HOWTO: Generating DKIM Data for HMS

This section contains user-submitted tutorials.
Post Reply
MP3Freak
Normal user
Normal user
Posts: 221
Joined: 2007-06-13 22:19

HOWTO: Generating DKIM Data for HMS

Post by MP3Freak » 2009-04-25 17:29

I extended the popular package I already published for creation of the SSL stuff for HMS, in order to also create the data needed for using HMS' DKIM feature.

INSTRUCTIONS:
1. First download the package that's already specified here:
http://www.hmailserver.com/forum/viewto ... 12&t=13953

2. If you did not do before, install the VC2008 library and the OpenSSL package contained in that ZIP.

3. Copy the *.bat and the GenDKIMtxt.exe files (also in the ZIP) to the OpenSSL\bin directory.

4. Open a CMD-Box and change there to the OpenSSL\bin directory

5. Issue the following command at the command line:

Code: Select all

GenDKIM {selector name} {domain name}
Whereas:
{selector name} is an identification of the key to be used by HMS to encrypt the DKIM key, and to be used by the receiver to fetch the corresponding public key from your DNS server.
{domain name} is the mail domain, for which you want to generate the DKIM data.

6. Once the command execution completed, a Notepad window should appear, with a complete DNS entry that must be added to your BIND DNS server. If you use another DNS server, those data can be filled into it depending on the respective requirements.

The process generated the following files in the OpenSSL\bin directory:

dkim.{domain name}.{selector name}.key - this is the one you'll have to specify when you configure a HMS mail domain for DKIM signing. You may copy/move that files elsewhere prior to specifiying it in HMS of course.

dkim.{domain name}.{selector name}.public - this is the public key as generated by OpenSSL. No actual usage here.

dkim.{domain name}.{selector name}.public.txt - this contains the generated DNS zone file entry in BIND format to be added to your DNS server.

Note that the selector name you specify should only have alpha-numeric characters, and must match the one you specify in the "Selector:" field in the DKIM domain configuration settings in HMS!
Last edited by MP3Freak on 2009-04-26 17:44, edited 1 time in total.

MP3Freak
Normal user
Normal user
Posts: 221
Joined: 2007-06-13 22:19

Re: HOWTO: Generating DKIM Data for HMS

Post by MP3Freak » 2009-04-26 16:52

I was just made aware, that I forgot to add the GenDKIMtxt.exe file into the ZIP. I apologize for the mistake. If your ZIP is missing that file, please re-download the package:

ftp://ftp.handymail.ch/pub/hmailserver/ ... 0_9_8j.zip

Sorry for that! ;-)

User avatar
PeterK2003
Normal user
Normal user
Posts: 125
Joined: 2005-07-20 17:08
Location: Catawissa, PA

Re: HOWTO: Generating DKIM Data for HMS

Post by PeterK2003 » 2009-06-01 20:41

What is a good way to test this?

MP3Freak
Normal user
Normal user
Posts: 221
Joined: 2007-06-13 22:19

Re: HOWTO: Generating DKIM Data for HMS

Post by MP3Freak » 2009-06-01 21:18

Send an empty email from the DKIM-signed account to:

check-auth@verifier.port25.com

User avatar
PeterK2003
Normal user
Normal user
Posts: 125
Joined: 2005-07-20 17:08
Location: Catawissa, PA

Re: HOWTO: Generating DKIM Data for HMS

Post by PeterK2003 » 2009-06-02 00:30

ok i relay all of my outgoing mail though my ISP b/c a lot of other mail servers don't like that i have a dynamic IP address(not an ideal situation--i know). The test failed when I sent the mail though the relay but passed when i turned the relay off. Is this expected? As i understand DKIM it checks the headers to make sure that they are not tampered with and sending it though the relay would change them a bit. Is that the problem?

Thanks,

MP3Freak
Normal user
Normal user
Posts: 221
Joined: 2007-06-13 22:19

Re: HOWTO: Generating DKIM Data for HMS

Post by MP3Freak » 2009-06-02 10:34

Then it looks like your relay modifies something within the fields that are part of the signature...

User avatar
PeterK2003
Normal user
Normal user
Posts: 125
Joined: 2005-07-20 17:08
Location: Catawissa, PA

Re: HOWTO: Generating DKIM Data for HMS

Post by PeterK2003 » 2009-06-02 14:45

Which headers are included in the check?


The only thing that i see changed is

Content-Type->Content-type
and
MIME-Version->MIME-version

MP3Freak
Normal user
Normal user
Posts: 221
Joined: 2007-06-13 22:19

Re: HOWTO: Generating DKIM Data for HMS

Post by MP3Freak » 2009-06-02 14:54

Content-Type->Content-type
and
MIME-Version->MIME-version
AFAIK they are INFACT included in the signature!

