[vpsFree.cz: community-list] DKIM Postfix
Petr Parolek
petr.parolek at gmail.com
Mon Jan 19 13:12:35 CET 2015
Díky.
jsem zkusil poslat testovací mail na službu
http://www.port25.com/support/authentication-center/email-verification/
a mám u DKIM neutral, proč nemám pass?
Viz příloha.
Díky moc za pomoc
Dne 19. ledna 2015 13:02 Silvestr Hašek <hasek at reklalink.cz> napsal(a):
> jen v rychlosti
>
> mínus: například když domény spravuješ externe (forpsi) tak většinou
> musíš editovat domeny per piece, ale když máš vlastní autoritativní DNS
> kde si edituješ záznamy sám tak není takovej problém napsat skript a
> hromadně změniš IP adresy doménam za 1 sekundu na forpsi aby jsi si na
> to rezervoval celou noc :-D když máš na vpsce 100 domén :-D
>
> plusy: máš o starost míň :-), registrátoři většinou mají sadu
> nameserveru (2 :-D) takze při vypadku jednoho zajistí chod jiný (to může
> být důležitý pokud neodkazuješ jen sám na sebe, třeba když máš emaily na
> jiným stroji a tak,...).
>
>
>
> On Mon, 2015-01-19 at 12:49 +0100, Petr Parolek wrote:
>> co myslíš plusy a mínusy?
>>
>> Jinak díky moc za rady
>>
>> Dne 19. ledna 2015 12:47 Silvestr Hašek <hasek at reklalink.cz> napsal(a):
>> > Na vps-ce není nutné provozovat vlastní dns server tak jak to máš je to
>> > +-OK, jako každé řešení to má své plusy i mínusy :-D
>> >
>> > On Mon, 2015-01-19 at 12:41 +0100, Petr Parolek wrote:
>> >> jo a otázka ještě - nemusím mít vlastní DNS server? Používám DNS od
>> >> vpsfree.cz a záznamy edituju v administraci forpsi.cz
>> >>
>> >> Dne 19. ledna 2015 12:39 Petr Parolek <petr.parolek at gmail.com> napsal(a):
>> >> > jo, přesně to jsem teď udělal, tak uvidím, jak si dns záznamy načtou
>> >> > všechny DNS servery. Snad to bude už ok.
>> >> >
>> >> > Dne 19. ledna 2015 12:35 Silvestr Hašek <hasek at reklalink.cz> napsal(a):
>> >> >> pokud jedeš podle těch navodu tak tam klice generuješ pomocí
>> >> >>
>> >> >> opendkim-genkey -r -h rsa-sha256 -d example.com -s mail
>> >> >>
>> >> >> pokud se vynecha -h rsa-sha256 tak defaultní chování by mělo být takové,
>> >> >> že jsou povoleny všechny typy hashu a melo by to byt vklidu.
>> >> >>
>> >> >> tedy přegenerovat všechny klíče pomocí
>> >> >>
>> >> >> opendkim-genkey -r -d example.com -s mail
>> >> >>
>> >> >> a nezapomenout nové klíče dát do TXT záznamu DNS
>> >> >>
>> >> >>
>> >> >>
>> >> >>
>> >> >>
>> >> >> On Mon, 2015-01-19 at 12:14 +0100, Petr Parolek wrote:
>> >> >>> takže mám použít jiný hashovací algoritmus?
>> >> >>>
>> >> >>> Díky
>> >> >>>
>> >> >>> 2015-01-19 11:42 GMT+01:00 Silvestr Hašek <hasek at reklalink.cz>:
>> >> >>> > mail._domainkey IN TXT "v=DKIM1; h=rsa-sha256; k=rsa;
>> >> >>> > p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCgIGvaN0y+8W
>> >> >>> > +nEk4Yl8I79qKtQVnpcxiU8dR2KJnMyjB96AsC
>> >> >>> > +6xOq6TQy/HJa8D4UYmN0hhkTlRh/kkpYPYPGpvtm8sIXp6ri15b7MmfkF
>> >> >>> > +ObRjpppRCBD4YJrEnhU9FACJpnZJHv/3is5yd3S85We8m2n1K6RajFeDKiRoCJQIDAQAB" ; ----- DKIM key mail for mladeznik.cz
>> >> >>> >
>> >> >>> > tady bude špatně to h=rsa-sha256 to nebude validni hash
>> >> >>> >
>> >> >>> >
>> >> >>> >
>> >> >>> > On Mon, 2015-01-19 at 10:39 +0100, Petr Parolek wrote:
>> >> >>> >> Ahoj,
>> >> >>> >>
>> >> >>> >> nedaří se mi zprovoznit DKIM v Postfixu na Debianu 7.
