HOW TO: Easy Set Up DKIM signatures on Hmailserver

This section contains user-submitted tutorials.
User avatar
jimimaseye
Moderator
Moderator
Posts: 6032
Joined: 2011-09-08 17:48

HOW TO: Easy Set Up DKIM signatures on Hmailserver

Postby jimimaseye » 2016-03-16 12:53

This procedure details how easy it is to achieve and how to implement it (in 5 easy steps, and I mean EASY). Other instructions are also available throughout the forum offering similar and different methods. This guide is a simplified yet complete write-up following the easiest method. (Thank you to @Mattg for the initial guidance).

1, CREATE THE KEYS

This step will take you through creating keys using a seemingly trustworthy online key generator. However, for those of a more nervous disposition about security, and who want be in control of creating such keys without the use of the internet (involving downloading of OpenSSL software), then an alternative method for creating the keys can be found here: http://www.dataenter.com/doc/general_domainkeys.htm - then continue to apply the generated key strings accordingly (from step (2) below).

i, Go to https://www.port25.com/support/domainkeysdkim-wizard/

ii, Fill out the form accordingly:

    Domain name of the “From:” header address....: enter your domain (eg, YOURDOMAIN.COM)

    DomainKey Selector (e.g., key1): enter "dkim" (without the quotes. We will be referring to this choice of key word later)

    Key size in bits: 1024

    Note: you may choose 2048bits but this will result in a longer key. However, many DNS servers will not accept the record length of this key as it will be too long and its likely you are unaware of your servers limitation until after you try it. (This happened to me). So I advise to enter just 1024 bit to be sure.

iii, Click 'CREATE KEYS'

2 keys will be generated on screen. The first one will be the PUBLIC KEY:

eg,
-----BEGIN PUBLIC KEY-----
MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQC8nxXPJLVrZycHRDJgL1l/Euut
3yPAGHS8CIqMUrwn7PmNoNUEYsoMkiBfRTXLTCpzU2+BceZ9CFyR9N3mJhndvgg6
e6JBuVBYyqofAmfDqbuHz7FqF3H6bTdR5l9/5AQM3XFJeerzOO8cPY3VwYnhfUFs
wCU/suTcTK0+uMV1ewIDAQAB

-----END PUBLIC KEY-----


2, UPDATE YOUR DNS RECORD WITH THE DKIM KEY

Go to your DNS records portal/administration to amend your domain DNS records and add a TXT record under your domain:

i, Copy the long string of characters that appear between -----BEGIN PUBLIC KEY----- and -----END PUBLIC KEY---- (highlighted in bold above) to your clipboard.

ii, Create a TXT record against your domain in DNS with the following entry:

    key: dkim._domainkey.YOURDOMAIN.COM

    Value: v=DKIM1; t=s; k=rsa; p=The_Long_String_Of_Text_From_Your_Clipboard_Above
    (ensure the single spaces between parameters are included)
eg,
Value:
v=DKIM1; t=s; k=rsa; p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQC8nxXPJLVrZycHRDJgL1l/Euut3yPAGHS8CIqMUrwn7PmNoNUEYsoMkiBfRTXLTCpzU2+BceZ9CFyR9N3mJhndvgg6e6JBuVBYyqofAmfDqbuHz7FqF3H6bTdR5l9/5AQM3XFJeerzOO8cPY3VwYnhfUFswCU/suTcTK0+uMV1ewIDAQAB


Important Note: if you are using/administering a BIND dns server then the semicolons (';') need to be 'escaped' with a backslash and entered as '\;'

eg, v=DKIM1\; t=s\; ....

iii, Save your new record

iv, You may now test for the DNS record to see if it has been accepted by using online DNS Query facilities such as this one: http://www.dnswatch.info/.

Enter:

    Hostname or IP: dkim._domainkey.YOURDOMAIN.COM
    Type: TXT

The results should now show an entry similar to

dkim._domainkey.YOURDOMAIN.COM.

TXT 300

v=DKIM1;t=s;k=rsa;p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQC8nxXPJLVrZycHRDJgL1l/Euut3yPAGHS8CIqMUrwn7PmNoNUEYsoMkiBfRTXLTCpzU2+BceZ9CFyR9N3mJhndvgg6e6JBuVBYyqofAmfDqbuHz7FqF3H6bTdR5l9/5AQM3XFJeerzOO8cPY3VwYnhfUFswCU/suTcTK0+uMV1ewIDAQAB


(note that there is no 'escaped' semicolon - if there is then you should re-enter your DNS record without the backslashed semicolon.)

3, CREATE THE PRIVATE KEY ON YOUR HMAILSERVER

i, Create a blank text file (with Notepad, for example) and paste in the second part of the block (the -----PRIVATE KEY-----) as appears on the website:

eg
-----BEGIN RSA PRIVATE KEY-----
MIIEpAIBAAKCAQEA1RKKds55yyGSS/h47+4LMpyz08yqf2zzIS86UYr2KAry1b8Q
+F4Aa03+YA6NZbzWnUepaKVG5Fmd0RxAqbwRCvr/KxoNbs2oHWHR3LaXEsr96zkl
wCV6XxciNDWkC9iDnrCOb8J/ihQM5kUMRJdvYtJMtZivyi7c6DFSN7aMdDO2Vu96
RybbCUSjXxNFFjgE8fY57E7zJFOHPDCxJpfmVDxPKJqHyGpTKDmiywtTMLgH7Nsy
eR2OSn+2tDja6VWvuiq6EfZ5sRWmV2dn0KWVbTSjH74BI9OOPK3LfKQfLQ4iUnPF
Wf7IC29jggKg/PBMuXcp5qo5ZIFy5f8Z1SZgD+kpgGkxw42bJl7olaFRayu5rJH8
Fa6a99Y5/i7EI9jYas7WHP0lxM6rZlUyWE4pB5DPRDqDCbesuEV5DmHROVlfSgpH
sHaeNGbfHCYDngg5KvAUxLECgYEAnh+c5HHm4X13JSsm6ScBQW7HDB0fNP7W13iS
Petie/HsQE+0xgDEKfGm/DgAAIErTz6pfjpXX9dQs/O+aY5LNh0PTduO+g2fS0qy
bwu4VU9vSu1WFMWS+fLCSBpePRiWjCRN5uDH7ZQUOqu0WVEN3Y1k43uTiFUgvppr
TRQOyB0CgYBU9Pl2tMVV02pnZeZGsYv7RykMJ4xhD9urVxtMCI76H6xHAbJcnXy0
NMXqxfK5iAJFR1ffkAIti/v6dUlgg+4sCJExJFmawpe0PV/mARrHLkSCcHxTvnS0
sGqiP8TQKVRCvkwOhp/dgabfNoiOE3QWAzpngZLjfeoH0P+SYaBN/g==
-----END RSA PRIVATE KEY-----


ii, Save this file as "dkim.YOURDOMAIN.COM.pem".

