[pfx] Re: dkim is OK for any domain

It appears that Florian Piekert via Postfix-users said: >AFAIK you can't use the "doma.in" DKIM Key for signing "sub.doma.in" eMails. >You need to add a separate key in the DNS file >- which in this case you can't. Sorry, that's just wrong. You can put a DKIM signature with any d= domain on any

[pfx] Re: dkim for domain

Hello, AFAIK you can't use the "doma.in" DKIM Key for signing "sub.doma.in" eMails. You need to add a separate key in the DNS file - which in this case you can't. my current domain (bitfox.ddns.net) can set neither txt records nor cname records. So I can't setup dkim/spf for this domain. So,

[pfx] Re: DKIM policy question

nice to know the info. thanks Viktor. Per the specification, a DKIM signature that fails to match the message content MUST be treated the same as absence of DKIM signatures. Also, absent a DKIM-Signature header, you can't even find the DKIM DNS record, because the selector is unknown. Any ass

[pfx] Re: DKIM policy question

On Tue, Jun 11, 2024 at 10:18:17AM +0800, Jeff Peng via Postfix-users wrote: > spf, dmarc have the policy to reject a message. > My question is, why dkim has no choice for rejecting messages? > for example, if dkim signature failed, where to instruct this message can be > rejected? Per the specif

[pfx] Re: DKIM => Undelivered Mail Returned to Sender

Hi ! with mydomain = hoerst.net myorigin = $mydomain the email sent via mailx has u...@host.domain.tld as sender address again... but this time somehow its DKIM signed at least Ciao Gerd Am 15.01.24 um 17:39 schrieb Wietse Venema via Postfix-users: Viktor Dukhovni via Postfix-users: On M

[pfx] Re: DKIM => Undelivered Mail Returned to Sender

Hi ! Ok i will  try tomorrow Ciao Gerd ___ Postfix-users mailing list -- postfix-users@postfix.org To unsubscribe send an email to postfix-users-le...@postfix.org

[pfx] Re: DKIM => Undelivered Mail Returned to Sender

Viktor Dukhovni via Postfix-users: > On Mon, Jan 15, 2024 at 08:14:13AM +0100, Gerd Hoerst via Postfix-users wrote: > > > I added > > > > masquerade_domains > > = hoerst.net > > > > to main.cf and mail sent via mailx is sent asu...@d

[pfx] Re: DKIM => Undelivered Mail Returned to Sender

On Mon, Jan 15, 2024 at 08:14:13AM +0100, Gerd Hoerst via Postfix-users wrote: > I added > > masquerade_domains > = hoerst.net > > to main.cf and mail sent via mailx is sent asu...@domain.tld and it has also > both DKIM Signatures

[pfx] Re: DKIM => Undelivered Mail Returned to Sender

Hi ! It seems it was the problem.. i added masquerade_domains = hoerst.net to main.cf and mail sent via mailx is sent asu...@domain.tld and it has also both DKIM Signatures inside (ed25519 and sha256 key) So finally it works...

[pfx] Re: DKIM => Undelivered Mail Returned to Sender

On Sun, Jan 14, 2024 at 06:05:20PM +0100, Gerd Hoerst via Postfix-users wrote: > Still no success.. > > non_smtpd_milters is set and mail send via mailx or sendmail is still not > signed.. > > btw: with mailx or sendmail  email will send with u...@host.domain.tld > instead of u...@domain.tld We

[pfx] Re: DKIM => Undelivered Mail Returned to Sender

Gerd Hoerst via Postfix-users skrev den 2024-01-14 18:05: Hi ! Still no success.. sorry then, i just use amavisd :=) but what are logged from opendkim ? grep -r MTA /path/to/logdir/ note is try to help get MTA working ___ Postfix-users mailing li

[pfx] Re: DKIM => Undelivered Mail Returned to Sender

Hi ! Still no success.. non_smtpd_milters is set and mail send via mailx or sendmail is still not signed.. btw: with mailx or sendmail  email will send with u...@host.domain.tld instead of u...@domain.tld Ciao Gerd Am 14.01.2024 um 16:47 schrieb Benny Pedersen via Postfix-users: Gerd Hoe