MP3Freak
Normal user
Normal user
Posts: 221
Joined: 2007-06-13 22:19

Re: HOWTO: Generating DKIM Data for HMS

Post by MP3Freak » 2009-06-02 14:57

In the port25.com-Report you should be able to see, what fields are actually included in the signature!

User avatar
PeterK2003
Normal user
Normal user
Posts: 125
Joined: 2005-07-20 17:08
Location: Catawissa, PA

Re: HOWTO: Generating DKIM Data for HMS

Post by PeterK2003 » 2009-06-02 15:34

oh yes they do---I found the problem(i think) Verizon in there infinite wisdom deleted a blank line in the message.

sanddy19
New user
New user
Posts: 2
Joined: 2009-07-03 13:21

Re: HOWTO: Generating DKIM Data for HMS

Post by sanddy19 » 2009-07-03 13:28

Hi,

Firstly thanks for creating a simple package for download. I downloaded the package, generated the key for my domain flockex.com with the selector "mail". Set the entry in DNS and enabled the same in hmailserver. On sending the test email to Port25 id you provided above I got the following fail response. But I have no clue what key is missing. Can you help out?

DKIM check details:
----------------------------------------------------------
Result: permerror (no usable key records)
ID(s) verified:
Canonicalized Headers:
from:<admin@flockex.com>'0D''0A'
subject:\'0D''0A'
date:Fri,'20'03'20'Jul'20'2009'20'04:15:09'20'-0700'0D''0A'
message-id:<ab1a1765c4800e70c6fb747aa475a416@mail.flockex.com>'0D''0A'
to:<check-auth@verifier.port25.com>'0D''0A'
mime-version:1.0'0D''0A'
content-type:text/plain;'20'charset="UTF-8"'0D''0A'
content-transfer-encoding:8bit'0D''0A'
dkim-signature:v=1;'20'a=rsa-sha256;'20'd=flockex.com;'20's=mail;'20'c=relaxed/relaxed;'20'q=dns/txt;'20'h=From:Subject:Date:Message-ID:To:MIME-Version:Content-Type:Content-Transfer-Encoding;'20'bh=frcCV1k9oG9oKj3dpUqdJg1PxRT2RSN/XKdLCPjaYaY=;'20'b=

Canonicalized Body:
'0D''0A'


DNS record(s):
mail._domainkey.flockex.com. 3600 IN TXT "v=DKIM1\; k=rsa\; p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQC15+zOEZSNgQ8ErvhC4XtnVCmgx+RpAec7De3twIdBKFyAQToiJnF5bAiG8rAjibylnG7+WBZ0bDCkgJEB4wSunql/hQDZfxzRi6v+6wYwf/6ae1rZg7YnmxvvzxJilIvsYJjJ1moT09QFwwesExej0nXZWOpr4HZZIO/moMxgrwIDAQAB"



Thanks.

MP3Freak
Normal user
Normal user
Posts: 221
Joined: 2007-06-13 22:19

Re: HOWTO: Generating DKIM Data for HMS

Post by MP3Freak » 2009-07-03 13:35

What DNS server do you have?

sanddy19
New user
New user
Posts: 2
Joined: 2009-07-03 13:21

Re: HOWTO: Generating DKIM Data for HMS

Post by sanddy19 » 2009-07-04 10:52

My domain is purchased at enom.com and I use their DNS hosting service. It allows me to Add/Edit DNS entries and I have added a txt DNS entry with the key. Do you see something missing there? Since from the Port25 report it seems to have got some key from the DNS record but I am not sure if the format is correct.

Thanks for your quick response

cybexin
New user
New user
Posts: 20
Joined: 2009-08-07 07:29

Re: HOWTO: Generating DKIM Data for HMS

Post by cybexin » 2009-08-07 11:55

hi,

Even im facing problem with DKIM setup.
Followed http://www.hmailserver.com/forum/viewto ... 12&t=14839 to set DkIM on Hmailserver 5.2- B356

Have the private domain.key file , selected the option of using DKIM key in hmailserver . DNS entry made exactly the way its mentioned by the text file created by GenDKIM tool.

When i send a test mail to check-auth@verifier.port25.com , it replies with the result pasted below.

