Implement DKIM

Received: from mail.technetinternetsolutions.ro (188-27-126-200.rdsnet.ro [188.27.126.200])
	by relay-4.us-west-2.relay-prod (Postfix) with ESMTPS id 343A326C29
	for <5yquXn2ZUHkz7Z@dkimvalidator.com>; Thu, 27 Dec 2018 14:11:26 +0000 (UTC)
DKIM-Signature: a=rsa-sha1; c=relaxed;
	d=technetinternetsolutions.ro; s=default; t=1545919884;
	x=1546783884; h=Received:From; b=XjznhLaGr2WmUnr7FGJ+n4eio8DB5WL
	+WpiPAJ+uYzb8Psxe49Yzfwl8W+ENMww85TO2ESXg6GS5+I5tG3zdiwOvMK3H3Hp
	fPKb0lN2H9iUVt2vGi6/bk7l3xwz07jR7O28KXFIfFDp95kZOM4bzbhPosKx4PlZ
	Rro8CZewzr6M=
DKIM-Signature: v=1; a=rsa-sha1; c=relaxed;
	d=technetinternetsolutions.ro; s=default; t=1545919884;
	x=1546783884; h=Received:From; bh=uoq1oCgLlTqpdDX/iUbLy7J1Wic=;
	b=n+P/V94/iCOVo2lBjpFzYquNvRKXxl3FnLTuo+cnnwnlY4rsa+5kbteo4wWVlU
	lEQpCQt2LQvsfaQH4uhYGjNFydJS2exxZCXU30yJMxkjMw0nQyuOn9tobpWD5F5v
	RTCKZla3bp/Md3F84Z00TI7BzbqnFdYXTz722L6A0Xv5o=
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed;
	d=technetinternetsolutions.ro; s=default; t=1545919884;
	x=1546783884; h=Received:From; bh=frcCV1k9oG9oKj3dpUqdJg1PxRT2RS
	N/XKdLCPjaYaY=; b=PUe2LiH5TAXj0o5+NnV3jwdnPrKNWJ5Xq5RnP5EL5uS+Wp
	uw2Yrvt0FmerqFkwjRXH+4wBNyLp1cSgz4YyVMBJywYWdxRgrbZr9cIPek3uVJ/e
	2aAdURAqsghyuRevHSuqFxrsPgZKxBf7JXDSWqcxsXWi3YUJZoLhEYHKS8nmU=
Received: (qmail 28987 invoked by uid 33); 27 Dec 2018 16:11:23 +0200

The error above is what im getting, i just do not get any dkim hashes out, and im at the end of my knowledge. Anybody seen this before ? Cheers guys.

I wish it was that simple, im afraid the below tutorial on how to install dkim failed me, im not english native speaker so i must have missed something somewhere, the idea is it doesnt work for me, i get qmail-remote unable to run... does anybody have somewhere an idiots guide on how to install this ?

If you get an error when validating the DKIM or SPF implementation, just test with another tool, a good one is EmailTooler.com.

I use this one:
https://www.emailtooler.com/authentication-validator/

Im afraid for me the tutorial below failed, either im not doing something right, or it doesnt work...

@Phyllis smith

Thank You!

Now outgoings mails ares signed..

OK - I got this.  I merged the qmail instruction with http://www.brandonturner.net/blog/2009/03/dkim-and-domainkeys-for-qmail/ as follows:

1. Install libdomainkeys as indicated (the source was already downloaded)

2. Install ibdkim as indicated in my previous response (like in this blog, but I updated to .21)

3. qmailctl stop.  Then patch and install qmail according to the blog.  I did use the 7.10 patch that thibs included, rather than the 7.08.

4. Used the keys I generated in the qmailrocks instructions.  DO NOT change owners/permissions as suggested in the blog.

5. Added teh dksign control file.

6. qmailctl start.

Yeah! my e-mail now passes dkim.

Hi!

I was able to make everything work using this How-To, but the hashes were always reported to be wrong. After few hours I discovered I have to add one line to qmail-remote DKIM wrapper script.

DKIM standard expects hashes to be calculated from message having crlf line ends. Linux by default have only lf, so I had to add command `unix2dos "$inmsg" 2> /dev/null` right before call to libdkimtest binary and hashes started to be correct.

Thanks for this How-To!

Hello,

I have to make a brandnew install in February 2013. I'll retry it from the beginning to check if thoes explanations are still valid. I'll keep you informed

Hi Thibs,

I also have installed without any error but my mail are not signed. Any help is welcome.

Best regards,

Yalcin

I installed everything without errors and created the domainkeys, but the emails are not signet. Any ideas?

bardenhagen.com seems to be hardcoded into the libdkimtest binary (http://libdkim.sourcearchive.com/documentation/1:1.0.21-1/libdkimtest_8cpp-source.html) but if you revert to libdkim version 1.0.17 and use the patch provided here (http://www.backschues.net/backschues.net/know-how/qmail/dkim.htm) you can get your domain and selector to show up in the DKIM-Signature. I didn't get a chance due to time constraints but has anybody tried running the patch against the most recent version of libdkim?

After setting this up, I used http://www.allaboutspam.com/email-server-test/ as a test and the response for DKIM states "Email contains valid DKIM/Domain Keys Signature, but published Domain Keys policy does not specify whether to accept or reject such Emails. Please modify your Domain Keys policy to accept properly signed emails." Is that referring to DNS DKIM Policy Record, separate from the DNS DKIM Public Key Record (http://forum.unifiedemail.net/default.aspx?g=posts&t=51)?

Hello Georgi,

I really wanted to thank you for your site http://www.pc-freak.net/blog/

It's really useful and I've found a lot of tips !

I'll read http://www.pc-freak.net/blog/how-to-enable-domain-keys-dkim-in-qmail-toaster-based-mail-server-install-on-debian-linux/ and adapt this page with your tips !

Friendly Regards!

Heya Thibs,

Some time ago, I've written a step by step tutorial explaining very widely the possible problems and solutions whether domainkeys needs to be implemented. Some of the readers might want to take a look.

http://www.pc-freak.net/blog/how-to-enable-domain-keys-dkim-in-qmail-toaster-based-mail-server-install-on-debian-linux/

You've done great job with this site!

I really enjoy and consult for so many things related to qmail.

Keep the good work up! ;)

Best,

Georgi

I used Fred's way and got it to work.  Thanks Fred.

When I implemented this, it has references to bardenhagen.com (which is not my domain) and I dont understand why it is in my DKIM-Signature.

DKIM-Signature:         a=rsa-sha1; c=relaxed; d=bardenhagen.com; s=MDaemon; l=2; t=1299877577; x=1300741577; h=Received:From; b=p bmGCt8boZlqmkLDpBovDtS/tc5qI/783O6kTd0C8oHohT6vOEX0pJ0wgRDTTafrG RzYcIxwaOWQ0pA4LZ18wEyvki0qR1CobzBLBb17Ynovoh6fxD5KWxmzDcDe4DTst KtYOmX97UElAKAVK9MwSiYDiSuwCQZhXalErmkYKHU=

There is another alternative described on http://manuel.mausz.at/coding/qmail-dkim/