[pfx] Re: DKIM => Undelivered Mail Returned to Sender

Gerd Hoerst via Postfix-users skrev den 2024-01-14 16:20: Hi ! OK is set now RejectFailures false in /etc/opendmarc.conf and 127.0.0.1 localhost hoerst.net .hoerst.net in /etc/opendkim/trusted.hosts How can i check if its now correct with my setup, that mail which is not coming from smpt o

[pfx] Re: DKIM => Undelivered Mail Returned to Sender

On Sun, Jan 14, 2024 at 04:20:29PM +0100, Gerd Hoerst via Postfix-users wrote: > How can i check if its now correct with my setup, that mail which is not > coming from smpt or esmtp ? Log in to the machine and send an email message (to some address you receive) via sendmail(1) or the mail(1) or m

[pfx] Re: DKIM => Undelivered Mail Returned to Sender

Hi ! OK is set now RejectFailures false in /etc/opendmarc.conf and 127.0.0.1 localhost hoerst.net .hoerst.net in /etc/opendkim/trusted.hosts How can i check if its now correct with my setup, that mail which is not coming from smpt or esmtp ? The serve is setup regulary only to accept emai

[pfx] Re: DKIM => Undelivered Mail Returned to Sender

On Fri, Jan 12, 2024 at 08:07:02PM -0500, Wietse Venema via Postfix-users wrote: > > In my case it is the "daemon_name" macro, and so I have: > > > > $ postconf -Mf cleanup/unix > > cleanupunix n - n - 0 cleanup > > -o milter_macro_daemon_name=OR

[pfx] Re: DKIM => Undelivered Mail Returned to Sender

Viktor Dukhovni via Postfix-users: > On Fri, Jan 12, 2024 at 11:10:52PM +0100, Gerd Hoerst via Postfix-users wrote: > > Hi ! > > > > In my main.cf > > > > non_smtpd_milters = $smtpd_milters > > > > is already configured... > > > > Where else can I check ? > > The milter configuration, and Post

[pfx] Re: DKIM => Undelivered Mail Returned to Sender

On Fri, Jan 12, 2024 at 11:10:52PM +0100, Gerd Hoerst via Postfix-users wrote: > Hi ! > > In my main.cf > > non_smtpd_milters = $smtpd_milters > > is already configured... > > Where else can I check ? The milter configuration, and Postfix cleanup(8) milter macros How does the milter decide w

[pfx] Re: DKIM => Undelivered Mail Returned to Sender

Gerd Hoerst via Postfix-users: > Hi ! > > in my main.cf > > non_smtpd_milters = $smtpd_milters > > is already configured... > > Whereelse can i check ? non_smtpd_milters emulates an SMTP client. It pretends that mail arrives from localhost/127.0.0.1 via ESMTP. Your Milter needs to be willing

[pfx] Re: DKIM => Undelivered Mail Returned to Sender

Hi ! in my main.cf non_smtpd_milters = $smtpd_milters is already configured... Whereelse can i check ? Ciao Gerd Am 12.01.2024 um 22:50 schrieb Viktor Dukhovni via Postfix-users: On Fri, Jan 12, 2024 at 07:43:51PM +0100, Gerd Hoerst via Postfix-users wrote: im using ubuntu 22.04 and i set

[pfx] Re: DKIM => Undelivered Mail Returned to Sender

On Fri, Jan 12, 2024 at 07:43:51PM +0100, Gerd Hoerst via Postfix-users wrote: > im using ubuntu 22.04 and i setup complete feature set  with spf / dkim / > dmarc / dane during the last time i get some emails related to this domain > which i do not understand (if the problem is on my side) The pr

[pfx] Re: dkim and submission and opendkim

Hey, I'm fully aware DMARC does not sign,but thanks for the clarification on if I dont specify smtpd_milters in smtps or submission it's still implied from the main.cf entry, will use the logwhy advice in the morning, thanks heaps On Tue, Oct 24, 2023 at 7:46 PM Matus UHLAR - fantomas via Postfi

[pfx] Re: dkim and submission and opendkim

On 24.10.23 14:35, Nick Edwards via Postfix-users wrote: I need a refresher hand with DKIM, we have in main.cf smtpd_milters = inet:127.0.0.1:8891,inet:127.0.0.1:8892 non_smtpd_milters = $smtpd_milters milter_default_action = accept spfpolicy_time_limit = 3600 milter_protocol = 6 DKIM is 8891,