Authentication-Results: verifier.port25.com; dkim=permerror (invalid key: invalid character ('"', 0x22) in base64 data);

dkim-signature: v=1; a=rsa-sha256; d=domain.net; s=domain;
c=relaxed/relaxed; q=dns/txt; h=From:Subject:Date:Message-ID:To:MIME-Version:Content-Type:Content-Transfer-Encoding;
bh=+qlNhYuQiot52MMJ53YSV0rt4q35P6JeHyKLUgbd7Ek=;
b=K/lgUvFH/Nxj0eKQXIzP49DmOYjBa0tRvDQpnTyFGn2mLWZyMV9VD6MfnUbunpCofdErkyhULvP2l5fNxtpgQNDJF8uXwQdfHKbrm0FCLCVTUgnxqEAGpTnobBU56pyctINbdPXZy2Z7ArxljmuiqoDwauthrJv5112A2kFsy3I=

DNS TXT record is in below mentioned format.

mail._domainkey IN TXT "v=DKIM1\; k=rsa\; p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCzpscf84QhWem+CdrtqaO81YMM6b6MnVqBE+obIBR4vJhorz6XF2nZD9925HwcADLDyP67zES9QEVdTBk50DwuErSUVQD8VMMkPzPCiQmYyp8GRsDCbU1MCMCrkOMi93K3GEwcQfljH9nkT7sWgIirjpml3myBgyAtn/A1llNXaQIDAQAB"

Please help in setting up this.

Thanks
cybexin

zampaman
New user
New user
Posts: 5
Joined: 2009-09-21 01:38

Re: HOWTO: Generating DKIM Data for HMS

Post by zampaman » 2009-09-21 01:51

/bump

I am experiencing the same, hereby my error report.

The last error:
DNS record(s):
1253483945.dating._domainkey.q-dating.com. TXT (no records)

I can't explain it. Everything is there i think...

----------------------------------------------------------
DKIM check details:
----------------------------------------------------------
Result: permerror (no usable key records)
ID(s) verified:
Canonicalized Headers:
from:<info@q-dating.com>'0D''0A'
date:Sun,'20'20'20'Sep'20'2009'20'23:18:56'20'+0100'0D''0A'
message-id:<F4F11CB80C5349C5850461D6E43D2CE0@id6027>'0D''0A'
to:<check-auth2@verifier.port25.com>'0D''0A'
mime-version:1.0'0D''0A'
content-type:text/plain;'20'format=flowed;'20'charset="iso-8859-1";'20'reply-type=original'0D''0A'
content-transfer-encoding:7bit'0D''0A'
dkim-signature:v=1;'20'a=rsa-sha256;'20'd=q-dating.com;'20's=1253483945.dating;'20'c=relaxed/relaxed;'20'q=dns/txt;'20'h=From:Date:Message-ID:To:MIME-Version:Content-Type:Content-Transfer-Encoding;'20'bh=frcCV1k9oG9oKj3dpUqdJg1PxRT2RSN/XKdLCPjaYaY=;'20'b=

Canonicalized Body:
'0D''0A'


DNS record(s):
1253483945.dating._domainkey.q-dating.com. TXT (no records)

^DooM^
Site Admin
Posts: 13861
Joined: 2005-07-29 16:18
Location: UK

Re: HOWTO: Generating DKIM Data for HMS

Post by ^DooM^ » 2009-09-21 10:05

So why are you looking foe domainkey? Domainkey is not DKIM.
If at first you don't succeed, bomb disposal probably isn't for you! ヅ

westdam
Senior user
Senior user
Posts: 728
Joined: 2006-08-01 21:24
Location: Padova, Italy
Contact:

Re: HOWTO: Generating DKIM Data for HMS

Post by westdam » 2009-11-12 09:28

hi mp3freak
i've got the same issue reported here :
http://www.hmailserver.com/forum/viewto ... 12&t=14654

my dkim entry is more than 256 char so i cant put into the txt record on godaddy.com dns server.

anyone can help me?

User avatar
bagu
Normal user
Normal user
Posts: 210
Joined: 2005-06-17 03:08
Location: France
Contact:

Re: HOWTO: Generating DKIM Data for HMS

Post by bagu » 2009-11-12 10:49

MP3Freak wrote: {selector name} is an identification of the key to be used by HMS to encrypt the DKIM key, and to be used by the receiver to fetch the corresponding public key from your DNS server.
{domain name} is the mail domain, for which you want to generate the DKIM data.
Excuse me but i don't understand some things :
1-How should i choose {selector name} ? Witch shape ? How lenght should it be ? Only letters ? I don't know, so i think there might be others who wonder same questions.
2-{domain name} is the mail domain so is it the root of the domain ? Example, for mail.thing.tld as smtp server, the {domain name} will be thing.tld ?

Thanks in advance and sorry for bad english.
hMailServer 5.6.8 With SpamAssassin 3.4.2

zampaman
New user
New user
Posts: 5
Joined: 2009-09-21 01:38

Re: HOWTO: Generating DKIM Data for HMS

Post by zampaman » 2010-02-07 15:38

bumping this again...

