1 Topic by rafal.waliszewski (edited by rafal.waliszewski 2017-11-14 21:32:17)

  • rafal.waliszewski
  • Member
  • Offline
  • Registered: 2017-09-13
  • Posts: 6

Topic: DKIM signing works only from local Roundcube

======== Required information ====
- iRedMail version (check /etc/iredmail-release): 0.9.6 MARIADB edition.
- Linux/BSD distribution name and version: Centos 7
- Store mail accounts in which backend (LDAP/MySQL/PGSQL): MySQL
- Web server (Apache or Nginx): Apache
- Manage mail accounts with iRedAdmin-Pro? Yes
- [IMPORTANT] Related original log or error message is required if you're experiencing an issue.
====

Hello.
I've implemented DKIM signing for two domains on my iredmail according to this: https://docs.iredmail.org/sign.dkim.sig … omain.html
, but it seems to work only when e-mail is sent from local roundcube;

Nov 14 11:45:11 irm postfix/submission/smtpd[18537]: 69539318B44E: client=localhost[127.0.0.1], sasl_method=LOGIN, sasl_username=user@domain1.tk
Nov 14 11:45:11 irm postfix/qmgr[19443]: 69539318B44E: from=<user@domain1.tk>, size=456, nrcpt=1 (queue active)
Nov 14 11:45:11 irm roundcube: <ts4pv4g8> User user@domain1.tk [217.168.143.150]; Message for web-sy7zd@mail-tester.com; 250: 2.0.0 Ok: queued as 69539318B44E
Nov 14 11:45:11 irm postfix/qmgr[19443]: 924F9318B44F: from=<user@domain1.tk>, size=1417, nrcpt=1 (queue active)
Nov 14 11:45:11 irm amavis[25854]: (25854-13) Passed CLEAN {RelayedInternal}, MYNETS LOCAL [127.0.0.1]:45370 <user@domain1.tk> -> <web-sy7zd@mail-tester.com>, Queue-ID: 69539318B44E, Message-ID: <f30a121c00b4d5d6fa1b240f3433ea2f@domain1.tk>, mail_id: sNP3AkHdV_f3, Hits: -, size: 456, queued_as: 924F9318B44F, dkim_new=dkim:domain1.tk, 132 ms
Nov 14 14:15:30 irm postfix/submission/smtpd[6033]: 98432318B45A: client=150.143.168.217-rev.hti.pl[217.168.143.150], sasl_method=PLAIN, sasl_username=user@domain1.tk
Nov 14 14:15:30 irm postfix/qmgr[19443]: 98432318B45A: from=<user@domain1.tk>, size=2226, nrcpt=1 (queue active)
Nov 14 14:15:30 irm postfix/qmgr[19443]: BC11C318B460: from=<user@domain1.tk>, size=2613, nrcpt=1 (queue active)
Nov 14 14:15:30 irm amavis[5056]: (05056-09) Passed CLEAN {RelayedInbound}, [217.168.143.150]:44582 [217.168.143.150] <user@domain1.tk> -> <web-fwm4k@mail-tester.com>, Queue-ID: 98432318B45A, Message-ID: <a34e3ddb-12d6-5318-4f46-5df89bf21735@domain1.tk>, mail_id: aOv2DeWm1t79, Hits: -, size: 2226, queued_as: BC11C318B460, 148 ms
Nov 14 14:16:56 irm postfix/submission/smtpd[16850]: A2086318B458: client=150.143.168.217-rev.hti.pl[217.168.143.150], sasl_method=PLAIN, sasl_username=user@domain1.tk
Nov 14 14:16:56 irm postfix/qmgr[19443]: A2086318B458: from=<user@domain1.tk>, size=667, nrcpt=1 (queue active)
Nov 14 14:16:56 irm postfix/qmgr[19443]: BC657318B45A: from=<user@domain1.tk>, size=1054, nrcpt=1 (queue active)
Nov 14 14:16:56 irm amavis[4994]: (04994-19) Passed CLEAN {RelayedInbound}, [217.168.143.150]:44636 [217.168.143.150] <user@domain1.tk> -> <web-z1upi@mail-tester.com>, Queue-ID: A2086318B458, Message-ID: <c16de0ab-48a2-9878-3148-01a14e58028f@domain1.tk>, mail_id: W6tTiZKscdAq, Hits: -, size: 667, queued_as: BC657318B45A, 113 ms

Do you have an idea, why?

----

Spider Email Archiver: On-Premises, lightweight email archiving software developed by iRedMail team. Supports Amazon S3 compatible storage and custom branding.

2 Reply by ZhangHuangbin

  • ZhangHuangbin
  • ZhangHuangbin
  • iRedMail Developers
  • Offline
  • Registered: 2009-05-06
  • Posts: 30,770

Re: DKIM signing works only from local Roundcube

Do you have "enable_dkim_signing" setting INSIDE "$policy_bank{'ORIGINATING'} = {}" block like below in Amavisd config file?

$policy_bank{'ORIGINATING'} = {
    ...
    enable_dkim_signing => 1,
    ...
};

3 Reply by rafal.waliszewski

  • rafal.waliszewski
  • Member
  • Offline
  • Registered: 2017-09-13
  • Posts: 6

Re: DKIM signing works only from local Roundcube

from my config file:

$policy_bank{'ORIGINATING'} = {  # mail supposedly originating from our users
  originating => 1,  # declare that mail was submitted by our smtp client
  allow_disclaimers => 1,  # enables disclaimer insertion if available
  # notify administrator of locally originating malware
  virus_admin_maps => ["virusalert\@$mydomain"],
  spam_admin_maps  => ["virusalert\@$mydomain"],
  warnbadhsender   => 1,
    enable_dkim_signing => 1,
  # forward to a smtpd service providing DKIM signing service
#  forward_method => 'smtp:[127.0.0.1]:10027',
  # force MTA conversion to 7-bit (e.g. before DKIM signing)
  smtpd_discard_ehlo_keywords => ['8BITMIME'],
#  bypass_banned_checks_maps => [1],  # allow sending any file names and types
  terminate_dsn_on_notify_success => 0,  # don't remove NOTIFY=SUCCESS option
};

Still works only from local roundcube, doesn't from clients MUA.
I've tried also to uncomment the line

#  forward_method => 'smtp:[127.0.0.1]:10027',

, makes no difference.

4 Reply by ZhangHuangbin

  • ZhangHuangbin
  • ZhangHuangbin
  • iRedMail Developers
  • Offline
  • Registered: 2009-05-06
  • Posts: 30,770

Re: DKIM signing works only from local Roundcube

Try to compare your Amavisd config file with the one shipped by iRedMail:
https://bitbucket.org/zhb/iredmail/src/ … avisd.conf