[pfx] Re: dkim=none

Il 06/09/2023 10:35, Michel Verdier via Postfix-users ha scritto: On 2023-09-06, roughnecks via Postfix-users wrote: Check /etc/opendkim/SigningTable I don't have this file, just /etc/opendkim.conf So you need to put in /etc/opendkim.conf KeyTablerefile:/etc/opendkim/KeyTabl

[pfx] Re: dkim=none

On 2023-09-06, roughnecks via Postfix-users wrote: >> Check /etc/opendkim/SigningTable > > I don't have this file, just /etc/opendkim.conf So you need to put in /etc/opendkim.conf KeyTablerefile:/etc/opendkim/KeyTable SigningTablerefile:/etc/opendkim/SigningTable In /

[pfx] Re: dkim=none

Il 06/09/2023 09:26, postfix--- via Postfix-users ha scritto: Check /etc/opendkim/SigningTable I've added KeyTable, SigningTable and TrustedHosts files and now it looks fixed. Thanks OpenPGP_0x8FBF94AC1E006074.asc Description: OpenPGP public key OpenPGP_signature Description: OpenPGP dig

[pfx] Re: dkim=none

> Assuming you are using opendkim for signing the .eu domain, did you add the .space domain to the dkim config so it knows to sign both domains? Yeah, the config is always been there, since before I had the .eu domain. > Check /etc/opendkim/SigningTable I don't have this file, just /etc/opend

[pfx] Re: dkim=none

Hi Aban, I'm using opendkim, followed the Debian wiki page to generate my keys and set it up. Il 6 settembre 2023 09:21:35 CEST, Aban Dokht via Postfix-users ha scritto: >roughnecks via Postfix-users wrote: > >> I have set up different txt record for dkim for each domain and the problem >> is

[pfx] Re: dkim=none

I have set up different txt record for dkim for each domain and the problem is that when I'm sending mail via the main domain (space), they are not dkim signed.. It either says dkim=none or the dkim header is totally missing. If I send via the aliased domain I have no issues whatsoever. Assu

[pfx] Re: dkim=none

roughnecks via Postfix-users wrote: I have set up different txt record for dkim for each domain and the problem is that when I'm sending mail via the main domain (space), they are not dkim signed.. It either says dkim=none or the dkim header is totally missing. Hello roughnecks, postfix d

[pfx] Re: [ext] Re: DKIM and DMARC

Tom Reed via Postfix-users skrev den 2023-05-17 09:31: On 16.05.23 16:38, Benny Pedersen via Postfix-users wrote: dmarc does not imho use ARC results yet :/ You must configure trusted ARC signers. You can't blindly trust ARC just like you can't blindly trust SPF May I ask what policyd or mi

[pfx] Re: [ext] Re: DKIM and DMARC

Matus UHLAR - fantomas via Postfix-users skrev den 2023-05-17 09:28: On 16.05.23 16:38, Benny Pedersen via Postfix-users wrote: dmarc does not imho use ARC results yet :/ You must configure trusted ARC signers. You can't blindly trust ARC just like you can't blindly trust SPF i recheck my op

[pfx] Re: DKIM and DMARC

On 17/05/2023 08:18, Matus UHLAR - fantomas via Postfix-users wrote: On 16.05.23 22:11, Tom Reed via Postfix-users wrote: For OpenDMARC this setting: SPFSelfValidate true this only causes opendmarc to resolve SPF itself instead of using existing Authentication-Results: header. Actually (from m

[pfx] Re: [ext] Re: DKIM and DMARC

On 16.05.23 16:38, Benny Pedersen via Postfix-users wrote: dmarc does not imho use ARC results yet :/ You must configure trusted ARC signers. You can't blindly trust ARC just like you can't blindly trust SPF On 17.05.23 15:31, Tom Reed via Postfix-users wrote: May I ask what policyd or milt

[pfx] Re: [ext] Re: DKIM and DMARC

> On 16.05.23 16:38, Benny Pedersen via Postfix-users wrote: >>dmarc does not imho use ARC results yet :/ > > You must configure trusted ARC signers. > You can't blindly trust ARC just like you can't blindly trust SPF > May I ask what policyd or milter you use for SPF checks? -- sent from ht

[pfx] Re: [ext] Re: DKIM and DMARC

On 16.05.23 16:38, Benny Pedersen via Postfix-users wrote: dmarc does not imho use ARC results yet :/ You must configure trusted ARC signers. You can't blindly trust ARC just like you can't blindly trust SPF -- Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/ Warning: I wi

