DKIM

Juliano Silva

Well-Known Member
Oct 15, 2017
186
3
58
39
Hello

After several testing DKIM 26 port not working how to solve this problem?

Gmail, I asked DKIM settings
 
Maybe this:

DKIM keys works are like this: You create a public key and a private key. The public key is published on your DNS records as a TXT record, on the other side your emails are signed with your private key, when you send an email the recipient server check your DNS record for the public key for example "default._domainkey" and it verifies the DKIM. There is nothing related with connecting directly to the server. (source: https://serverfault.com/questions/594517/dkim-do-i-need-to-allow-port-8891-on-my-firewall )


or this:
https://forum.proxmox.com/threads/proxmox-dkim.41150/
 
Yes, I see that PMG does not support DKIM I'm going to cancel port 26, I'm having a lot of problems with gmail over DKIM
 
Hello

PMG /etc/postfix/main.cf does not accept custom settings? I'm having problems whenever I restart postfix by losing customization

/etc/postfix/main.cf

milter_protocol = 2
milter_default_action = accept
smtpd_milters = inet:localhost.:8891
non_smtpd_milters = inet:localhotst:8891
 
Hello

PMG /etc/postfix/main.cf does not accept custom settings? I'm having problems whenever I restart postfix by losing customization

/etc/postfix/main.cf

milter_protocol = 2
milter_default_action = accept
smtpd_milters = inet:localhost.:8891
non_smtpd_milters = inet:localhotst:8891

Read our documentation on chapter:

"4.3 Service Configuration Templates"
 
Hello

PMG /etc/postfix/main.cf does not accept custom settings? I'm having problems whenever I restart postfix by losing customization

/etc/postfix/main.cf

milter_protocol = 2
milter_default_action = accept
smtpd_milters = inet:localhost.:8891
non_smtpd_milters = inet:localhotst:8891

use milter protocol 6 / put the smtpd_milter in master.conf / use local socket (see also /etc/default/opendkim)
main.cf template:
miler_default_action = accept
milter_protocol = 6
smtpd_milters =
non_smtp_milters = local:/var/run/opendkim/opendkim.sock


master.cf template:
127.0.0.1:10025 . . .
. . .
-o smtpd_milters=local:/var/run/opendkim/opendkim.sock


opendkim.conf:
Code:
Syslog               yes
#SyslogSuccess       yes
#LogWhy              yes
UMask                002
SigningTable         refile:/etc/opendkim/signing.table
KeyTable             /etc/opendkim/key.table
SignatureAlgorithm   rsa-sha256
Canonicalization     relaxed/simple
Mode                 s
AutoRestart          yes
AutoRestartRate      10/1h
Socket               local:/var/run/opendkim/opendkim.sock
PidFile              /var/run/opendkim/opendkim.pid
OversignHeaders      From
TrustAnchorFile      /usr/share/dns/root.key
UserID               opendkim:opendkim


signing.table
*@domain1.com key1
*@domain2.com key2
*@pmg.domain2.com key2


key.table (e.g. selector 201802)
key1 domain1.com:201802:/etc/dkimkeys/201802.domain1.com.private
key2 domain2.com:201802:/etc/dkimkeys/201802.domain2.com.private


Keys generation:
cd /etc/dkimkeys
opendkim-genkey -s 201802 -b 2048 -h sha256 -d domain1.com
mv 201802.private 201802.domain1.com.private
mv 201802.txt 201802.domain1.com.txt


/etc/dkimkeys
Code:
chown -R opendkim:opendkim /etc/dkimkeys/

*** InternalHosts is always 127.0.0.1 ***
*** trys to sign every email (outgoing/incoming emails are both injected to 10025 / lookup for (incoming and) outgoing is done via signing table ***
*** does not work for emails that were sent to external mailbox AND when you get them from that mailbox via fetchmail ***
 
Last edited:
use milter protocol 6 / put the smtpd_milter in master.conf / use local socket (see also /etc/default/opendkim)
main.cf template:
miler_default_action = accept
milter_protocol = 6
smtpd_milters =
non_smtp_milters = local:/var/run/opendkim/opendkim.sock


master.cf template:
127.0.0.1:10025 . . .
. . .
-o smtpd_milters=local:/var/run/opendkim/opendkim.sock


opendkim.conf:
Code:
Syslog               yes
#SyslogSuccess       yes
#LogWhy              yes
UMask                002
SigningTable         refile:/etc/opendkim/signing.table
KeyTable             /etc/opendkim/key.table
SignatureAlgorithm   rsa-sha256
Canonicalization     relaxed/simple
Mode                 s
AutoRestart          yes
AutoRestartRate      10/1h
Socket               local:/var/run/opendkim/opendkim.sock
PidFile              /var/run/opendkim/opendkim.pid
OversignHeaders      From
TrustAnchorFile      /usr/share/dns/root.key
UserID               opendkim:opendkim


signing.table
*@domain1.com key1
*@domain2.com key2
*@pmg.domain2.com key2


key.table (e.g. selector 201802)
key1 domain1.com:201802:/etc/dkimkeys/201802.domain1.com.private
key2 domain2.com:201802:/etc/dkimkeys/201802.domain2.com.private


Keys generation:
cd /etc/dkimkeys
opendkim-genkey -s 201802 -b 2048 -h sha256 -d domain1.com
mv 201802.private 201802.domain1.com.private
mv 201802.txt 201802.domain1.com.txt


/etc/dkimkeys
Code:
chown -R opendkim:opendkim /etc/dkimkeys/

*** InternalHosts is always 127.0.0.1 ***
*** trys to sign every email (outgoing/incoming emails are both injected to 10025 / lookup for (incoming and) outgoing is done via signing table ***
*** does not work for emails that were sent to external mailbox AND when you get them from that mailbox via fetchmail ***

Hi

How to create this main.cf template?


root@security:/etc/postfix# ls
clientaccess main.cf.proto postfix-files.d rcptaccess.db
clientaccess.db main.cf.save postfix-script sasl
dkim makedefs.out post-install senderaccess
dynamicmaps.cf master.cf postscreen_access senderaccess.db
dynamicmaps.cf.d master.cf.proto postscreen_access.db
main.cf postfix-files rcptaccess
 
How to create this main.cf template?
RTFM:
You can find the default templates in /var/lib/pmg/templates/.
Copy the templates you need to /etc/pmg/templates/, then apply your changes there.
After that run:
# pmgconfig sync --restart 1

=> see 4.3. Service Configuration Templates
 

About

The Proxmox community has been around for many years and offers help and support for Proxmox VE, Proxmox Backup Server, and Proxmox Mail Gateway.
We think our community is one of the best thanks to people like you!

Get your subscription!

The Proxmox team works very hard to make sure you are running the best software and getting stable updates and security enhancements, as well as quick enterprise support. Tens of thousands of happy customers have a Proxmox subscription. Get yours easily in our online shop.

Buy now!