1 Topic by Akiba (edited by Akiba 2019-12-16 23:21:46)

  • Akiba
  • Member
  • Offline
  • Registered: 2016-12-14
  • Posts: 32

Topic: "SOLVED" Divided dkim from Cloudflare

==== REQUIRED BASIC INFO OF YOUR IREDMAIL SERVER ====
- iRedMail version (check /etc/iredmail-release): 1.0
- Deployed with iRedMail Easy or the downloadable installer? Installer
- Linux/BSD distribution name and version: Debian 10
- Store mail accounts in which backend (LDAP/MySQL/PGSQL): MySQL
- Web server (Apache or Nginx): Nginx
- Manage mail accounts with iRedAdmin-Pro? No
- [IMPORTANT] Related original log or error message is required if you're experiencing an issue.
====
I have created a 2048 bit key.
When I invoke amavisd-new showkeys, I get:

  "v=DKIM1; p="
  "MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAzrxVz5RqlA5VoR1uNaNN"
  "A8bIcePEy9LhXAVtnL5XlqQORz6zNJa7gA1HEDTORmUM34Vk447OAs5fmhlJEn1F"
  "zTI5bT852fZXLdkfBlCRgybZOvJOQifFNGxEPmpWgopT35b0ZakjaQEdf8THd8V9"
  "9vsPCqnGodpk1KDe4vBgDTNwC73miEyWV9/ClnUpQWIES0On6VSs/YT8LlSQehjS"
  "nlhgoaEBd9EeCYln7oNlZz14uiEmEKfa+Ot/uawdQFZlVfanAiNLucWEZEjLyv2G"
  "2/y/1kRKI2VtwUMjAp30wk2sSm8KmSZ7GMOhUV/O/EtL3uyDEUDqAPvX4FV6fi0k"
  "LwIDAQAB")

On nslookup I get:

Non-authoritative answer:
dkim._domainkey.myfirstdomain.com text = "v=DKIM1; p=MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAzrxVz5RqlA5VoR1uNaNNA8bIcePEy9LhXAVtnL5XlqQORz6zNJa7gA1HEDTORmUM34Vk447OAs5fmhlJEn1FzTI5bT852fZXLdkfBlCRgybZOvJOQifFNGxEPmpWgopT35b0ZakjaQEdf8THd8V99vsPCqnGodpk1KDe4vBgDTNwC73miEyWV9/ClnUpQWIES0On6VSs" "/YT8LlSQehjSnlhgoaEBd9EeCYln7oNlZz14uiEmEKfa+Ot/uawdQFZlVfanAiNLucWEZEjLyv2G2/y/1kRKI2VtwUMjAp30wk2sSm8KmSZ7GMOhUV/O/EtL3uyDEUDqAPvX4FV6fi0kLwIDAQAB"

As you can see Cloudflare will split TXT records into chunks of 255 characters.
On amavisd-new testkeys I get "invalid (public key: not available)"
Do you think the split is the reason for the key not being accepted by Amavis?
Can this be fixed, or do I have to use 1024 bit keys?

----

Spider Email Archiver: On-Premises, lightweight email archiving software developed by iRedMail team. Supports Amazon S3 compatible storage and custom branding.

2 Reply by Akiba

  • Akiba
  • Member
  • Offline
  • Registered: 2016-12-14
  • Posts: 32

Re: "SOLVED" Divided dkim from Cloudflare

I'm afraid the instructions we are given about DKIM are not up to date for Debian 10. I followed these instructions to create a 2048 bit key:

amavisd-new -c /etc/amavisd/amavisd.conf genrsa /var/lib/dkim/myfirstdomain.com.pem 2048

But then I discovered /etc/amavisd/amavisd.conf did not exist. The conf file to go in Buster seems to be /etc/amavis/conf.d/50-user. Should I therefore issue something like:

amavisd-new -c /etc/amavis/conf.d/50-user /var/lib/dkim/myfirstdomain.com.pem 2048

?
or should I create /etc/amavisd/amavisd.conf?
I gather amavisd-new -c is meant to do some configuration in an existing conf file, so I would lean towards the former.

3 Reply by Akiba

  • Akiba
  • Member
  • Offline
  • Registered: 2016-12-14
  • Posts: 32

Re: "SOLVED" Divided dkim from Cloudflare

It's not a valid problem after all. I had some other errors, which prevented Amavis from giving a pass. I had an incorrect selector in one of my dkim records and also I tried issuing amavisd-new testkeys without making changes to /etc/amavis/conf.d/50-user and restarting Amavis or without removing invalid keys from /var/lib/dkim in the first place.
I am not sure what is the point of /etc/amavis/conf.d/50-user in

amavisd-new -c /etc/amavis/conf.d/50-user /var/lib/dkim/myfirstdomain.com.pem

The 50-user file is not affected in any way, so the command could probably go without it.