[pfx] Re: DKIM and DMARC

> SPF is designed for validating envelope from: and should not be used for > header From: > > Microsoft attempt to create SPF/2 has failed and should not be used > either. > That's OK. thanks for the info. -- sent from https://dkinbox.com/ ___ Post

[pfx] Re: DKIM and DMARC

On 16.05.23 22:11, Tom Reed via Postfix-users wrote: For OpenDMARC this setting: SPFSelfValidate true this only causes opendmarc to resolve SPF itself instead of using existing Authentication-Results: header. Can it handle the case when incoming message has rewritten envelope address by SR

[pfx] Re: DKIM and DMARC

K.I.S.S. Because of forwarding, both SPF or DKIM signatures *could* be broken. This is what DMARC was introduced for. DMARC checks the results of both SPF and DKIM, and as long as one of those two passes then the mail is good so DMARC passes. If both SPF and DKIM fail, then DMARC fails, and *TH

[pfx] Re: DKIM and DMARC

Bill Cole via Postfix-users skrev den 2023-05-16 17:34: I have no idea what the answer to that is, as I don't use OpenDMARC. You may want to figure out where, if anywhere, OpenDMARC support is available. http://www.trusteddomain.org/opendmarc/ ___ Po

[pfx] Re: DKIM and DMARC

On 2023-05-16 at 10:11:39 UTC-0400 (Tue, 16 May 2023 22:11:39 +0800) Tom Reed via Postfix-users is rumored to have said: For OpenDMARC this setting: SPFSelfValidate true Can it handle the case when incoming message has rewritten envelope address by SRS then no SPF found for header From addres

[pfx] Re: [ext] Re: DKIM and DMARC

Ralf Hildebrandt via Postfix-users skrev den 2023-05-16 15:20: * Scott Kitterman via Postfix-users : DKIM has no policy mechanism associated with it, so there's no basis in any standardized mechanism to determine if a DKIM failure should be cause for rejection. I don't think it makes logical

[pfx] Re: DKIM and DMARC

Scott Kitterman via Postfix-users skrev den 2023-05-16 15:04: DMARC does have such a policy component. Rejecting mail which fails DMARC for domains that have a policy of p=reject is common. DMARC does have a high error rate for some types of email, so I would recommend a careful evaluation of

[pfx] Re: DKIM and DMARC

João Silva via Postfix-users skrev den 2023-05-16 14:49: Yes, straight to a Spam folder. a bit silly if its a maillist, if its spam why not unsubscribe ? i loose maybe :/ ___ Postfix-users mailing list -- postfix-users@postfix.org To unsubscribe send

[pfx] Re: DKIM and DMARC

Tom Reed via Postfix-users skrev den 2023-05-16 14:41: so for both DKIM and DMARC failure you send them to spam folder? what dmarc policy ?, none, quarantine, reject ? forget dkim here, its not designed to be a spam scanner ___ Postfix-users mailing

[pfx] Re: DKIM and DMARC

Tom Reed via Postfix-users skrev den 2023-05-16 14:16: Should we reject failed message on DKIM validation stage, or DMARC validation stage, or both? if dkim is based on reject you will ignore dmarc policy, just dont reject is safe :) tip, add ipwhitelist in both so you never ever reject mai

[pfx] Re: DKIM and DMARC

For OpenDMARC this setting: SPFSelfValidate true Can it handle the case when incoming message has rewritten envelope address by SRS then no SPF found for header From address? If opendmarc can implement SPF checks for header From address , That would be much better. Thanks > On 2023-05-16 at

[pfx] Re: DKIM and DMARC

Tom Reed via Postfix-users writes: > Hello list, > > Should we reject failed message on DKIM validation stage, or DMARC > validation stage, or both? I even DKIM-sign the mail one more time. For forwarding to Gmail. See https://gitlab.com/soyeomul/Gnus/-/raw/master/DKIM/setup-policy.lua Sincere

[pfx] Re: DKIM and DMARC

Dnia 16.05.2023 o godz. 20:16:21 Tom Reed via Postfix-users pisze: > > Should we reject failed message on DKIM validation stage, or DMARC > validation stage, or both? There is no rule ststing what you "should" do in these cases. It depends on what you *want* to do, that is - what exact result you