I recommend saving this file in to the DOMAIN folder off the root of your data directory (where the email files are held in sub folders).

eg d:\pathto\HMSdatafolder\YOURDOMAIN.COM/dkim.YOURDOMAIN.COM.pem

This way the the domain specific key will be saved with your data backups and thus avoiding configuration problems on restore.


4, CONFIGURE HMAILSERVER

i, In Hmailserver admin go to: DOMAINS - 'mydomain.com' - "DKIM Signing"

    Tick 'Enabled'

    Private Key File: browse and point to dkim.YOURDOMAIN.COM.pem as saved in step (3ii)
    eg, d:\pathto\HMSdatafolder\YOURDOMAIN.COM)

    Selector: "dkim"

    Header method: relaxed

    Body method: relaxed

    Signing algorithm: SHA256
Click SAVE.

5, TEST

Send an email to an external address that you can receive and view (eg, a Gmail, Yahoo etc address). Upon receiving it, use your portal/email client functions to view the "Message Source" or 'full headers'. Within the headers there should be something like:

Authentication-Results: mta1323.mail.ne1.yahoo.com from=MYDOMAIN.COM; domainkeys=neutral (no sig); from=MYDOMAIN.COM; dkim=pass (ok)


Further down in the headers where your Hmailserver initially starts the delivery, there should be a 'received' header similar to:

Received: from 127.0.0.1 (EHLO mail.mydomain.com) (123.45.67.89)
by mta1323.mail.ne1.yahoo.com with SMTPS; Wed, 16 Mar 2016 09:13:38 +0000
dkim-signature: v=1; a=rsa-sha256; d=mydomain.com; s=dkim;
c=relaxed/relaxed; q=dns/txt; h=From:Subject:Date:Message-ID:To:MIME-Version:Content-Type;
bh=pVMggf6ACj7Jh1zg8lMTWup8MzcMJg8v5gp1MijD6II=;
b=d+w4QzQFvsLa7Jt0gUoqI+Eu4X8QudR/HcxtxL0e/oloZWD9K1ZdmOVYEWZVYE3RvfvuosFlZ0DTQvF3Ok17yYEqkqeoyoSmp8BEUYEuRmTYELDrDe1ooYyVBdQHOFZqVMZLqMPgETYEhs1EEy4e3lEorEZ0R51wLSDY1PMbkK25XtxBs


If you have the DKIM signature, and you have the DKIM=PASS in the "Authentication Results" header, then youre done!

Warning:

I have DKIM set up (as per the above instructions) and receive a "DKIM=PASS" on all tests with online DKIM/email checkers and email providers I try....that is all EXCEPT Microsoft's Outlook/Hotmail! (surprise surprise). Even when the same email is CC'd to Hotmail and a Yahoo addresses (for example), or even have Hotmail accept it and forward it on to a Yahoo address, only the Microsoft servers chooses to fail and continue to issue 'dkim=fail' (and they are still unable to explain why.) Despite this, and probably because of our domains 'good reputation' and SPF records, it doesnt affect delivery of our emails to their INBOX. But you should be aware and maybe check/test yourself to determine what the results are for your domain when sending to an Outlook/hotmail address. If you do suffer from Microsoft-run email services from JUNKing your emails, then read this article (with direct link) for explanations and possible options: viewtopic.php?p=184321#p184321.

EDIT: MICROSOFT ALSO GIVES A DKIM=PASS: A few days later after the initial implementation and results above, I did further tests. Microsoft servers give DKIM=FAIL if the BODY of your text is blank - if the body is not blank (which is normally the case in most emails) then they also gave DKIM=PASS. This was true for both plain text and html/richtext email bodies. (My initial test emails just contained recipient address and a subject (eg "test 1") and didnt have a body text.). Phew. Wierd, but phew!
HMS 5.6.6 B2383 on Win Server 2008 R2 Foundation, + 5.6.7-B2415 on test.
SpamassassinForWindows 3.4.0 spamd service
AV: Clamwin + Clamd service + sanesecurity defs : https://www.hmailserver.com/forum/viewtopic.php?f=21&t=26829

User avatar
Dravion
Senior user
Senior user
Posts: 641
Joined: 2015-09-26 11:50
Location: Germany
Contact:

Re: HOW TO: Easy Set Up DKIM signatures on Hmailserver

Postby Dravion » 2016-03-16 13:00

Great work!
My experimental builds of hMailserver 32/64-Bit+Unicode
https://github.com/Dravion/hmailserver/releases

HMSInfo 32/64-Bit
https://github.com/Dravion/HMSInfo/releases

User avatar
modiX
Normal user
Normal user
Posts: 41
Joined: 2016-03-06 21:21

Re: HOW TO: Easy Set Up DKIM signatures on Hmailserver

Postby modiX » 2016-03-17 22:14

Ok I could not resist and tried this.

The dkim signature got attached, but in the top of the mail behind Authentication-Results it's not "dkim=pass", it's "dkim=permerror header.d=***.com".

What does this mean? The signature below looks right to me.

User avatar
jimimaseye
Moderator
Moderator
Posts: 6032
Joined: 2011-09-08 17:48

Re: HOW TO: Easy Set Up DKIM signatures on Hmailserver

Postby jimimaseye » 2016-03-17 22:21

You must have mistyped/misread/mishandled some of the data somehow and perhaps not set the dns record correctly. Let me know your domain so we can check. (Also, stop and restart your hmailserver service to be sure)
HMS 5.6.6 B2383 on Win Server 2008 R2 Foundation, + 5.6.7-B2415 on test.
SpamassassinForWindows 3.4.0 spamd service
AV: Clamwin + Clamd service + sanesecurity defs : https://www.hmailserver.com/forum/viewtopic.php?f=21&t=26829

User avatar
mattg
Moderator
Moderator
Posts: 17110
Joined: 2007-06-14 05:12
Location: 'The Outback' Australia

Re: HOW TO: Easy Set Up DKIM signatures on Hmailserver

Postby mattg » 2016-03-18 00:36

One note of caution...

(I told jimimaseye about the port25 dkim certificate creator)

I have no reason to suspect port25 of anything unusual, in fact the exact opposite. They appear to be very genuine.
Their privacy policy is here >> https://www.port25.com/privacy-policy/
And it says in part
After a transaction, your private information (credit cards, social security numbers, financials, etc.) will be kept on file for more than 60 days in order to keep you updated on software enhancements..


This a very short time frame and is great.

