DKIM in 5.2

Use this forum if you want to discuss a problem or ask a question related to a hMailServer beta release.
Post Reply
User avatar
Slug
Moderator
Moderator
Posts: 1369
Joined: 2005-03-13 05:42
Location: Sydney Australia
Contact:

DKIM in 5.2

Post by Slug » 2009-07-26 16:19

Ok I have set up DKIM on one of my domains (slugracing.com) to test and see how this is supposed to work. I have followed this thread and all seems to be well

http://www.hmailserver.com/forum/viewto ... =8&t=15732

If I send an email to check-auth@verifier.port25.com it comes back as passed.

So to my question, I have 5.2B354 installed on the receiving end with a spam score of 10 for DKIM checks I have also set the email deletion threshold to 10 as well. So If I am understanding this correctly a email that is sent through the mail server where slugracing.com resides should arrive at the other end with no problems (verified and passed). But a email sent through some other smtp server like for example my isp (unwired.com.au) should do what ? My guess is it should fail the DKIM check and then be deleted .. But this is not what is happening, the email is being delivered as per normal ...

This is from the mailserver where slugracing lives.

"DEBUG" 2780 "2009-07-27 00:04:47.235" "DKIM: Message passed validation."
"DEBUG" 2780 "2009-07-27 00:04:47.392" "Spam test: SpamTestDKIM, Score: 0"

This is from my isp smtp server

"DEBUG" 2780 "2009-07-27 00:06:15.876" "Spam test: SpamTestDKIM, Score: 0"

What am I missing ??
Missing Hmailserver ... Now running Debian servers

User avatar
martin
Developer
Developer
Posts: 6834
Joined: 2003-11-21 01:09
Location: Sweden
Contact:

Re: DKIM in 5.2

Post by martin » 2009-07-26 16:31

> should do what ?

Nothing, unless the message contains the DKIM-Signature header.

If a message doesn't contain the signature header, nothing will happen.

User avatar
Slug
Moderator
Moderator
Posts: 1369
Joined: 2005-03-13 05:42
Location: Sydney Australia
Contact:

Re: DKIM in 5.2

Post by Slug » 2009-07-26 16:33

So then, how does a message fail ? If it passes both with and without DKIM headers ?
Missing Hmailserver ... Now running Debian servers

User avatar
martin
Developer
Developer
Posts: 6834
Joined: 2003-11-21 01:09
Location: Sweden
Contact:

Re: DKIM in 5.2

Post by martin » 2009-07-26 16:33

If the message has a DKIM-signature header but the message content does not match it, then it will fail.

User avatar
Slug
Moderator
Moderator
Posts: 1369
Joined: 2005-03-13 05:42
Location: Sydney Australia
Contact:

Re: DKIM in 5.2

Post by Slug » 2009-07-26 16:37

So what you are telling me that DKIM is used ONLY to tell me if the email has been tampered with ? not to verify where it has come from...
Missing Hmailserver ... Now running Debian servers

User avatar
martin
Developer
Developer
Posts: 6834
Joined: 2003-11-21 01:09
Location: Sweden
Contact:

Re: DKIM in 5.2

Post by martin » 2009-07-26 16:38

Yes, that's the purpose of DKIM.

User avatar
Slug
Moderator
Moderator
Posts: 1369
Joined: 2005-03-13 05:42
Location: Sydney Australia
Contact:

Re: DKIM in 5.2

Post by Slug » 2009-07-26 16:39

I see, I feel kind of let down now ... :P
Missing Hmailserver ... Now running Debian servers

User avatar
martin
Developer
Developer
Posts: 6834
Joined: 2003-11-21 01:09
Location: Sweden
Contact:

Re: DKIM in 5.2

Post by martin » 2009-07-26 16:42

Because you voted for a feature without knowing what it was supposed to do? ;-)

User avatar
Slug
Moderator
Moderator
Posts: 1369
Joined: 2005-03-13 05:42
Location: Sydney Australia
Contact:

Re: DKIM in 5.2

Post by Slug » 2009-07-26 16:47

hehehe well you got me this time Martin .... That will teach me :roll:

I was hoping for something a little more exciting ..... Maybe next time .....

Off to the Feature request section to see what other useless things I can vote for ...