[pfx] Re: [ext] Re: DKIM and DMARC

* Scott Kitterman via Postfix-users : > DKIM has no policy mechanism associated with it, so there's no basis in any > standardized mechanism to determine if a DKIM failure should be cause for > rejection. I don't think it makes logical sense to treat a message with a > DKIM signature that fail

[pfx] Re: DKIM and DMARC

On 2023-05-16 at 08:16:21 UTC-0400 (Tue, 16 May 2023 20:16:21 +0800) Tom Reed via Postfix-users is rumored to have said: Hello list, Should we reject failed message on DKIM validation stage, or DMARC validation stage, or both? Generally, neither. IF (and ONLY IF) the "From: " header address

[pfx] Re: DKIM and DMARC

On May 16, 2023 12:16:21 PM UTC, Tom Reed via Postfix-users wrote: >Hello list, > >Should we reject failed message on DKIM validation stage, or DMARC >validation stage, or both? No and it depends. DKIM has no policy mechanism associated with it, so there's no basis in any standardized mecha

[pfx] Re: DKIM and DMARC

Yes, straight to a Spam folder. On 16/05/2023 13:41, Tom Reed via Postfix-users wrote: On 16/05/2023 13:16, Tom Reed via Postfix-users wrote: Hello list, Should we reject failed message on DKIM validation stage, or DMARC validation stage, or both? Just my opinion... I see lots (and I mean

[pfx] Re: DKIM and DMARC

> > On 16/05/2023 13:16, Tom Reed via Postfix-users wrote: >> Hello list, >> >> Should we reject failed message on DKIM validation stage, or DMARC >> validation stage, or both? > > Just my opinion... > > I see lots (and I mean lots) of DKIM failures due to mails sent to > mailing lists that have

[pfx] Re: DKIM and DMARC

On 16/05/2023 13:16, Tom Reed via Postfix-users wrote: Hello list, Should we reject failed message on DKIM validation stage, or DMARC validation stage, or both? Just my opinion... I see lots (and I mean lots) of DKIM failures due to mails sent to mailing lists that have clueless administra

[pfx] Re: DKIM questions

On Tuesday, April 25, 2023 2:12:23 PM EDT Ken Peng via Postfix-users wrote: > Hello > > Can the domain certificates sign its sub domain? > For example, mail.a.com was signed by certs of a.com. > If so, does this make sense to DMRC of mail.a.com? Yes. If I understand the second question correctly

Re: DKIM not signing in plesk server with postfix

Can you post the relevant bits of the postfix and opendkim configs (omit the actual key data, of course). Anything in the logfiles? -Dan > On Dec 25, 2022, at 15:18, Water Around wrote: > > > > Hi, thanks for the response... > I have exhausted my attempts with plesk docs, and plesk support

Re: DKIM not signing in plesk server with postfix

On 19.12.22 03:58, Water Around wrote: I am a novice linux user who has a plesk server, with postfix, that has never signed a DKIM signature to my outgoing mail. Everything is enabled for the domain, yet still no signing. I have tried resetting everything, restarting, and rebooting. I have chec

Re: DKIM not signing in plesk server with postfix

On Mon, Dec 19, 2022 at 03:58:36AM +, Water Around wrote: > I am a novice linux user who has a plesk server, with postfix, that > has never signed a DKIM signature to my outgoing mail. Everything is > enabled for the domain, yet still no signing. I have tried resetting > everything, restarting

Re: DKIM signing after virtual_alias_maps

On Sat, Dec 17, 2022 at 11:32:18PM +0100, Michael Ströder wrote: > I've added DKIM signing with this config snippet: DKIM signs the message headers and body. > But I also have simple mail group expansion with virtual alias maps: The virtual(5) table rewrites only the message envelope. --

Re: dkim signing outbound MAILER-DAEMON messages - is it worth it?

On 09/05/2022 12:48, Matt Kinni wrote: I have opendkim configured via 'smtpd_milters' to sign all outbound mail, and my domain publishes a "quarantine" dmarc record to enforce the consequences of this. I recently discovered that MAILER-DAEMON messages generated by postfix itself bypass this s

Re: dkim signing outbound MAILER-DAEMON messages - is it worth it?