My note of caution is that with ANY online service there is a risk that you could be giving your information to the bad guys.
This could be a problem if you ONLY used DKIM. It could mean that a website with DKIM certificate and key, could generate mail that pretends to be from you.

A solution is to use DKIM as PART of your mail security setup.
Also use SPF records that end in '-all'
Look at other security solutions as thy evolve.
Just 'cause I link to a page and say little else doesn't mean I am not being nice.
https://www.hmailserver.com/documentation

User avatar
modiX
Normal user
Normal user
Posts: 41
Joined: 2016-03-06 21:21

Re: HOW TO: Easy Set Up DKIM signatures on Hmailserver

Postby modiX » 2016-03-18 18:30

jimimaseye wrote:You must have mistyped/misread/mishandled some of the data somehow and perhaps not set the dns record correctly. Let me know your domain so we can check. (Also, stop and restart your hmailserver service to be sure)

Thank you for your PM. The DNS record was not stored correctly. Now it's working and the email got "dkim=pass" in the header.

Now my question is, how can the receiver know the mail is not modified?
I mean, the Receiver server or client has to check the DKIM, but I don't believe every client/server is doing this when receiving a mail.

User avatar
jimimaseye
Moderator
Moderator
Posts: 6032
Joined: 2011-09-08 17:48

Re: HOW TO: Easy Set Up DKIM signatures on Hmailserver

Postby jimimaseye » 2016-03-18 19:54

Mail servers check the dkim signature that you have encoded in the email matches ITS results when it does the same (with your DKIM key as found in your DNS record). If the results are not identical then one of the fields used for generating the signature (which are listed in the header) must have been changed and they would get DKIM=FAIL. Then their server would score it/move it to spam folders according to their own implementation of risk handling.

Of course, no, there is no saying that all servers perform DKIM verification, but the main ones do (I would think anyone that you are sending to will support it).

Now to do your SPF. (See my PM).
HMS 5.6.6 B2383 on Win Server 2008 R2 Foundation, + 5.6.7-B2415 on test.
SpamassassinForWindows 3.4.0 spamd service
AV: Clamwin + Clamd service + sanesecurity defs : https://www.hmailserver.com/forum/viewtopic.php?f=21&t=26829

User avatar
mattg
Moderator
Moderator
Posts: 17110
Joined: 2007-06-14 05:12
Location: 'The Outback' Australia

Re: HOW TO: Easy Set Up DKIM signatures on Hmailserver

Postby mattg » 2016-03-19 00:47

modiX wrote:Now my question is, how can the receiver know the mail is not modified?

DKIM shows that there have been no changes between the mailservers. Even then this rarely used for anything other spam scoring, and the user is rarely notified if the DKIM is incorrect, other than a header in a SPAM marked email.
Who reads headers anyway other than us nerds?

To show no changes since since the authoring mail client, you need to investigate Message digital signatures.
This (like Message level encryption) is handles by mail clients

Mail clients need to share public keys (in a secure way, not via another email)
Then the sending client can digitally sign AND/OR encrypt the message with their private key
The receiving client can confirm digital signatures, and de-encrypt messages using the public key

public and private keys needs to generated first, and you need to trust the authority / entity that generates the keys to properly identify the sender, and you need to trust the communication channel by which these were sent

digital signatures and DKIM alone DO NOT PREVENT THE MESSAGE FROM BEING VIEWED or copied in transit
Message encryption is the ONLY way to achieve this, even then, still perhaps not.

I am told that when security agencies at friendly nations exchange email, that they:-
- Sign with keys physically handed from one trusted agent to another
- Encrypt with a different key, physically handed between two other trusted agents
- Encrypt a VPN tunnel before doing anything
- send the encrypted message down the encrypted VPN, inside a SSL secured connection
- use each code ONLY once
- EXPECT THAT THE MESSAGE HAS BEEN COMPROMISED anyway
Just 'cause I link to a page and say little else doesn't mean I am not being nice.
https://www.hmailserver.com/documentation

neo
New user
New user
Posts: 7
Joined: 2006-06-12 16:43

Re: HOW TO: Easy Set Up DKIM signatures on Hmailserver

Postby neo » 2017-01-05 12:16

mattg wrote:One note of caution...

(I told jimimaseye about the port25 dkim certificate creator)

I have no reason to suspect port25 of anything unusual, in fact the exact opposite. They appear to be very genuine.
Their privacy policy is here >> https://www.port25.com/privacy-policy/
And it says in part
After a transaction, your private information (credit cards, social security numbers, financials, etc.) will be kept on file for more than 60 days in order to keep you updated on software enhancements..


This a very short time frame and is great.

My note of caution is that with ANY online service there is a risk that you could be giving your information to the bad guys.
This could be a problem if you ONLY used DKIM. It could mean that a website with DKIM certificate and key, could generate mail that pretends to be from you.

A solution is to use DKIM as PART of your mail security setup.
Also use SPF records that end in '-all'
Look at other security solutions as thy evolve.


Hi,

You can generate your own RSA key (domainkey) using OpenSSL.
Download it and follow the instruction gave in:
http://www.dataenter.com/doc/general_domainkeys.htm

Sincerely,

User avatar
jimimaseye
Moderator
Moderator
Posts: 6032
Joined: 2011-09-08 17:48

Re: HOW TO: Easy Set Up DKIM signatures on Hmailserver

Postby jimimaseye » 2017-01-05 13:26

neo wrote:
Hi,

You can generate your own RSA key (domainkey) using OpenSSL.
Download it and follow the instruction gave in:
http://www.dataenter.com/doc/general_domainkeys.htm

Sincerely,

Thanks Neo, thats good to know.

I have updated my tutorial to reflect this suggestion.
HMS 5.6.6 B2383 on Win Server 2008 R2 Foundation, + 5.6.7-B2415 on test.
SpamassassinForWindows 3.4.0 spamd service
AV: Clamwin + Clamd service + sanesecurity defs : https://www.hmailserver.com/forum/viewtopic.php?f=21&t=26829

wctsang
New user
New user
Posts: 4
Joined: 2017-01-17 16:19

Re: HOW TO: Easy Set Up DKIM signatures on Hmailserver

Postby wctsang » 2017-01-17 16:43

Dear Jimimaseye,

My name is WC Tsang. I live in Hong Kong. I am a very green hand to server settings. I tried very hard these few days in setting up an hmailserver with DKIM feature running on my PC at home. I followed every steps in your essay posted in March last year. However, no matter how hard I tried, I kept on receiving the following error message in the log file:

"ERROR" 2780 "2017-01-17 22:07:33.991" "Severity: 3 (Medium), Code: HM5310, Source: DKIM::SignHash_, Description: Unable to parse the private key file."
"ERROR" 2780 "2017-01-17 22:07:34.007" "Severity: 3 (Medium), Code: HM5308, Source: DKIM::Sign, Description: Failed to create siganture."
"ERROR" 2780 "2017-01-17 22:07:34.022" "Severity: 3 (Medium), Code: HM5306, Source: DKIMSigner::Sign, Description: Message signing using DKIM failed."