Many thanks
Michael
Missing Hmailserver ... Now running Debian servers

User avatar
martin
Developer
Developer
Posts: 6834
Joined: 2003-11-21 01:09
Location: Sweden
Contact:

Re: DKIM in 5.2

Post by martin » 2009-07-26 16:49

;-)

Actually, I didn't know you voted for it. But you did give it a "bump" so I assumed it.

To be fair, Domain Keys Identified Mail did have some additional features which were dropped in DKIM. Some of these would have been nice to have. They are planning on improving DKIM and adding them again though..

User avatar
Slug
Moderator
Moderator
Posts: 1369
Joined: 2005-03-13 05:42
Location: Sydney Australia
Contact:

Re: DKIM in 5.2

Post by Slug » 2009-07-26 16:54

Well without reading what it did I was assuming it was some kind of super duper SPF, used to fight spam, I must admit I would not have voted for this or even spent the time setting it up if I had of known what is was meant to do... :lol: :lol: :lol:

But its all in good fun ...
Missing Hmailserver ... Now running Debian servers

User avatar
Rainer
Normal user
Normal user
Posts: 166
Joined: 2007-06-21 13:40
Location: Zweibrücken - Germany

Re: DKIM in 5.2

Post by Rainer » 2009-08-12 10:31

Hello, in Version 5.1x my seven DKIM-Records where sent - all works fine.
After upgrade (version 5.2B354) there are no DKIM-Entries in the headers of the outgoing emails.

Whats wrong?

Kind regards :)
Rainer Noa

^DooM^
Site Admin
Posts: 13861
Joined: 2005-07-29 16:18
Location: UK

Re: DKIM in 5.2

Post by ^DooM^ » 2009-08-12 10:35

You are the second person to see this behaviour Rainer.

http://www.hmailserver.com/forum/viewto ... =6&t=15929
If at first you don't succeed, bomb disposal probably isn't for you! ヅ

User avatar
martin
Developer
Developer
Posts: 6834
Joined: 2003-11-21 01:09
Location: Sweden
Contact:

Re: DKIM in 5.2

Post by martin » 2009-08-12 18:01

Just to add, I just tried this myself and it worked fine here.

The automated test suite does send a bunch of DKIM-signed messages and confirms that the header has been added, and those tests have not reported any errors. So more debugging is needed (which will probably be done in the other thread).

User avatar
Rainer
Normal user
Normal user
Posts: 166
Joined: 2007-06-21 13:40
Location: Zweibrücken - Germany

Re: DKIM in 5.2

Post by Rainer » 2009-08-12 19:13

Hello, in the former messages there was a entry with the DIM-Signing. Now, there's nothing!

I tried to disable DKIM | Save | enable DKIM | Save and nothing happend.

Kind regards :)
Rainer Noa

User avatar
martin
Developer
Developer
Posts: 6834
Joined: 2003-11-21 01:09
Location: Sweden
Contact:

Re: DKIM in 5.2

Post by martin » 2009-08-13 23:17

Rainer,
How did you create your private key file?

User avatar
Rainer
Normal user
Normal user
Posts: 166
Joined: 2007-06-21 13:40
Location: Zweibrücken - Germany

Re: DKIM in 5.2

Post by Rainer » 2009-08-14 10:09

Hello Martin, the files was created by openssl and every thing worked fine.
I checked this with several tests.

Kind regards :)
Rainer Noa

User avatar
martin
Developer
Developer
Posts: 6834
Joined: 2003-11-21 01:09
Location: Sweden
Contact:

Re: DKIM in 5.2

Post by martin » 2009-08-14 17:46

You're really not giving me much info I can use to help you... As I wrote, I'm running it myself and it works fine here. Since you're not telling me anything about your set up, I can only guess what the problem may be.

Here's a guess: Maybe the windows service doesn't have read permissions to the private key file.

User avatar
Rainer
Normal user
Normal user
Posts: 166
Joined: 2007-06-21 13:40
Location: Zweibrücken - Germany

Re: DKIM in 5.2

Post by Rainer » 2009-08-14 18:03

Hello Martin, I have nothing changed to my key files.
With my previous version of HMS everything worked fine.

The permissions looked good, owner is the Administrator of the server running HMS.
Administrator and System have full permission.