On Mon, May 09, 2022 at 03:03:42PM -0400, Wietse Venema wrote: > > - I don't quickly have an example of bad things that can happen > > with Milter inspection of Postfix-generated mail. That doesn't mean > > that such bad things don't exist. > > So, with that caveat you can turn on DKIMM signing o

Re: dkim signing outbound MAILER-DAEMON messages - is it worth it?

Wietse Venema: > Matt Kinni: > > I have opendkim configured via 'smtpd_milters' to sign all outbound > > mail, and my domain publishes a "quarantine" dmarc record to enforce the > > consequences of this. > > > > I recently discovered that MAILER-DAEMON messages generated by postfix > > itself b

Re: dkim signing outbound MAILER-DAEMON messages - is it worth it?

On 09/05/2022 12:48, Matt Kinni wrote: I have opendkim configured via 'smtpd_milters' to sign all outbound mail, and my domain publishes a "quarantine" dmarc record to enforce the consequences of this. I recently discovered that MAILER-DAEMON messages generated by postfix itself bypass this s

Re: dkim signing outbound MAILER-DAEMON messages - is it worth it?

Matt Kinni: > I have opendkim configured via 'smtpd_milters' to sign all outbound > mail, and my domain publishes a "quarantine" dmarc record to enforce the > consequences of this. > > I recently discovered that MAILER-DAEMON messages generated by postfix > itself bypass this setup and do /not/

Re: dkim signing outbound MAILER-DAEMON messages - is it worth it?

Hellow Matt, Matt Kinni writes: > I have opendkim configured via 'smtpd_milters' to sign all outbound > mail, and my domain publishes a "quarantine" dmarc record to enforce > the consequences of this. > > I recently discovered that MAILER-DAEMON messages generated by postfix > itself bypass this

Re: dkim setup with letsencrypt

On Fri, Apr 22, 2022 at 06:33:42PM -0400, Wietse Venema wrote: > (alice): > > I have made ssl with letsencrypt done :) I found either startssl or TLS > > works. so may i ask is there a guide for adding DKIM to the outgoing > > messages with the same letsencrypt certs? > > TLS is not DKIM. TLS is

Re: dkim setup with letsencrypt

(alice): > I have made ssl with letsencrypt done :) I found either startssl or TLS > works. so may i ask is there a guide for adding DKIM to the outgoing > messages with the same letsencrypt certs? TLS is not DKIM. TLS is for hop-by-hop channel security and DKIM for end-to-end message authentici

Re: dkim setup with letsencrypt

* ミユナ (alice): > is there a guide for adding DKIM to the outgoing messages with the > same letsencrypt certs? I suggest feeding your favourite search engine with "postfix dkim". -Ralph

Re: DKIM signature duplicated in headers

Dnia 14.04.2022 o godz. 23:21:18 DL Neil pisze: > Have a multi-domain Postfix+Dovecot+MySQL+SpamAssassin working nicely. > Added OpenDKIM and it works, passing some 'tests', but not others. I > notice that outgoing mail appears to be signed twice. Is this correct? How do you run SpamAssassin? As a

Re: DKIM signature duplicated in headers

Mail is signed twice because Postfix receives it twice. I suggest that you correlate the Received: headers with the DKIM signatures, and decide where to enable DKIM signing. It may be easier to configure this per-service in master.cf than globally in main.cf. Wietse

Re: DKIM signed by other domains breaks DMARC?

On 17/10/21 11:48 pm, Wes Peng wrote: I am a little confused about this scene, the email sent from my domain is signed by Yahoo,  thus it has a valid DKIM. But my domain itself has no DKIM setup, the message was signed by Yahoo not by my domain. Will this DKIM setting make DMARC broken? I saw

Re: DKIM signed by other domains breaks DMARC?