I don't know what has gone wrong. Would you mind giving me some hints to solve the problem ?

Best regards,
WC Tsang

User avatar
mattg
Moderator
Moderator
Posts: 17110
Joined: 2007-06-14 05:12
Location: 'The Outback' Australia

Re: HOW TO: Easy Set Up DKIM signatures on Hmailserver

Postby mattg » 2017-01-18 00:03

I'd bet that the private key file is not accessible to the user that the hMailserver service runs under (typically local system), ie I think that your key file is not installed on a local hard drive where your hMailserver is installed.

If it is, check the file permissions for that file
Just 'cause I link to a page and say little else doesn't mean I am not being nice.
https://www.hmailserver.com/documentation

wctsang
New user
New user
Posts: 4
Joined: 2017-01-17 16:19

Re: HOW TO: Easy Set Up DKIM signatures on Hmailserver

Postby wctsang » 2017-01-18 15:30

Dear Mattg,

Thank you for your information. I did aware of this problem. As I learned in some other essays, I put the private key file under the data directory of hmailserver:

C:\Program Files (x86)\hMailServer\Data\wctsang.online\dkim.wctsang.online.pem

If the hmailserver could access to the data directory, I thought it could access the private key in the same folder as well. However, this combination was just not working. There are five parties who have access right to the private key file:

System
Administrators
All application packages
All restricted application packages (I am not sure if this is correct as it is translated from Chinese)
Users

The first two parties have full control right while the rest have only read and execute right.

May I ask what party I need to add and what right should be assigned before the hmailserver can access my private key file. Hope that you can spend a little time to help me.

Best regards,
W.C. Tsang

User avatar
mattg
Moderator
Moderator
Posts: 17110
Joined: 2007-06-14 05:12
Location: 'The Outback' Australia

Re: HOW TO: Easy Set Up DKIM signatures on Hmailserver

Postby mattg » 2017-01-18 23:55

What user does the hMailserver SERVICE run under?
Just 'cause I link to a page and say little else doesn't mean I am not being nice.
https://www.hmailserver.com/documentation

wctsang
New user
New user
Posts: 4
Joined: 2017-01-17 16:19

Re: HOW TO: Easy Set Up DKIM signatures on Hmailserver

Postby wctsang » 2017-01-19 14:19

Dear Mattg,

I logged in the computer by using my email address as User Name and the associated password. I gave this User a full control right to access all files under the hmailserver directory. After that, I started the hmailserver administrator and try to send an email from the mail@wctsang.online to my gmail account through the server. The same error was found in the log file as shown below:

"ERROR" 2784 "2017-01-19 20:09:23.650" "Severity: 3 (Medium), Code: HM5310, Source: DKIM::SignHash_, Description: Unable to parse the private key file."
"ERROR" 2784 "2017-01-19 20:09:23.650" "Severity: 3 (Medium), Code: HM5308, Source: DKIM::Sign, Description: Failed to create siganture."
"ERROR" 2784 "2017-01-19 20:09:23.650" "Severity: 3 (Medium), Code: HM5306, Source: DKIMSigner::Sign, Description: Message signing using DKIM failed."

Is there some other area which I need to check ?

Best regards,
W.C. Tsang

User avatar
jimimaseye
Moderator
Moderator
Posts: 6032
Joined: 2011-09-08 17:48

Re: HOW TO: Easy Set Up DKIM signatures on Hmailserver

Postby jimimaseye » 2017-01-19 14:25

You have misunderstood Mattg's question.

What windows account does your Hmailserver SERVICE run under ("SYSTEM", "LOCAL SERVICE", ...?) Look under your system PROCESSES. That is the windows user/account that the directories need to have access to.
HMS 5.6.6 B2383 on Win Server 2008 R2 Foundation, + 5.6.7-B2415 on test.
SpamassassinForWindows 3.4.0 spamd service
AV: Clamwin + Clamd service + sanesecurity defs : https://www.hmailserver.com/forum/viewtopic.php?f=21&t=26829

wctsang
New user
New user
Posts: 4
Joined: 2017-01-17 16:19

Re: HOW TO: Easy Set Up DKIM signatures on Hmailserver

Postby wctsang » 2017-01-20 18:44

Dear Jimimaseye,

Thank you for your clarification on Mattg's question. As I mentioned before, I am a very green hand in setting a server. Sorry that I even don't understand your hints.

I checked the service list in my computer. I found the the service hMailAdmin.exe is run under the username WCT with a description of Administrator. The service hMailServer.exe is run under SYSTEM with a description of hMailServer.

I assigned a full control right to both of the users to access my private key, but the problem persists. The log file is shown below:

"DEBUG" 2864 "2017-01-21 00:00:04.834" "SMTPDeliverer - Message 94 - Connection failed: Host name: 74.125.203.27, message: 信號等待逾時。"
"DEBUG" 2864 "2017-01-21 00:00:04.834" "Ending session 540"
"DEBUG" 2768 "2017-01-21 00:00:04.849" "External delivery process completed"
"DEBUG" 2768 "2017-01-21 00:00:04.849" "Starting external delivery process. Server: alt1.gmail-smtp-in.l.google.com (209.85.235.27), Port: 25, Security: 2, User name: "
"DEBUG" 2768 "2017-01-21 00:00:04.865" "Creating session 541"
"TCPIP" 2768 "2017-01-21 00:00:04.865" "Connecting to 209.85.235.27:25..."
"DEBUG" 2864 "2017-01-21 00:00:25.908" "SMTPDeliverer - Message 94 - Connection failed: Host name: 209.85.235.27, message: 信號等待逾時。"
"DEBUG" 2864 "2017-01-21 00:00:25.908" "Ending session 541"
"DEBUG" 2768 "2017-01-21 00:00:25.923" "External delivery process completed"
"DEBUG" 2768 "2017-01-21 00:00:25.923" "Starting external delivery process. Server: alt2.gmail-smtp-in.l.google.com (74.125.69.27), Port: 25, Security: 2, User name: "
"DEBUG" 2768 "2017-01-21 00:00:25.939" "Creating session 542"
"TCPIP" 2768 "2017-01-21 00:00:25.939" "Connecting to 74.125.69.27:25..."
"DEBUG" 2864 "2017-01-21 00:00:46.982" "SMTPDeliverer - Message 94 - Connection failed: Host name: 74.125.69.27, message: 信號等待逾時。"
"DEBUG" 2864 "2017-01-21 00:00:46.982" "Ending session 542"
"DEBUG" 2768 "2017-01-21 00:00:46.997" "External delivery process completed"
"DEBUG" 2768 "2017-01-21 00:00:46.997" "Starting external delivery process. Server: alt3.gmail-smtp-in.l.google.com (173.194.219.27), Port: 25, Security: 2, User name: "
"DEBUG" 2768 "2017-01-21 00:00:47.013" "Creating session 543"
"TCPIP" 2768 "2017-01-21 00:00:47.013" "Connecting to 173.194.219.27:25..."
"DEBUG" 2864 "2017-01-21 00:01:08.056" "SMTPDeliverer - Message 94 - Connection failed: Host name: 173.194.219.27, message: 信號等待逾時。"
"DEBUG" 2864 "2017-01-21 00:01:08.056" "Ending session 543"
"DEBUG" 2768 "2017-01-21 00:01:08.071" "External delivery process completed"
"DEBUG" 2768 "2017-01-21 00:01:08.071" "Starting external delivery process. Server: alt4.gmail-smtp-in.l.google.com (209.85.144.26), Port: 25, Security: 2, User name: "
"DEBUG" 2768 "2017-01-21 00:01:08.087" "Creating session 544"
"TCPIP" 2768 "2017-01-21 00:01:08.087" "Connecting to 209.85.144.26:25..."
"DEBUG" 2864 "2017-01-21 00:01:29.130" "SMTPDeliverer - Message 94 - Connection failed: Host name: 209.85.144.26, message: 信號等待逾時。"
"DEBUG" 2864 "2017-01-21 00:01:29.130" "Ending session 544"
"DEBUG" 2768 "2017-01-21 00:01:29.145" "External delivery process completed"
"DEBUG" 2768 "2017-01-21 00:01:29.145" "Summarizing delivery result"
"DEBUG" 2768 "2017-01-21 00:01:29.161" "Summarized delivery results"
"DEBUG" 2768 "2017-01-21 00:01:29.161" "SD::RescheduleDelivery_"
"DEBUG" 2768 "2017-01-21 00:01:29.180" "Retrieving retry options."
"DEBUG" 2768 "2017-01-21 00:01:29.182" "Starting rescheduling."
"APPLICATION" 2768 "2017-01-21 00:01:29.182" "SMTPDeliverer - Message 94: Message could not be delivered. Scheduling it for later delivery in 60 minutes."
"DEBUG" 2768 "2017-01-21 00:01:29.182" "PersistentMessage::SetNextTryTime()"
"DEBUG" 2768 "2017-01-21 00:01:29.198" "PersistentMessage::~SetNextTryTime()"
"DEBUG" 2768 "2017-01-21 00:01:29.198" "Message rescheduled for later delivery."
"APPLICATION" 2768 "2017-01-21 00:01:29.198" "SMTPDeliverer - Message 94: Message delivery thread completed."
"DEBUG" 2912 "2017-01-21 00:04:28.594" "Creating session 545"
"TCPIP" 2912 "2017-01-21 00:04:28.607" "TCP - 209.85.214.52 connected to 192.168.0.109:25."
"DEBUG" 2912 "2017-01-21 00:04:28.613" "TCP connection started for session 539"
"SMTPD" 2912 539 "2017-01-21 00:04:28.628" "209.85.214.52" "SENT: 220 DESKTOP-67DITK8 ESMTP"
"SMTPD" 2876 539 "2017-01-21 00:04:28.807" "209.85.214.52" "RECEIVED: EHLO mail-it0-f52.google.com"
"SMTPD" 2876 539 "2017-01-21 00:04:28.823" "209.85.214.52" "SENT: 250-DESKTOP-67DITK8[nl]250-SIZE 20480000[nl]250-AUTH LOGIN PLAIN[nl]250 HELP"
"SMTPD" 2864 539 "2017-01-21 00:04:29.007" "209.85.214.52" "RECEIVED: AUTH PLAIN AG1haWxAd2N0c2FuZy5vbmxpbmUARmF0ZmF0ZG9nMjAwMyE="
"SMTPD" 2864 539 "2017-01-21 00:04:29.023" "209.85.214.52" "SENT: 235 authenticated."
"SMTPD" 2912 539 "2017-01-21 00:04:29.207" "209.85.214.52" "RECEIVED: MAIL FROM:<mail@wctsang.online> SIZE=1085"
"SMTPD" 2912 539 "2017-01-21 00:04:29.223" "209.85.214.52" "SENT: 250 OK"
"SMTPD" 2860 539 "2017-01-21 00:04:29.417" "209.85.214.52" "RECEIVED: RCPT TO:<wctsang2011@gmail.com>"
"SMTPD" 2860 539 "2017-01-21 00:04:29.434" "209.85.214.52" "SENT: 250 OK"
"SMTPD" 2864 539 "2017-01-21 00:04:29.612" "209.85.214.52" "RECEIVED: DATA"
"SMTPD" 2864 539 "2017-01-21 00:04:29.627" "209.85.214.52" "SENT: 354 OK, send."
"DEBUG" 2860 "2017-01-21 00:04:29.827" "Adding task AsynchronousTask to work queue Asynchronous task queue"
"DEBUG" 2724 "2017-01-21 00:04:29.827" "Executing task AsynchronousTask in work queue Asynchronous task queue"
"DEBUG" 2724 "2017-01-21 00:04:29.849" "Saving message: {9F027F91-CE9D-4539-9BE7-544EE5BE05A0}.eml"
"DEBUG" 2724 "2017-01-21 00:04:29.865" "Requesting SMTPDeliveryManager to start message delivery"
"SMTPD" 2724 539 "2017-01-21 00:04:29.865" "209.85.214.52" "SENT: 250 Queued (0.224 seconds)"