Kind regards :)
Rainer Noa

User avatar
martin
Developer
Developer
Posts: 6834
Joined: 2003-11-21 01:09
Location: Sweden
Contact:

Re: DKIM in 5.2

Post by martin » 2009-08-14 18:08

I'm guess there's nothing we can do then...

User avatar
Rainer
Normal user
Normal user
Posts: 166
Joined: 2007-06-21 13:40
Location: Zweibrücken - Germany

Re: DKIM in 5.2

Post by Rainer » 2009-08-14 18:15

Hello Martin, now the permissions to my key-files full for everyone.
I will watch the traffic.

Kind regards :)
Rainer Noa

User avatar
Rainer
Normal user
Normal user
Posts: 166
Joined: 2007-06-21 13:40
Location: Zweibrücken - Germany

Re: DKIM in 5.2

Post by Rainer » 2009-08-14 19:06

Hello, I reseted all my DKIM-Settings and saved this.
Then all of my settings where created new - with the old keyfiles.

Everything worked fine; DKIM is in header - again :D

But emails from Yahoo with the following header is rejected by DKIM:

Return-Path: confirm-return-Noa=mydomain.de@returns.groups.yahoo.com
Delivered-To: Noa@mydomain.de
Received: from n44d.bullet.mail.sp1.yahoo.com ([66.163.169.158])
by mail.mydomain.de
; Fri, 14 Aug 2009 18:34:01 +0200
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=yahoogroups.com; s=lima; t=1250267424; bh=ZPpZw//Wc2UdSR0SuzbtgAPo8G2ScYnYEMv6Gg/3ddI=; h=Received:Received:Received:Date:Message-ID:X-Yahoo-Newman-Property:From:Reply-To:To:Subject:MIME-Version:Content-Type:Content-Transfer-Encoding; b=pGtdjwlEKpgbZUvueIJhVvFnh1T+LhIO1U/6Nt35WOKBa24MijMQaw9v55AZveipBOg3X3zNvePjTXRuA01tps6GBOKgXAKwpIfXZLu7p/XZq5fX+WZvS5fzfmPBEqCq
DomainKey-Signature: a=rsa-sha1; q=dns; c=nofws; s=lima; d=yahoogroups.com;
b=a2+dhIxuF+UjcC9fGlRQ31fgWy9JOJ3TIYcedLdgdbAK6A6rptdeuHL8GtF+oSxzA5Couk6CtXVSYdaC/ekehgkhvWqWv9UMD7TUHtOYf+Q62/FfwyxgXWT+keV7EjYN;
Received: from [69.147.65.173] by n44.bullet.mail.sp1.yahoo.com with NNFMP; 14 Aug 2009 16:30:24 -0000
Received: from [98.137.34.39] by t15.bullet.mail.sp1.yahoo.com with NNFMP; 14 Aug 2009 16:30:24 -0000
Received: (qmail 52518 invoked by uid 7800); 14 Aug 2009 16:30:24 -0000
Date: 14 Aug 2009 16:30:24 -0000
Message-ID: <1250267424.14.52517.m3@yahoogroups.com>
X-Yahoo-Newman-Property: groups-unconfirmed
From: Yahoo! Groups <confirm-s2-tepz5xlg3jcaep3jm5agniueztkweu4e-Noa=mydomain.de@yahoogroups.com>
Reply-To: confirm-s2-tepz5xlg3jcaep3jm5agniueztkweu4e-Noa=mydomain.de@yahoogroups.com
To: Noa@mydomain.de
Subject: Please confirm your request to join dkim-testers
MIME-Version: 1.0
Content-Type: text/plain
Content-Transfer-Encoding: 7bit

Any ideas?

Kind regards :D
Rainer Noa

User avatar
DFitch
Senior user
Senior user
Posts: 258
Joined: 2006-09-16 20:40

Re: DKIM in 5.2

Post by DFitch » 2009-08-14 19:33

If yahoogroups is some form of mailinglist then, In most cases, mailing list software makes enough changes to messages that the original DKIM signature won't validate any more.
hMailServer 5.3.3: External MySql
Win2k3 Server | eWall 4.0 Anti-Spam Anti-Virus SMTP Proxy {http://sssolutions.net/}
SpamAssassin 3.31 - ClamAV on backend Ubuntu Server 10.04(VMware)

Post Reply