DKIM Signing...

Use this forum if you have installed hMailServer and want to ask a question related to a production release of hMailServer. Before posting, please read the troubleshooting guide. A large part of all reported issues are already described in detail here.
Post Reply
rickpcb
New user
New user
Posts: 4
Joined: 2009-12-06 02:00

DKIM Signing...

Post by rickpcb » 2009-12-23 20:26

First off, I am completely new to this... so please be gentle... Second, yes - I have searched these forums for 3 days before posting...

Server - Win XP with Xampp
Hmail - 5.3-B1617
DNS - Zoneedit

I originally used the wizard at port25 to set up keys. They seemed to be ignored, as they return a neutral result.

SPF check: pass
DomainKeys check: neutral
DKIM check: neutral
Sender-ID check: pass
SpamAssassin check: ham

SPF check details:
----------------------------------------------------------
Result: pass
ID(s) verified: smtp.mail=35khomes@realtyprorealestatecenters.com
DNS record(s):
realtyprorealestatecenters.com. 43200 IN TXT "v=spf1 a mx ptr ip4:69.71.226.74
mx:realtyprorealestatecenters.com -all"
realtyprorealestatecenters.com. 300 IN A 69.71.226.74

DKIM check details:
----------------------------------------------------------
Result: neutral (message not signed)
ID(s) verified:


I then followed MP3Freak's guide. This produced a public key of:
{key1}._domainkey IN TXT "v=DKIM1\; k=rsa\; p=MIGfMA0G***************DAQAB"

Which returns this error when attempting to modify the txt record:
A validation error has occurred:
The subdomain '{key1}._domainkey' is not valid.
The changes have not been saved

also in Hmail - the path to the private key file... should this be in url format? should this file be .txt?

The port 25 wizard created additional records for dns - a selector record and a policy record... What is really needed?

The problem I believe is I just do not understand what goes where and in which format... which characters are allowed, etc...

User avatar
martin
Developer
Developer
Posts: 6834
Joined: 2003-11-21 01:09
Location: Sweden
Contact:

Re: DKIM Signing...

Post by martin » 2009-12-23 20:38

Code: Select all

{key1}._domainkey IN TXT "v=DKIM1\; k=rsa\; p=MIGfMA0G***************DAQAB"
Did it actually say {key1} or is this something you've replaced afterwards? A good name for a sub domain may be key1._domainkey. Having { or } in the selector may be a bad idea. Maybe this is why you're unable to specify it in your TXT record.

The port 25 wizard is probably confusing. It mixes up DomainKeys with DKIM which are two different things. I only have a selector record set up and that is all which is needed.

Click the ...-button next to the private key file textbox and you get to select the private key file. It shouldn't be an URL or anything else. Just select the file containing your private key.

rickpcb
New user
New user
Posts: 4
Joined: 2009-12-06 02:00

Re: DKIM Signing...

Post by rickpcb » 2009-12-23 20:53

Yes, it actually says {key1}... I did not change it.

rickpcb
New user
New user
Posts: 4
Joined: 2009-12-06 02:00

Re: DKIM Signing...

Post by rickpcb » 2009-12-23 21:06

Great pointers Martin! Thanks! I removed the braces from the key name and chose the .key file like you said - now I get :

DKIM check details:
----------------------------------------------------------
Result: pass (matches From: 35khomes@realtyprorealestatecenters.com)
ID(s) verified: header.d=realtyprorealestatecenters.com
Canonicalized Headers:
from:"REO'20'Properties"'20'<35khomes@realtyprorealestatecenters.com>'0D''0A'
reply-to:35khomes@realtyprorealestatecenters.com'0D''0A'
subject:More'20'dkim'20'testing'0D''0A'
date:Wed,'20'23'20'Dec'20'2009'20'13:00:12'20'-0600'0D''0A'
message-id:<91eadccb796893b279cee77ef573a056.squirrel@www.realtyprorealestatecenters.com>'0D''0A'
to:check-auth@verifier.port25.com'0D''0A'
mime-version:1.0'0D''0A'
content-type:text/plain;charset=iso-8859-1'0D''0A'
content-transfer-encoding:8bit'0D''0A'
dkim-signature:v=1;'20'a=rsa-sha256;'20'd=realtyprorealestatecenters.com;'20's=key1;'20'c=relaxed/relaxed;'20'q=dns/txt;'20'h=From:Reply-To:Subject:Date:Message-ID:To:MIME-Version:Content-Type:Content-Transfer-Encoding;'20'bh=GVyMPMVRh7ffXDM4EbI3PbmwYw1+hjOnljZhjJykZcA=;'20'b=

User avatar
martin
Developer
Developer
Posts: 6834
Joined: 2003-11-21 01:09
Location: Sweden
Contact:

Re: DKIM Signing...

Post by martin » 2009-12-23 21:13

Everything fine now then. :)

rickpcb
New user
New user
Posts: 4
Joined: 2009-12-06 02:00

Re: DKIM Signing...

Post by rickpcb » 2009-12-24 01:49

Yep - all good, just still not getting through to yahoo or hotmail... but the DKIM is signed now and passes :D

bbotzong
New user
New user
Posts: 10
Joined: 2010-01-10 18:53

Re: DKIM Signing...

Post by bbotzong » 2010-01-13 02:04

rickpcb wrote:First off, I am completely new to this... so please be gentle... Second, yes - I have searched these forums for 3 days before posting...
...
What did you use for your test? You mentioned a port 25 wizard? Where do I find that one and how can I run it?

Many thanks... another newb

User avatar
sheffters
Senior user
Senior user
Posts: 453
Joined: 2009-07-01 20:46
Contact:

Re: DKIM Signing...

Post by sheffters » 2010-01-13 18:50


Post Reply