I couldn't complete it last time, still isn't working:

permerror (no usable key records)

See previous post for details

User avatar
martin
Developer
Developer
Posts: 6834
Joined: 2003-11-21 01:09
Location: Sweden
Contact:

Re: HOWTO: Generating DKIM Data for HMS

Post by martin » 2010-02-08 23:23

As selector, I suggest you use a-z and 0-9 and keep it under 10 characters long. The RFC is more flexible but...

The domain should be example.com rather than mail.example.com.

User avatar
bagu
Normal user
Normal user
Posts: 210
Joined: 2005-06-17 03:08
Location: France
Contact:

Re: HOWTO: Generating DKIM Data for HMS

Post by bagu » 2010-02-18 20:21

With this begin :

bagufr022010._domainkey IN TXT "v=DKIM1\; k=rsa\;

Witch parameter may i use in hmail ?
I know what i must put in selector (bagufr022010) but header method, body method, and signing algorithm i don't know...
hMailServer 5.6.8 With SpamAssassin 3.4.2

jbade
New user
New user
Posts: 25
Joined: 2005-04-30 20:37

Re: HOWTO: Generating DKIM Data for HMS

Post by jbade » 2010-06-29 17:43

So I did my first domain..

It's only used from a vbulletin site and all the registration emails go into spam for all the yahoo users..

I followed directions and if I send a test email from within vbulletin everything passes.

So now I have 2 other domains which I do the same setup for..
I use Roundcube to send email to check-auth@verifier.port25.com

And they fail ever time..

Error is:

Result: fail (wrong body hash: expected

should I be doing something different with multiple domains?
can the selector be the same since they are different or is that the issue?

jbade
New user
New user
Posts: 25
Joined: 2005-04-30 20:37

Re: HOWTO: Generating DKIM Data for HMS

Post by jbade » 2010-07-07 17:47

Does no one do this any more?

Seams that if I send email using vbulletin it works..

if I use roundcube it doesn't...

Does this make sense at all?

User avatar
daz69
Normal user
Normal user
Posts: 128
Joined: 2010-07-20 15:22
Location: Cornwall

Re: HOWTO: Generating DKIM Data for HMS

Post by daz69 » 2010-12-18 16:29

Just to add something to this oldish thread, I was having the 'no usable keys' response from port25 verifier email after creating the required files using the above method.

My DNS server did not require the "\" to escape the ";" as BIND does so...

v=DKIM1\; k=rsa\; p=M etc etc --> didn't work
v=DKIM1; k=rsa; p=M etc etc --> did work

Might help.

^DooM^
Site Admin
Posts: 13861
Joined: 2005-07-29 16:18
Location: UK

Re: HOWTO: Generating DKIM Data for HMS

Post by ^DooM^ » 2010-12-18 17:49

nice tip daz, thanks for sharing your findings!
If at first you don't succeed, bomb disposal probably isn't for you! ヅ

ozgurerdogan
Senior user
Senior user
Posts: 266
Joined: 2010-11-19 18:50

Re: HOWTO: Generating DKIM Data for HMS

Post by ozgurerdogan » 2011-02-20 15:26

Hello, does this feature help mail to go to inbox instead junk folder for expecially hotmail? If yes I want to include it.

User avatar
daz69
Normal user
Normal user
Posts: 128
Joined: 2010-07-20 15:22
Location: Cornwall

Re: HOWTO: Generating DKIM Data for HMS

Post by daz69 » 2011-02-25 15:06

I've read that MSN/Hotmail does consider Domainkeys (Yahoo and Gmail place more importance to it - mainly because they were involved in it) but I would think that good SPF and rDNS is probably more important, I have all three and have no trouble mailing Hotmail inboxes.

If you haven't done so already test your domain with these tools so you know were you stand:
http://www.mxtoolbox.com - Lots of tests including SPF and blacklist checking etc.
http://www.port25.com/domainkeys/ - Send an email to the address listed and it will mail you back a report.

ozgurerdogan
Senior user
Senior user
Posts: 266
Joined: 2010-11-19 18:50

Re: HOWTO: Generating DKIM Data for HMS

Post by ozgurerdogan » 2011-02-25 15:11

I want to implement DKM but my system is automated (Hosting selling and when user pays their invoice their email automaticly created)
So how can I make DKIM automated also? Do you have any idea?