"DEBUG" 2748 "2017-01-21 00:04:29.881" "Adding task DeliveryTask to work queue SMTP delivery queue"
"DEBUG" 2768 "2017-01-21 00:04:29.881" "Executing task DeliveryTask in work queue SMTP delivery queue"
"DEBUG" 2768 "2017-01-21 00:04:29.896" "Delivering message..."
"APPLICATION" 2768 "2017-01-21 00:04:29.896" "SMTPDeliverer - Message 95: Delivering message from mail@wctsang.online to wctsang2011@gmail.com. File: C:\Program Files (x86)\hMailServer\Data\{9F027F91-CE9D-4539-9BE7-544EE5BE05A0}.eml"
"DEBUG" 2768 "2017-01-21 00:04:29.912" "Applying rules"
"DEBUG" 2768 "2017-01-21 00:04:29.912" "Performing local delivery"
"DEBUG" 2768 "2017-01-21 00:04:29.912" "Local delivery completed"
"DEBUG" 2768 "2017-01-21 00:04:29.928" "Signing message using DKIM..."
"ERROR" 2768 "2017-01-21 00:04:29.928" "Severity: 3 (Medium), Code: HM5310, Source: DKIM::SignHash_, Description: Unable to parse the private key file."
"ERROR" 2768 "2017-01-21 00:04:29.928" "Severity: 3 (Medium), Code: HM5308, Source: DKIM::Sign, Description: Failed to create siganture."
"ERROR" 2768 "2017-01-21 00:04:29.944" "Severity: 3 (Medium), Code: HM5306, Source: DKIMSigner::Sign, Description: Message signing using DKIM failed."
"TCPIP" 2768 "2017-01-21 00:04:29.950" "DNS MX lookup: gmail.com"
"TCPIP" 2768 "2017-01-21 00:04:29.997" "DNS - MX Result: 5 IP addresses were found."
"DEBUG" 2768 "2017-01-21 00:04:30.012" "Starting external delivery process. Server: gmail-smtp-in.l.google.com (74.125.203.26), Port: 25, Security: 2, User name: "
"DEBUG" 2768 "2017-01-21 00:04:30.028" "Creating session 546"
"TCPIP" 2768 "2017-01-21 00:04:30.049" "Connecting to 74.125.203.26:25..."
"SMTPD" 2912 539 "2017-01-21 00:04:30.049" "209.85.214.52" "RECEIVED: QUIT"
"SMTPD" 2912 539 "2017-01-21 00:04:30.065" "209.85.214.52" "SENT: 221 goodbye"
"DEBUG" 2864 "2017-01-21 00:04:30.065" "Ending session 539"
"DEBUG" 2864 "2017-01-21 00:04:51.103" "SMTPDeliverer - Message 95 - Connection failed: Host name: 74.125.203.26, message: 信號等待逾時。"
"DEBUG" 2864 "2017-01-21 00:04:51.103" "Ending session 546"
"DEBUG" 2768 "2017-01-21 00:04:51.123" "External delivery process completed"
"DEBUG" 2768 "2017-01-21 00:04:51.124" "Starting external delivery process. Server: alt1.gmail-smtp-in.l.google.com (209.85.235.27), Port: 25, Security: 2, User name: "
"DEBUG" 2768 "2017-01-21 00:04:51.140" "Creating session 547"
"TCPIP" 2768 "2017-01-21 00:04:51.156" "Connecting to 209.85.235.27:25..."
"DEBUG" 2864 "2017-01-21 00:05:12.176" "SMTPDeliverer - Message 95 - Connection failed: Host name: 209.85.235.27, message: 信號等待逾時。"
"DEBUG" 2864 "2017-01-21 00:05:12.176" "Ending session 547"
"DEBUG" 2768 "2017-01-21 00:05:12.176" "External delivery process completed"
"DEBUG" 2768 "2017-01-21 00:05:12.176" "Starting external delivery process. Server: alt2.gmail-smtp-in.l.google.com (74.125.69.27), Port: 25, Security: 2, User name: "
"DEBUG" 2768 "2017-01-21 00:05:12.195" "Creating session 548"
"TCPIP" 2768 "2017-01-21 00:05:12.198" "Connecting to 74.125.69.27:25..."
"DEBUG" 2864 "2017-01-21 00:05:33.216" "SMTPDeliverer - Message 95 - Connection failed: Host name: 74.125.69.27, message: 信號等待逾時。"
"DEBUG" 2864 "2017-01-21 00:05:33.223" "Ending session 548"
"DEBUG" 2768 "2017-01-21 00:05:33.223" "External delivery process completed"
"DEBUG" 2768 "2017-01-21 00:05:33.238" "Starting external delivery process. Server: alt3.gmail-smtp-in.l.google.com (173.194.219.26), Port: 25, Security: 2, User name: "
"DEBUG" 2768 "2017-01-21 00:05:33.254" "Creating session 549"
"TCPIP" 2768 "2017-01-21 00:05:33.254" "Connecting to 173.194.219.26:25..."
"DEBUG" 2864 "2017-01-21 00:05:54.294" "SMTPDeliverer - Message 95 - Connection failed: Host name: 173.194.219.26, message: 信號等待逾時。"
"DEBUG" 2864 "2017-01-21 00:05:54.294" "Ending session 549"
"DEBUG" 2768 "2017-01-21 00:05:54.310" "External delivery process completed"
"DEBUG" 2768 "2017-01-21 00:05:54.310" "Starting external delivery process. Server: alt4.gmail-smtp-in.l.google.com (209.85.144.27), Port: 25, Security: 2, User name: "
"DEBUG" 2768 "2017-01-21 00:05:54.329" "Creating session 550"
"TCPIP" 2768 "2017-01-21 00:05:54.329" "Connecting to 209.85.144.27:25..."
"DEBUG" 2864 "2017-01-21 00:06:15.351" "SMTPDeliverer - Message 95 - Connection failed: Host name: 209.85.144.27, message: 信號等待逾時。"
"DEBUG" 2864 "2017-01-21 00:06:15.351" "Ending session 550"
"DEBUG" 2768 "2017-01-21 00:06:15.367" "External delivery process completed"
"DEBUG" 2768 "2017-01-21 00:06:15.383" "Summarizing delivery result"
"DEBUG" 2768 "2017-01-21 00:06:15.383" "Summarized delivery result"
"DEBUG" 2768 "2017-01-21 00:06:15.383" "SD::RescheduleDelivery_"
"DEBUG" 2768 "2017-01-21 00:06:15.398" "Retrieving retry options."
"DEBUG" 2768 "2017-01-21 00:06:15.398" "Starting rescheduling."
"APPLICATION" 2768 "2017-01-21 00:06:15.414" "SMTPDeliverer - Message 95: Message could not be delivered. Scheduling it for later delivery in 60 minutes."
"DEBUG" 2768 "2017-01-21 00:06:15.414" "PersistentMessage::SetNextTryTime()"
"DEBUG" 2768 "2017-01-21 00:06:15.414" "PersistentMessage::~SetNextTryTime()"
"DEBUG" 2768 "2017-01-21 00:06:15.414" "Message rescheduled for later delivery."
"APPLICATION" 2768 "2017-01-21 00:06:15.432" "SMTPDeliverer - Message 95: Message delivery thread completed."

