1 Topic by lexx063

  • lexx063
  • Member
  • Offline
  • Registered: 2016-11-22
  • Posts: 6

Topic: DKIM, does not sign letters

==== REQUIRED BASIC INFO OF YOUR IREDMAIL SERVER ====
- iRedMail version (check /etc/iredmail-release): 1,6,7
- Deployed with iRedMail Easy or the downloadable installer?
- Linux/BSD distribution name and version: Ubuntu 22.04.3 LTS installer
- Store mail accounts in which backend (LDAP/MySQL/PGSQL): MySQL
- Web server (Apache or Nginx): Nginx
- Manage mail accounts with iRedAdmin-Pro? No
- [IMPORTANT] Related original log or error message is required if you're experiencing an issue.
====
Settings enabled. but no signature.

$enable_dkim_verification = 1;
$enable_dkim_signing = 1;
dkim_key('fguztlt.ru', 'dkim', '/var/lib/dkim/mydomen.pem');
@dkim_signature_options_bysender_maps = ({
    # 'd' defaults to a domain of an author/sender address,
    # 's' defaults to whatever selector is offered by a matching key
    # Per-domain dkim key
    #"domain.com"  => { d => "domain.com", a => 'rsa-sha256', ttl => 10*24*3600 },

    # catch-all (one dkim key for all domains)
    '.' => {d => 'mydomen',
            a => 'rsa-sha256',
            c => 'relaxed/simple',
            ttl => 30*24*3600 },
});

I registered everything in the DNS. There are no errors.

I have these settings

main.cf
    smtpd_sasl_auth_enable = yes
    smtpd_sasl_security_options = noanonymous
    #smtpd_tls_auth_only = yes

dovecot.conf
    ssl = yes
    disable_plaintext_auth = no

client setup
outgoing port 25
connection: normal
incoming 143
connection: normal

----

Spider Email Archiver: On-Premises, lightweight email archiving software developed by iRedMail team. Supports Amazon S3 compatible storage and custom branding.

2 Reply by ZhangHuangbin

  • ZhangHuangbin
  • ZhangHuangbin
  • iRedMail Developers
  • Offline
  • Registered: 2009-05-06
  • Posts: 31,082

Re: DKIM, does not sign letters

lexx063 wrote:

$enable_dkim_signing = 1;

iRedMail doesn't use this global parameter.
We set it in different policy banks instead:

$policy_bank{'MYNETS'} = {
    ...
    enable_dkim_signing => 1,
};

$policy_bank{'ORIGINATING'} = {
    ...
    enable_dkim_signing => 1,
};

$policy_bank{'MLMMJ'} = {
    ...
    enable_dkim_signing => 1,
}

3 Reply by lexx063

  • lexx063
  • Member
  • Offline
  • Registered: 2016-11-22
  • Posts: 6

Re: DKIM, does not sign letters

ZhangHuangbin wrote:
lexx063 wrote:

$enable_dkim_signing = 1;

iRedMail doesn't use this global parameter.
We set it in different policy banks instead:

$policy_bank{'MYNETS'} = {
    ...
    enable_dkim_signing => 1,
};

$policy_bank{'ORIGINATING'} = {
    ...
    enable_dkim_signing => 1,
};

$policy_bank{'MLMMJ'} = {
    ...
    enable_dkim_signing => 1,
}

yes, this is present, all data costs => 1

4 Reply by ZhangHuangbin

  • ZhangHuangbin
  • ZhangHuangbin
  • iRedMail Developers
  • Offline
  • Registered: 2009-05-06
  • Posts: 31,082

Re: DKIM, does not sign letters

I'm confused, if all settings are same, outbound emails should be signed. There must be something wrong in other part(s).

- Do you enable SMTP authentication to send email in your MUA?
- Please show us output of commands below:

postconf -M | grep '10026'

5 Reply by lexx063

  • lexx063
  • Member
  • Offline
  • Registered: 2016-11-22
  • Posts: 6

Re: DKIM, does not sign letters

:~$ postconf -M | grep '10026'
pickup     unix  n       -       n       60      1       pickup -o content_filter=smtp-amavis:[127.0.0.1]:10026
submission inet  n       -       n       -       -       smtpd -o syslog_name=postfix/submission -o smtpd_tls_security_level=encrypt -o smtpd_sasl_auth_enable=yes -o smtpd_client_restrictions=permit_sasl_authenticated,reject -o content_filter=smtp-amavis:[127.0.0.1]:10026
465        inet  n       -       n       -       -       smtpd -o syslog_name=postfix/smtps -o smtpd_tls_wrappermode=yes -o smtpd_sasl_auth_enable=yes -o smtpd_client_restrictions=permit_sasl_authenticated,reject -o content_filter=smtp-amavis:[127.0.0.1]:10026

Server type: Imap mail server

port 143

connection security: None
Authentication method: Password, transmitted insecurely

smtp server

port 25

connection security: None

Authentication method: Password, transmitted insecurely

Post's attachments

78.jpg
78.jpg 29.48 kb, file has never been downloaded. 

79.jpg
79.jpg 34.32 kb, file has never been downloaded. 

You don't have the permssions to download the attachments of this post.

6 Reply by lexx063

  • lexx063
  • Member
  • Offline
  • Registered: 2016-11-22
  • Posts: 6

Re: DKIM, does not sign letters

Thank you. Everything worked. Changed ports and configured authentication

7 Reply by Cthulhu

  • Cthulhu
  • Member
  • Offline
  • Registered: 2019-06-04
  • Posts: 907

Re: DKIM, does not sign letters

you need to use STARTTLS:

587 (Submission port for smtp with STARTTLS)
143 (Imap port with STARTTLS)

https://docs.iredmail.org/index.html

8 Reply by lexx063

  • lexx063
  • Member
  • Offline
  • Registered: 2016-11-22
  • Posts: 6

Re: DKIM, does not sign letters

587 (Submission port for smtp with STARTTLS)
143 (Imap port with STARTTLS)



Thank you