User avatar
daz69
Normal user
Normal user
Posts: 128
Joined: 2010-07-20 15:22
Location: Cornwall

Re: HOWTO: Generating DKIM Data for HMS

Post by daz69 » 2011-02-25 15:30

Using Hmailserver?

ozgurerdogan
Senior user
Senior user
Posts: 266
Joined: 2010-11-19 18:50

Re: HOWTO: Generating DKIM Data for HMS

Post by ozgurerdogan » 2011-02-25 15:34

Yes using hmailserver.

User avatar
daz69
Normal user
Normal user
Posts: 128
Joined: 2010-07-20 15:22
Location: Cornwall

Re: HOWTO: Generating DKIM Data for HMS

Post by daz69 » 2011-02-25 15:53

I guess you could look at automating the initial creation of the Dkim entries with GenDKIM and maybe write a script to add the Dkim info into the correct domain in hMailserver then if you run your own DNS add the necessary entries there..

I think you would end up spending a long time on it.

lostintv
New user
New user
Posts: 1
Joined: 2011-04-07 14:12

Re: HOWTO: Generating DKIM Data for HMS

Post by lostintv » 2011-04-07 14:20

Hi everyone,

I've been trying to do this without much success and was hoping someone could show me where I was going wrong.

I followed the steps in the original post and at step 6 it generated the following for me:


maillit._domainkey IN TXT "v=DKIM1\; k=rsa\; p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDLJNnfmJzmjDzOjxDXhzf36H2gdrbyu45z+oU1285TpnZpMsXb+gyxfWfQ1dkDCp8/yzfmxNgBjn9YC5gkX+N6oc/siys+MV2T8vDdlA76utgg6Xo6msGJx0x/64giOrlbDsyED7P2zqvrkyZTRZWg1Q2UQWqwRWJkfyBXrkDDkQIDAQAB"

I then logged into my HELM console and entered the DNS information.

Then I went to hmailserver and enabled DKIM signing, selecting the private key file generated by the process above and entering the selector name (maillit), leaving the other 3 options default.

Now, I've then tested if it works or not by sending an e-mail from my account to check-auth@verifier.port25.com. Unfortunately, the return message I get is:

DKIM check: fail

----------------------------------------------------------
DKIM check details:
----------------------------------------------------------
Result: fail (wrong body hash: expected 47DEQpj8HBSa+/TImW+5JCeuQeRkm5NMpJWZG3hSuFU=)
ID(s) verified:
Canonicalized Headers:
from:XXXX<XXX@lostintv.com>'0D''0A'
subject:Test'0D''0A'
date:Thu,'20'7'20'Apr'20'2011'20'10:02:01'20'+0100'0D''0A'
message-id:<EF979CF2-E57A-461C-B228-2D1A484CA7D2@lostintv.com>'0D''0A'
to:check-auth@verifier.port25.com'0D''0A'
mime-version:1.0'20'(Apple'20'Message'20'framework'20'v1084)'0D''0A'
content-type:text/plain'0D''0A'
content-transfer-encoding:7bit'0D''0A'
dkim-signature:v=1;'20'a=rsa-sha256;'20'd=lostintv.com;'20's=maillit;'20'c=relaxed/relaxed;'20'q=dns/txt;'20'h=From:Subject:Date:Message-ID:To:MIME-Version:Content-Type:Content-Transfer-Encoding;'20'bh=frcCV1k9oG9oKj3dpUqdJg1PxRT2RSN/XKdLCPjaYaY=;'20'b=

Canonicalized Body:

DNS record(s):

NOTE: DKIM checking has been performed based on the latest DKIM specs
(RFC 4871 or draft-ietf-dkim-base-10) and verification may fail for
older versions. If you are using Port25's PowerMTA, you need to use
version 3.2r11 or later to get a compatible version of DKIM.


Any ideas of how I might fix this? It's very frustrating as I'm not entirely sure where I've gone wrong!

Thanks in advance.

rjk
Normal user
Normal user
Posts: 248
Joined: 2010-03-30 19:30
Location: uʍop ǝpısdn

Re: HOWTO: Generating DKIM Data for HMS

Post by rjk » 2011-04-07 17:47

Many web-based control panels do not need the escape characters that are included in the output of that very useful tool. That means you need to remove the backslashes from in front of the semicolons in the key that was generated, as follows:

Code: Select all

v=DKIM1; k=rsa; p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDLJNnfmJzmjDzOjxDXhzf36H2gdrbyu45z+oU1285TpnZpMsXb+gyxfWfQ1dkDCp8/yzfmxNgBjn9YC5gkX+N6oc/siys+MV2T8vDdlA76utgg6Xo6msGJx0x/64giOrlbDsyED7P2zqvrkyZTRZWg1Q2UQWqwRWJkfyBXrkDDkQIDAQAB
The "IN TXT" part and the escape characters are only if you use BIND and want to paste the line into the config file directly.