On 17.10.21 18:48, Wes Peng wrote: I am a little confused about this scene, the email sent from my domain is signed by Yahoo, thus it has a valid DKIM. But my domain itself has no DKIM setup, the message was signed by Yahoo not by my domain. Will this DKIM setting make DMARC broken? if you set

Re: dkim=pass but unprotected

It's not dnssec signed. -Dan Mahoney > On May 17, 2021, at 6:14 PM, post...@ptld.com wrote: > > I noticed in the headers it shows: > > dkim=pass (2048-bit key; unprotected) > > What does the unprotected part refer to? > Anything to worry about? Something i need to setup or configure? > I googl

Re: DKIM signature only for a certain login - sender domain combination

On 19 Nov 2020, at 5:44, mfgc...@web.de wrote: Hi, Is there a possibility to provide outgoing mails with a DKIM signature only for a certain login - sender domain combination? The background to this is: With the sender_maps it is possible to allow different senders for a login. The mail may only

Re: DKIM signature only for a certain login - sender domain combination

Am 19.11.2020 um 15:44 schrieb Bill Cole: On 19 Nov 2020, at 5:44, mfgc...@web.de wrote: Hi, Is there a possibility to provide outgoing mails with a DKIM signature only for a certain login - sender domain combination? The background to this is: With the sender_maps it is possible to allow diffe

Re: DKIM signature only for a certain login - sender domain combination

On 19 Nov 2020, at 5:44, mfgc...@web.de wrote: Hi, Is there a possibility to provide outgoing mails with a DKIM signature only for a certain login - sender domain combination? The background to this is: With the sender_maps it is possible to allow different senders for a login. The mail may only

Re: dkim updating keys

* Lefteris Tsintjelis: > There is nothing to disappear from cache for the new key. Lefteris, I am fully aware. As I wrote, I don't trust every caching resolver out there to do the right thing (meaning to query for new information while older data is still in the cache). It should happen, but I ra

Re: dkim updating keys

On 23/6/2019 23:25, Ralph Seichter wrote: * Lefteris Tsintjelis: In case DNS does not use notify then yes you should wait for the zone refresh time in SOA (not TTL) for all slaves to sync. I recommended the zone's TTL because it is the upper limit for all cached data to disappear There is n

Re: dkim updating keys

* Lefteris Tsintjelis: > In case DNS does not use notify then yes you should wait for the zone > refresh time in SOA (not TTL) for all slaves to sync. I recommended the zone's TTL because it is the upper limit for all cached data to disappear, but yes, data newly added to the zone should usually

Re: dkim updating keys

On 23/6/2019 16:20, Ralph Seichter wrote: * Esteban L.: Trying to figure this out with as little disruption as possible. I sugest you do the following, in order: * Generate new key. * Add new key's data, using a new DKIM selector, to your DNS. * Wait for your domain zone's DNS TTL to expir

Re: dkim updating keys

Thanks Ralph. That was the step-by-step guide I was looking for. The simplest things are always the hardest to find information for. Esteban -- https://little-beak.com "Doing what we can." -Original Message- From: Ralph Seichter To: postfix-users@postfix.org Subject: Re: dki

Re: dkim updating keys

* Esteban L.: > Trying to figure this out with as little disruption as possible. I sugest you do the following, in order: * Generate new key. * Add new key's data, using a new DKIM selector, to your DNS. * Wait for your domain zone's DNS TTL to expire (typically 1-2 days). * Switch to signing

Re: DKIM doubled, which one to remove?

On Fri, May 24, 2019 9:31 pm, Matus UHLAR - fantomas wrote: >> which one should be bypassed, and, how to do so ? > > very hard to say withoutmore info. What do milters on ports 8891 and 8893 > do? OpenDKIM and OpenDMARC I was just installing DKIM followed by DMARC using Steve Jenkins howto htt

Re: DKIM doubled, which one to remove?

On 24.05.19 21:19, li...@sbt.net.au wrote: following earlier advice here, I've finally tried to set DKIM I think I'm getting there, but I've noticed it's doubling up[1], with amavis which one should be bypassed, and, how to do so ? very hard to say withoutmore info. What do milters on ports 8

Re: DKIM milter: adding a TXT record

On Fri, 17 May 2019 16:37:26 +0200 Christian Rößner wrote: > a little bit hard to figure out your problem. I only can guess. I was using 'dig txt chez-vrolet.net' and not turning up the correct TXT records, and should have used 'dig txt 201905._domainkey.chez-vrolet.net' instead. Oops. =D -De

Re: DKIM milter: adding a TXT record

Hi, > Am 17.05.2019 um 07:28 schrieb Dennis Carr : > > Hey, guys. Might be a little bit off topic, but I'll throw it out > there. > > I'm working to implent DKIM and DMARC at this time (DMARC is next), and > I've got DKIM just about down except for one thing: the TXT record. > Bind doesn't seem

(Disregard) Re: DKIM milter: adding a TXT record

On Thu, 16 May 2019 22:28:59 -0700 Dennis Carr wrote: > I'm working to implent DKIM and DMARC at this time (DMARC is next), > and I've got DKIM just about down except for one thing: the TXT > record. ...and wouldn't you know it, it's because I was digging the wrong domain name. Never mind. -D

Re: DKIM setup writeup for multi domain?