>> >> >>> >>
>> >> >>> >> Postupoval jsem podle článků:
>> >> >>> >>
>> >> >>> >> https://www.digitalocean.com/community/tutorials/how-to-install-and-configure-dkim-with-postfix-on-debian-wheezy
>> >> >>> >>
>> >> >>> >> http://linuxaria.com/howto/using-opendkim-to-sign-postfix-mails-on-debian
>> >> >>> >>
>> >> >>> >> Když odešlu mail, mám v hlavičce příchozí zprávy:
>> >> >>> >>
>> >> >>> >> Delivered-To: petr.parolek at gmail.com
>> >> >>> >> Received: by 10.153.8.165 with SMTP id dl5csp1014581lad;
>> >> >>> >> Mon, 19 Jan 2015 01:22:16 -0800 (PST)
>> >> >>> >> X-Received: by 10.194.203.199 with SMTP id ks7mr56200772wjc.105.1421659335817;
>> >> >>> >> Mon, 19 Jan 2015 01:22:15 -0800 (PST)
>> >> >>> >> Return-Path: <www-data at srv.parolek.eu>
>> >> >>> >> Received: from srv.parolek.eu (parolek.eu. [77.93.223.248])
>> >> >>> >> by mx.google.com with ESMTP id h8si19914724wiz.91.2015.01.19.01.22.13
>> >> >>> >> for <petr.parolek at gmail.com>;
>> >> >>> >> Mon, 19 Jan 2015 01:22:13 -0800 (PST)
>> >> >>> >> Received-SPF: pass (google.com: domain of www-data at srv.parolek.eu
>> >> >>> >> designates 77.93.223.248 as permitted sender) client-ip=77.93.223.248;
>> >> >>> >> Authentication-Results: mx.google.com;
>> >> >>> >> spf=pass (google.com: domain of www-data at srv.parolek.eu
>> >> >>> >> designates 77.93.223.248 as permitted sender)
>> >> >>> >> smtp.mail=www-data at srv.parolek.eu;
>> >> >>> >> dkim=fail header.i=@mladeznik.cz
>> >> >>> >> Received: by srv.parolek.eu (Postfix, from userid 33)
>> >> >>> >> id 3F074B810; Mon, 19 Jan 2015 10:22:13 +0100 (CET)
>> >> >>> >> DKIM-Signature: v=1; a=rsa-sha256; c=simple/simple; d=mladeznik.cz; s=mail;
>> >> >>> >> t=1421659333; bh=ilJXPAcN5mw7/eNF60asUvkCy5wVnP4QP5uIR722Hmk=;
>> >> >>> >> h=To:Subject:Date:From:From;
>> >> >>> >> b=YywBrTXihZM+UVVtSUs+Q6sDMFIZllhzxjKxh56V9xR8fI6+ofF9r7UmfzggY+Lpu
>> >> >>> >> t2UYNHGigO/fUgKLQMwsg7VFSZ+7LUaKRJEz/lF8q+bl+TwNdgwPqN6f9stYvZTmB2
>> >> >>> >> Ni2hk0LXyMBlwsBaFo4hpaaWaUKgDb35WPLOLEuc=
>> >> >>> >> To: petr.parolek at gmail.com
>> >> >>> >> Subject: =?UTF-8?Q?[Nov=C3=BD_sm=C4=9Br_]_Vytvo=C5=99en=C3=AD_nov=C3=A9ho_hesla?=
>> >> >>> >> X-PHP-Originating-Script: 33:class-phpmailer.php
>> >> >>> >> Date: Mon, 19 Jan 2015 09:22:13 +0000
>> >> >>> >> From: WordPress <wordpress at mladeznik.cz>
>> >> >>> >> Message-ID: <302de60a765973363a7cbe10c86d561e at mladeznik.cz>
>> >> >>> >> X-Priority: 3
>> >> >>> >> X-Mailer: PHPMailer 5.2.7 (https://github.com/PHPMailer/PHPMailer/)
>> >> >>> >> MIME-Version: 1.0
>> >> >>> >> Content-Type: text/plain; charset=UTF-8
>> >> >>> >> Content-Transfer-Encoding: 8bit
>> >> >>> >>
>> >> >>> >> Zkrátka ověření DKIM se nezdařila a nevím proč. Prosím, poraďte mi,
>> >> >>> >> kde mám chybu. v přílohách jsem přiložil konfigurační soubory.