So in your control panel, you would choose the option to create a new TXT record, for the domain "maillit._domainkey", with the value being the string in the code block above.

Hope this helps.
hMailServer 5.5.2-B2129 on Server 2008 R2 VM
MySQL 5.5.25, IIS 7.5, PHP 5.6.2 via FastCGI, RoundCube 1.0.3
XenServer 6.0 on HP DL380 G5 32GB RAM

ozgurerdogan
Senior user
Senior user
Posts: 266
Joined: 2010-11-19 18:50

Re: HOWTO: Generating DKIM Data for HMS

Post by ozgurerdogan » 2011-07-13 15:47

Download link does not work? Can someone please upload it again ?

ftp://ftp.handymail.ch/pub/hmailserver/ ... 0_9_8j.zip

Stannie79
New user
New user
Posts: 1
Joined: 2011-09-01 09:44

Re: HOWTO: Generating DKIM Data for HMS

Post by Stannie79 » 2011-09-01 09:47

ozgurerdogan wrote:Download link does not work? Can someone please upload it again ?

ftp://ftp.handymail.ch/pub/hmailserver/ ... 0_9_8j.zip
Yes please. Or post the content of the bat file.
Would help me a lot.
Tnx

rjk
Normal user
Normal user
Posts: 248
Joined: 2010-03-30 19:30
Location: uʍop ǝpısdn

Re: HOWTO: Generating DKIM Data for HMS

Post by rjk » 2011-09-02 17:51

Stannie79 wrote:
ozgurerdogan wrote:Download link does not work? Can someone please upload it again ?

ftp://ftp.handymail.ch/pub/hmailserver/ ... 0_9_8j.zip
Yes please. Or post the content of the bat file.
Would help me a lot.
Tnx
I can't post the whole thing because of the attachment size limit, but zip included the following:
  • GenDKIM.bat
    GenDKIMtxt.exe
    makeHMScert.bat
    readme.txt
    vcredist_x86.exe
    Win32OpenSSL_Light-0_9_8j.exe
If you can get vcredist_x86.exe and Win32OpenSSL_Light-0_9_8j.exe yourself, then you should be able to use the rest of the files which I have attached below:
DKIM.zip
(4.2 KiB) Downloaded 1675 times
The contents of GenDKIM.bat are as follows:

Code: Select all

@echo off

openssl genrsa -out dkim.%2.%1.key 1024
openssl rsa -in dkim.%2.%1.key -out dkim.%2.%1.public -pubout -outform PEM
GenDKIMtxt.exe %1 dkim.%2.%1.public
And the contents of makeHMScert.bat are below:

Code: Select all

@echo off

openssl genrsa -des3 -out %1.key 1024
openssl req -new -key %1.key -out %1.csr
copy %1.key %1.key.org
openssl rsa -in %1.key.org -out %1.key
openssl x509 -req -days 3000 -in %1.csr -signkey %1.key -out %1.crt
openssl x509 -outform der -in %1.crt -out %1.der
Cheers!
hMailServer 5.5.2-B2129 on Server 2008 R2 VM
MySQL 5.5.25, IIS 7.5, PHP 5.6.2 via FastCGI, RoundCube 1.0.3
XenServer 6.0 on HP DL380 G5 32GB RAM

philcar
New user
New user
Posts: 10
Joined: 2013-10-16 17:44

Re: HOWTO: Generating DKIM Data for HMS

Post by philcar » 2013-12-20 19:43

Thanks to MP3Freak.

I tried today on a Windows Server 2012.

Then I downloaded the two additional packages
Win32 OpenSSL v1.0.1e Light and Visual C++ 2008 Redistributables
from Shining Light Productions : http://slproweb.com/products/Win32OpenSSL.html

Then I installed OpenSSL in own directory.
Keys were generated properly.

Beware : No backslashes in the dkim value on the DNS server.

Tested with http://www.dnsstuff.com/

:D
Philippe M. Caron
Dataconsult bvba
Gent, Belgium.

percepts
Senior user
Senior user
Posts: 5282
Joined: 2009-10-20 16:33
Location: Sceptred Isle

Re: HOWTO: Generating DKIM Data for HMS

Post by percepts » 2014-01-14 17:59

easiest way to generate your own DKIM key is here (posted by ^Doom^ originally, I think):

http://www.port25.com/support/domainkeysdkim-wizard/

philcar
New user
New user
Posts: 10
Joined: 2013-10-16 17:44

Re: HOWTO: Generating DKIM Data for HMS

Post by philcar » 2014-12-04 15:44

Not if you have Windows servers ... Linux only here ...
Philippe M. Caron
Dataconsult bvba
Gent, Belgium.