I appreciate if you can give me some guidance. Should it be too troublesome for you to look into the problem for me, I would understand if you stop here. I would not be too disappointed if I fail to set up the mail server. Thank you for your help and Mattg's help.

Best regards,
W.C. Tsang

User avatar
jimimaseye
Moderator
Moderator
Posts: 6032
Joined: 2011-09-08 17:48

Re: HOW TO: Easy Set Up DKIM signatures on Hmailserver

Postby jimimaseye » 2017-01-20 20:08

I suggest you remove the certificate setting and go through the process from the start being careful to follow it carefully. You either have the individual files incorrectly formatted, you have not set the parameters right (or you have the permissions incorrectly set ).
HMS 5.6.6 B2383 on Win Server 2008 R2 Foundation, + 5.6.7-B2415 on test.
SpamassassinForWindows 3.4.0 spamd service
AV: Clamwin + Clamd service + sanesecurity defs : https://www.hmailserver.com/forum/viewtopic.php?f=21&t=26829

User avatar
Dravion
Senior user
Senior user
Posts: 641
Joined: 2015-09-26 11:50
Location: Germany
Contact:

Re: HOW TO: Easy Set Up DKIM signatures on Hmailserver

Postby Dravion » 2017-03-19 08:51

This Guide works partwise for me:

Used DNS-Server: Bind9 64-Bit on Windows 10 x64

DKIM TXT Record is valid and properly configured, see dig diag output:

C:\>dig incubator.net.projects._domainkey.incubator.net.projects TXT

; <<>> DiG 9.10.4-P2 <<>> incubator.net.projects._domainkey.incubator.net.projects TXT
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 8178
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;incubator.net.projects._domainkey.incubator.net.projects. IN TXT

;; AUTHORITY SECTION:
incubator.net.projects. 86400 IN SOA ns01.incubator.net.projects. hostmaster.incubator.net.projects. 2003080869 28800 7200 2419200 86400

;; Query time: 1 msec
;; SERVER: 194.241.203.104#53(194.241.203.104)
;; WHEN: Sun Mar 19 06:57:41 W. Europe Standard Time 2017
;; MSG SIZE rcvd: 137

But:
In Thunderbird no DKIM Headers are shown. hMailServer logs doesnt list any Error. The private key DKIM key in use is pointing to: C:\Program Files x86)\hMailServer\Data\incubator.net.projects\dkim.incubator.net.projects.pem

This is a test private key, no production domain so this private key can be published:

File: dkim.incubator.net.projects.pem
-----BEGIN RSA PRIVATE KEY-----
MIIEpAIBAAKCAQEAmpUvH5OGlNyd4aKZSjohqfXrpgBaJq1syCmDbSZqYiUqX4nu
LiDf6bXpQmI/3/T57nf5N83c+hLCiQvalBX9dlFP02SWTR3Z3rMhXO8ctvK89qsj
FRkg/gYBWEKTttVQdi/ASeDw9ekDtuh2j2JwOoGnpxjyHlQB0WuVErS51GqZlnyE
tFlR2vu1DGTGSYXJSYaAHlhqujCC0OYCOzBNH1jt9F0HhY3GPBguj8ar1aHJxLd8
W3wCw1bvkWDgB3Jaspwy5wTnh9cbwknJmgyRqi4ms18NHXJkXfEDU+7CFWtLAGsV
Y06kE2myC3/ubWJeGfDNzp8eJFhRMiFMFsAdYwIDAQABAoIBAEqc8YbrPU2DA03S
nuzeDDuuMNUKXHlIwjYHG6HGphjDWaWNvQJU6d8z5+gb5jriUvTQweE2o4+tGGrv
5swNpS7D5qTha07DttKwYc0quRBxL9ZcGm3nmC4kleeVExlv8wto1waR5Zy8oQdb
Q0bIO+VxiYu1FcCfydTcebLyurOVFIcRziJ4SJlJe+GZ23xKBbuJ0VnKivjxPyG8
kpFgAcThy3jH4oAI1xK25383giuS7GNklaFFYlHZnmfXIDULYn/UMIWcLtpRyWlm
n+yA+mvWHnzQSJkl6V9G741qJTG0Q2DFt1HCgsczy3mYLKEKvap21WQVn/8dIvMV
f1ZzC4ECgYEAyg99FGQfAsRgN0F39NA3T8tOiGaskm/8VHW1C1p/Atvsgp4Z8XRC
2aa4lvDGcklFodrOCV/w2FL3eukIHTY/fhla/xaGCMLoltG7eXQdSbfKbEuKSfIV
gy8z5fVXkNmAHuF1h2RXiIN2sihYFl5FxW7DOweWNu7ZMPHbhu57nCMCgYEAw9kj
HkhLHf4gPppxcU5F3yqn5nd87sixWAzvpyO+tPGZwJs1vzll3UBPXU2kziPIrDqK
dJxETOFM7d45cQFrQZIq/BrpUb92wYNLZijbY7b74vm0uDdgYz+uvkatxC9B/cwg
5BVeF6wG0kwfTeN/HNCHyP3tnyLwTbDAPk6h7cECgYB1nCJPth8euzLNtrudsXwg
Y9PoLOsRqUET4Bdq7lezUFMPi/rJwcQPb61NngPEDcYL+ZGnf0Juh4wo7G6eoi6+
tP90LqYBf4FmF9mpTd6mQ+X8ttNdSx0eaGEq3m0DkLW0Q8Lm9Y7FlM+Hz1fGXUT7
MAdO2pGik8+zX3NJzJICRQKBgQCvlMTySjfmDMXVulrIDTeBKtnaOfeskArGeNqG
SvqXeB6y2bOm24uifxxn9ssw8E3hcp5cixiEoFx6yQdQc8g3whZ9bJcO7gtG1DHN
xgVicVODmwDVQvhMInTEK9NvljqgkdhPA4UWzehTs2FBUBrOt3l0zYqyZ/1ueW7w
rUhpQQKBgQCIQRQQUBfbpIJ7a6nza8+Pygojq+BPZJXgHcH4CjhkNnmeXDLRSEao
qWojUMwgOHTe4GmCSwxsPkp2hygDSUPBWJ79oCZoIvSxaUtul6BDY/EfXIvYEVCp
unFN4ENy2tFcelPyFmenfymSQ7yMn26jMpdCmtVvmQQdmPBIojNsdQ==
-----END RSA PRIVATE KEY-----

Strange..
If i check it against my postfix smtp server it looks a bit diffrent in tb

