian_defaults
-rw-r--r-- 1 root root   649 Jul 17  2023 21-ubuntu_defaults
-rw-r--r-- 1 root root   573 Jul 17  2023 25-amavis_helpers
-rw-r--r-- 1 root root  2130 Jul 17  2023 30-template_localization
-rw-r--r-- 1 root root  1567 Jul 17  2023 40-policy_banks
-rw-r--r-- 1 root root 29144 Aug 17 20:06 50-user
-rw-r--r-- 1 root root   318 Aug 17 20:06 50-user.2024.08.17.20.01.12

You can see the fresh install here on stag04 has Amavis & it's configs present, latest 1.7.1 as of this post.

Regards

17 Reply by wrdamron

  • wrdamron
  • Member
  • Offline
  • Registered: 2024-08-19
  • Posts: 15

Re: dkim key - amavisd.conf

How can I install it or add it without going through reinstallation of iRedMail.

18 Reply by wrdamron

  • wrdamron
  • Member
  • Offline
  • Registered: 2024-08-19
  • Posts: 15

Re: dkim key - amavisd.conf

It looks as though amavisd is the program.  I found this in /usr/sbin and ran it with -h to see if it would answer.  I also did a systemctl status amavis, this is where i found that it was amavisd that was running it.  So I assume I can just use the amavisd instead of amavisd-new.  Are the commands the same as above for using the same dkim?

19 Reply by ZhangHuangbin

  • ZhangHuangbin
  • ZhangHuangbin
  • iRedMail Developers
  • Offline
  • Registered: 2009-05-06
  • Posts: 31,082

Re: dkim key - amavisd.conf

wrdamron wrote:

Well the link kind of doesn't help, because there is no amavisd.conf file anywhere to be found.

So you just searched text "amavisd.conf" on that page and closed it?

Again:

- Some linux distros use "amavisd" as the command, but some uses "amavisd-new".
- https://docs.iredmail.org/file.locations.html
- https://docs.iredmail.org/sign.dkim.sig … omain.html