Yovav
Normal user
Normal user
Posts: 40
Joined: 2015-09-13 01:35

Re: HOWTO: Generating DKIM Data for HMS

Post by Yovav » 2015-09-17 22:43

Hi. what is GenDKIMtxt.exe ?

(I was able to use it - but what is it for?)

Is it a part of some package?

User avatar
jimimaseye
Moderator
Moderator
Posts: 8095
Joined: 2011-09-08 17:48

Re: HOWTO: Generating DKIM Data for HMS

Post by jimimaseye » 2015-09-17 23:17

HMS 5.6.6 B2383 on Win Server 2008 R2 Foundation, + 5.6.7-B2415 on test.
SpamassassinForWindows 3.4.0 spamd service
AV: Clamwin + Clamd service + sanesecurity defs : https://www.hmailserver.com/forum/viewtopic.php?f=21&t=26829

EdoxxCI
New user
New user
Posts: 3
Joined: 2017-05-17 17:16

Re: HOWTO: Generating DKIM Data for HMS

Post by EdoxxCI » 2017-05-17 18:16

MP3Freak wrote:I extended the popular package I already published for creation of the SSL stuff for HMS, in order to also create the data needed for using HMS' DKIM feature.

5. Issue the following command at the command line:

Code: Select all

GenDKIM {selector name} {domain name}
Whereas:
{selector name} is an identification of the key to be used by HMS to encrypt the DKIM key, and to be used by the receiver to fetch the corresponding public key from your DNS server.
{domain name} is the mail domain, for which you want to generate the DKIM data.

6. Once the command execution completed, a Notepad window should appear, with a complete DNS entry that must be added to your BIND DNS server. If you use another DNS server, those data can be filled into it depending on the respective requirements.

The process generated the following files in the OpenSSL\bin directory:

dkim.{domain name}.{selector name}.key - this is the one you'll have to specify when you configure a HMS mail domain for DKIM signing. You may copy/move that files elsewhere prior to specifiying it in HMS of course.

dkim.{domain name}.{selector name}.public - this is the public key as generated by OpenSSL. No actual usage here.

dkim.{domain name}.{selector name}.public.txt - this contains the generated DNS zone file entry in BIND format to be added to your DNS server.

Note that the selector name you specify should only have alpha-numeric characters, and must match the one you specify in the "Selector:" field in the DKIM domain configuration settings in HMS!
I apologize but I'm a total noob at this stuff so I have a couple of really silly questions:

1) Can I install, run and generate the certificates with OpenSSL on any machine or do I have to install and run OpenSSL on my webserver ?
2) must {domain name} be inserted using curly brackets both in the command line and in the hMailserver selector textbox or were the brackets only inserted for "clarity"?
3) I installed all necessary gizmos, OpenSSL, bat files and all and the procedure does generate the three files but the public.txt file is practically empty it only contains my {selector name}.domain.com "v=DKIM1\; k=rsa\; p="
Where did I go wrong?
What di I mess up. Does it have to do with the fact I'm not running the procedure on the webserver machine?

Thanks for your answers :)

User avatar
mattg
Moderator
Moderator
Posts: 20028
Joined: 2007-06-14 05:12
Location: 'The Outback' Australia

Re: HOWTO: Generating DKIM Data for HMS

Post by mattg » 2017-05-17 23:03

EdoxxCI wrote:I apologize but I'm a total noob at this stuff so I have a couple of really silly questions:

1) Can I install, run and generate the certificates with OpenSSL on any machine or do I have to install and run OpenSSL on my webserver ?
2) must {domain name} be inserted using curly brackets both in the command line and in the hMailserver selector textbox or were the brackets only inserted for "clarity"?
3) I installed all necessary gizmos, OpenSSL, bat files and all and the procedure does generate the three files but the public.txt file is practically empty it only contains my {selector name}.domain.com "v=DKIM1\; k=rsa\; p="
1. any machine should be fine
2. I suspect for clarity.