Return-Path: <dravion@ht-foss.net>
X-Original-To: dravion@ht-foss.net
Delivered-To: dravion@ht-foss.net
Received: from [194.241.x.x] (ipservice-x-x-x-x.x.x.pools.vodafone-ip.de [92.x.x.x])
(using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits))
(No client certificate requested)
by mail.ht-foss.net (Postfix) with ESMTPSA id E12095FBC1
for <dravion@ht-foss.net>; Sun, 19 Mar 2017 07:48:27 +0100 (CET)
DKIM-Filter: OpenDKIM Filter v2.11.0 mail.ht-foss.net E12095FBC1
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=ht-foss.net;
s=default; t=1489906107;
bh=d7CQacLKD150owFlBotSe5qZaRCEb86xnQ+sdzOnRBI=;
h=Reply-To:To:From:Subject:Date:From;
b=exNQCbkU1dTQgI4amaeX/6kbTHWv6bJi+lX/1bMQWltOkDd3II5pDV4M/1ILis+Ux
F46KMV/bDUGa//PU919/G6B473zTcaczZw6FqPhKQi1roYf/o/Dwi9cqxZpKruYScP
F5am4E/+Zp0CMN1H4rUVDOnTbjJq1vmxnfyr1kog=
Reply-To: dravion@ht-foss.net
To: "dravion@ht-foss.net" <dravion@ht-foss.net>
From: "dravion@ht-foss.net" <dravion@ht-foss.net>
Subject: DKIM-Production Server (Postfix) TestSubject
Organization: dravion@ht-foss.net
Message-ID: <ffeefc41-9000-c376-ae28-ceaa6716f609@ht-foss.net>
Date: Sun, 19 Mar 2017 07:48:23 +0100
User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:45.0) Gecko/20100101
Thunderbird/45.8.0
MIME-Version: 1.0
Content-Type: text/plain; charset=utf-8
Content-Transfer-Encoding: 7bit
X-EsetId: 37303A29335C9C6A627366

DKIM-Production Server (Postfix) TestBody

My experimental builds of hMailserver 32/64-Bit+Unicode
https://github.com/Dravion/hmailserver/releases

HMSInfo 32/64-Bit
https://github.com/Dravion/HMSInfo/releases

User avatar
jimimaseye
Moderator
Moderator
Posts: 6032
Joined: 2011-09-08 17:48

Re: HOW TO: Easy Set Up DKIM signatures on Hmailserver

Postby jimimaseye » 2017-03-19 12:08

Dravion wrote:; <<>> DiG 9.10.4-P2 <<>> incubator.net.projects._domainkey.incubator.net.projects TXT
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 8178
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;incubator.net.projects._domainkey.incubator.net.projects. IN TXT

;; AUTHORITY SECTION:
incubator.net.projects. 86400 IN SOA ns01.incubator.net.projects. hostmaster.incubator.net.projects. 2003080869 28800 7200 2419200 86400

;; Query time: 1 msec
;; SERVER: 194.241.203.104#53(194.241.203.104)
;; WHEN: Sun Mar 19 06:57:41 W. Europe Standard Time 2017
;; MSG SIZE rcvd: 137

So where is the output showing the DKIM record? (It says " ANSWER: 0".) It should show the record :

eg
"v=DKIM1; t=s; k=rsa; p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDUujv4GC5tQ65WcHAdeOY2PdSL7mrRUdvV7r0xWmbltLvVXeSU7WQvIwDhJO8YkJkY1HhVkAeAX6XMhf3UQVvO1Sbq46fyvKgjXXyb+qQ+b622k3ijwhJ7Lj478xk8cXShky3Gs7dopul+IG7ap+OAzdot/rFVIjkzby1osPLLvQIDAQAB"



Did you note the warning in Step 2?
Important Note: if you are using/administering a BIND dns server then the semicolons (';') need to be 'escaped' with a backslash and entered as '\;'
HMS 5.6.6 B2383 on Win Server 2008 R2 Foundation, + 5.6.7-B2415 on test.
SpamassassinForWindows 3.4.0 spamd service
AV: Clamwin + Clamd service + sanesecurity defs : https://www.hmailserver.com/forum/viewtopic.php?f=21&t=26829

User avatar
Dravion
Senior user
Senior user
Posts: 641
Joined: 2015-09-26 11:50
Location: Germany
Contact:

Re: HOW TO: Easy Set Up DKIM signatures on Hmailserver

Postby Dravion » 2017-03-19 12:15

Of cause.

If you use a wrong quotation in bind it simply doesnt load the entire zone file.
The DKIM PublicKey TXT entry can be accessed via DIG and HOST query (see above)
My experimental builds of hMailserver 32/64-Bit+Unicode
https://github.com/Dravion/hmailserver/releases

HMSInfo 32/64-Bit
https://github.com/Dravion/HMSInfo/releases

User avatar
jimimaseye
Moderator
Moderator
Posts: 6032
Joined: 2011-09-08 17:48

Re: HOW TO: Easy Set Up DKIM signatures on Hmailserver

Postby jimimaseye » 2017-03-19 12:27

Dravion wrote:The DKIM PublicKey TXT entry can be accessed via DIG and HOST query (see above)

When I use google's DIG to view my record in shows as:


id 29855
opcode QUERY
rcode NOERROR
flags QR RD RA
;QUESTION
dkim._domainkey.mydomain.co.uk. IN TXT
;ANSWER
dkim._domainkey.mydomain.com. 299 IN TXT "v=DKIM1; t=s; k=rsa; p=PQGMA0GCSqGSIb3DQEBAQUAA4FGHYCBiQKBgQDUujv4GC5tQ65WcHAdeOY2PdSL7mrRUdvV7r0xWmbltLvVXeSU7WQvIwDhJO8YkJkY1HhVkAeAX6XMhf3UQVvO1DFq46fyvKgjXXyb+qQ+b622k3ijwhJ7Lj478xk8cXShky3Gs7dopul+IG7ap+OAzdot/rFVIjkzby1osPLLvQIDAQAB"
;AUTHORITY
;ADDITIONAL



That looks a different output to yours (I cant see your Dkim record output as the answer).
HMS 5.6.6 B2383 on Win Server 2008 R2 Foundation, + 5.6.7-B2415 on test.
SpamassassinForWindows 3.4.0 spamd service
AV: Clamwin + Clamd service + sanesecurity defs : https://www.hmailserver.com/forum/viewtopic.php?f=21&t=26829

stan2020
New user
New user
Posts: 3
Joined: 2017-06-11 19:20

Re: HOW TO: Easy Set Up DKIM signatures on Hmailserver

Postby stan2020 » 2017-06-18 21:52

The tutorial works great, but you have to be careful with copy-and-pasting the public key into the TXT record.

When I pasted my public key from port25.com into a new TXT field, some extra spaces were added in the key. The extra spaces were added where there was a new line in the public key, however there should be no spaces and all of the public key should be on 1 line. I am using Namecheap.

You can test if your DKIM record is set - here: https://mxtoolbox.com/dkim.aspx and here https://www.mail-tester.com


Return to “User-submitted tutorials”



Who is online

Users browsing this forum: No registered users and 0 guests