> I found my notes. This is for RHEL: thanks for all the replies, all very helpful, half way there V

Re: DKIM setup writeup for multi domain?

s.uconn.edu/dkim-review-of-all-aspects/ -ANGELO FAZZINA ang...@uconn.edu University of Connecticut, ITS, SSG, Server Systems 860-486-9075 -Original Message- From: owner-postfix-us...@postfix.org On Behalf Of Michael Sent: Tuesday, March 12, 2019 2:48 PM To: postfix-users@postfix.org S

Re: DKIM setup writeup for multi domain?

@uconn.edu University of Connecticut,  ITS, SSG, Server Systems 860-486-9075 -Original Message- From: owner-postfix-us...@postfix.org On Behalf Of Michael Sent: Tuesday, March 12, 2019 2:48 PM To: postfix-users@postfix.org Subject: {SPAM?} Re: DKIM setup writeup for multi domain? I think t

Re: DKIM setup writeup for multi domain?

I think this is the one I used. Works great. https://www.stevejenkins.com/blog/2011/08/installing-opendkim-rpm-via-yum-with-postfix-or-sendmail-for-rhel-centos-fedora/ On 2019-03-12 7:31 am, li...@sbt.net.au wrote: I;m looking at adding DKIM to my Postfix is there some up to date DKIM setup

Re: DKIM setup writeup for multi domain?

> is there some up to date DKIM setup write up for multi domain Postfix > setup ? Amavisd and OpenDKIM each support multiple domains. Since Postfix does not handle DKIM signatures, you need to look into external tools. -Ralph

Re: DKIM setup writeup for multi domain?

Greetings, li...@sbt.net.au! > I;m looking at adding DKIM to my Postfix > is there some up to date DKIM setup write up for multi domain Postfix > setup ? Since postfix itself does not perform DKIM signing or validation, the postfix setup is no different, no matter, how many domains you are using

Re: DKIM for locally generated mails - how best to approach?

Greetings, Viktor Dukhovni! >> There is no need to sign bounces for email that you don't receive >> but what about non-delivery notifications for mail that is accepted >> and then later found to be undeliverable? > In my multi-instance configurations, delivery failure to internal > recipients doe

Re: DKIM for locally generated mails - how best to approach?

> On Feb 18, 2019, at 2:51 PM, Wietse Venema wrote: > > There is no need to sign bounces for email that you don't receive > but what about non-delivery notifications for mail that is accepted > and then later found to be undeliverable? In my multi-instance configurations, delivery failure to int

Re: DKIM for locally generated mails - how best to approach?

Viktor Dukhovni: > On Mon, Feb 18, 2019 at 09:07:36PM +0300, Andrey Repin wrote: > > > > Maybe that should have finer granularity: it may be OK to inspect > > > bounces with Milters, but it may not be OK with header/body_checks. > > > > Yes, I see how this can be a problem. > > Is there a way aro

Re: DKIM for locally generated mails - how best to approach?

On Mon, Feb 18, 2019 at 09:07:36PM +0300, Andrey Repin wrote: > > Maybe that should have finer granularity: it may be OK to inspect > > bounces with Milters, but it may not be OK with header/body_checks. > > Yes, I see how this can be a problem. > Is there a way around it? How are the bounces/not

Re: DKIM for locally generated mails - how best to approach?

Greetings, Wietse Venema! > Andrey Repin: >> Greetings, All! >> >> I just discovered that mail generated locally (i.e. introduced by pickup >> daemon) is not signed. >> >> Digging in documentation, I've found >> http://www.postfix.org/postconf.5.html#non_smtpd_milters > That's what I use for s

Re: DKIM for locally generated mails - how best to approach?

Andrey Repin: > Greetings, All! > > I just discovered that mail generated locally (i.e. introduced by pickup > daemon) is not signed. > > Digging in documentation, I've found > http://www.postfix.org/postconf.5.html#non_smtpd_milters That's what I use for signing this local submission. > And t

  1   2   3   >