I'm pretty sure that I used https://www.port25.com/dkim-wizard/ to generate my DKIM certifiactes
In my hmailserver >> example.com >> DKIM Signing >> Selector I just have the letters

dkim


No quotes, no curly brackets

3. The certificate detail is what should follow the p=, so yes that hasn't worked for you.

Check the online creation tool I linked to above
Just 'cause I link to a page and say little else doesn't mean I am not being nice.
https://www.hmailserver.com/documentation

User avatar
jimimaseye
Moderator
Moderator
Posts: 8095
Joined: 2011-09-08 17:48

Re: HOWTO: Generating DKIM Data for HMS

Post by jimimaseye » 2017-05-17 23:14

HMS 5.6.6 B2383 on Win Server 2008 R2 Foundation, + 5.6.7-B2415 on test.
SpamassassinForWindows 3.4.0 spamd service
AV: Clamwin + Clamd service + sanesecurity defs : https://www.hmailserver.com/forum/viewtopic.php?f=21&t=26829

EdoxxCI
New user
New user
Posts: 3
Joined: 2017-05-17 17:16

Re: HOWTO: Generating DKIM Data for HMS

Post by EdoxxCI » 2017-05-18 10:51

jimimaseye wrote:viewtopic.php?f=21&t=29402 - its simple.
I know this is probably much easier but I'm not very keen on giving out my antispam private keys to guys I don't know.
I get enough spoofed junkmail as is, don't want to push my luck too far.

Same applies to "unknown" executables, I'm kinda on edge at the time with all the stuff going on but I'll eventually setup an expendable sheep dip VM to try this out if i don't figure out how to work with openssl and the procedure above.

Thanks for the feedback though :wink:

EdoxxCI
New user
New user
Posts: 3
Joined: 2017-05-17 17:16

Re: HOWTO: Generating DKIM Data for HMS

Post by EdoxxCI » 2017-05-18 18:26

Hello all,
with your help I finally managed to get my DKIM signature up and running but when I try to test the settings using the suggested e-mail address auth-results@verifier.port25.com I get the following result:
==========================================================
Summary of Results
==========================================================
SPF check: pass
DomainKeys check: neutral
DKIM check: pass
SpamAssassin check: ham

I get DomainKeys is not supported by hMailServer so I guess I should not worry... correct? It's no big deal, right?

I solved my initial problem by simply opening the .public file with a text editor, copying the long character string and reproducing the correct structure for my TXT DNS settings.
Had a few problems at first because the editor I was using was inserting invisible carriage returns in my string and I kept getting an Invalid zone message but once I figured that out it worked just fine.

Thanks again

User avatar
mattg
Moderator
Moderator
Posts: 20028
Joined: 2007-06-14 05:12
Location: 'The Outback' Australia

Re: HOWTO: Generating DKIM Data for HMS

Post by mattg » 2017-05-19 01:20

EdoxxCI wrote:I get DomainKeys is not supported by hMailServer so I guess I should not worry... correct? It's no big deal, right?
Not only not supported by hMailsevrer, but to my knowledge only EVER used by Yahoo.

gMail and Outlook.com etc all use DKIM not Domainkeys

I've never seen it used for real, only in some online tests like this one.

DMARC is the next step if you have spf and DKIM. To me that mitigates the issue of sharing the private keys with an online key builder.
Just 'cause I link to a page and say little else doesn't mean I am not being nice.
https://www.hmailserver.com/documentation

User avatar
Dravion
Senior user
Senior user
Posts: 1424
Joined: 2015-09-26 11:50
Location: Germany
Contact:

Re: HOWTO: Generating DKIM Data for HMS

Post by Dravion » 2017-05-19 03:43

Yeah and after DMARC comes DANE which requires DNSSEC in the first place :D

Iam not sure if Microsofts crappy DNS-Server can handle DNSSEC and its required TSIG RR Records but atleast Bind9 for Windows can handle it.

User avatar
mattg
Moderator
Moderator
Posts: 20028
Joined: 2007-06-14 05:12
Location: 'The Outback' Australia

Re: HOWTO: Generating DKIM Data for HMS

Post by mattg » 2017-05-19 05:07

Yep...

I use OpenDNS to filter internet traffic for the LAN, but have my hMailserver set to use another local DNS (bind9).
OpenDNS isn't DNSSEC as yet, but is DNSCurve enabled :roll: :roll:
Just 'cause I link to a page and say little else doesn't mean I am not being nice.
https://www.hmailserver.com/documentation

gianniskapouekei
Normal user
Normal user
Posts: 64
Joined: 2017-09-29 13:09

Re: HOWTO: Generating DKIM Data for HMS

Post by gianniskapouekei » 2017-10-03 21:23

hi....how i can make a DKIM for my domain??? thanks very much.

User avatar
jimimaseye
Moderator
Moderator
Posts: 8095
Joined: 2011-09-08 17:48

Re: HOWTO: Generating DKIM Data for HMS

Post by jimimaseye » 2017-10-03 22:29

HMS 5.6.6 B2383 on Win Server 2008 R2 Foundation, + 5.6.7-B2415 on test.
SpamassassinForWindows 3.4.0 spamd service
AV: Clamwin + Clamd service + sanesecurity defs : https://www.hmailserver.com/forum/viewtopic.php?f=21&t=26829

Post Reply