>> >> >>> >>
>> >> >>> >> Díky moc.
>> >> >>> >>
>> >> >>> >>
>> >> >>> >> Petr Parolek
>> >> >>> >> _______________________________________________
>> >> >>> >> Community-list mailing list
>> >> >>> >> Community-list at lists.vpsfree.cz
>> >> >>> >> http://lists.vpsfree.cz/listinfo/community-list
>> >> >>> >
>> >> >>> >
>> >> >>> > _______________________________________________
>> >> >>> > Community-list mailing list
>> >> >>> > Community-list at lists.vpsfree.cz
>> >> >>> > http://lists.vpsfree.cz/listinfo/community-list
>> >> >>> _______________________________________________
>> >> >>> Community-list mailing list
>> >> >>> Community-list at lists.vpsfree.cz
>> >> >>> http://lists.vpsfree.cz/listinfo/community-list
>> >> >>
>> >> >>
>> >> >> _______________________________________________
>> >> >> Community-list mailing list
>> >> >> Community-list at lists.vpsfree.cz
>> >> >> http://lists.vpsfree.cz/listinfo/community-list
>> >> _______________________________________________
>> >> Community-list mailing list
>> >> Community-list at lists.vpsfree.cz
>> >> http://lists.vpsfree.cz/listinfo/community-list
>> >
>> >
>> > _______________________________________________
>> > Community-list mailing list
>> > Community-list at lists.vpsfree.cz
>> > http://lists.vpsfree.cz/listinfo/community-list
>> _______________________________________________
>> Community-list mailing list
>> Community-list at lists.vpsfree.cz
>> http://lists.vpsfree.cz/listinfo/community-list
>
>
> _______________________________________________
> Community-list mailing list
> Community-list at lists.vpsfree.cz
> http://lists.vpsfree.cz/listinfo/community-list
-------------- next part --------------
This message is an automatic response from Port25's authentication verifier
service at verifier.port25.com. The service allows email senders to perform
a simple check of various sender authentication mechanisms. It is provided
free of charge, in the hope that it is useful to the email community. While
it is not officially supported, we welcome any feedback you may have at
<verifier-feedback at port25.com>.
Thank you for using the verifier,
The Port25 Solutions, Inc. team
==========================================================
Summary of Results
==========================================================
SPF check: neutral
DomainKeys check: neutral
DKIM check: neutral
Sender-ID check: softfail
SpamAssassin check: ham
==========================================================
Details:
==========================================================
HELO hostname: srv.parolek.eu
Source IP: 77.93.223.248
mail-from: www-data at srv.parolek.eu
----------------------------------------------------------
SPF check details:
----------------------------------------------------------
Result: neutral (SPF-Result: None)
ID(s) verified: smtp.mailfrom=www-data at srv.parolek.eu
DNS record(s):
srv.parolek.eu. 776 IN CNAME parolek.eu.
----------------------------------------------------------
DomainKeys check details:
----------------------------------------------------------
Result: neutral (message not signed)
ID(s) verified: header.From=petr.parolek at gmail.com
DNS record(s):
----------------------------------------------------------
DKIM check details:
----------------------------------------------------------
Result: neutral (message not signed)
ID(s) verified:
NOTE: DKIM checking has been performed based on the latest DKIM specs
(RFC 4871 or draft-ietf-dkim-base-10) and verification may fail for
older versions. If you are using Port25's PowerMTA, you need to use
version 3.2r11 or later to get a compatible version of DKIM.
----------------------------------------------------------
Sender-ID check details:
----------------------------------------------------------
Result: softfail (SPF-Result: SoftFail)
ID(s) verified: header.From=petr.parolek at gmail.com
DNS record(s):
gmail.com. SPF (no records)
gmail.com. 299 IN TXT "v=spf1 redirect=_spf.google.com"
_spf.google.com. SPF (no records)
_spf.google.com. 299 IN TXT "v=spf1 include:_netblocks.google.com include:_netblocks2.google.com include:_netblocks3.google.com ~all"
_netblocks.google.com. SPF (no records)
_netblocks.google.com. 1252 IN TXT "v=spf1 ip4:64.18.0.0/20 ip4:64.233.160.0/19 ip4:66.102.0.0/20 ip4:66.249.80.0/20 ip4:72.14.192.0/18 ip4:74.125.0.0/16 ip4:173.194.0.0/16 ip4:207.126.144.0/20 ip4:209.85.128.0/17 ip4:216.58.208.0/20 ip4:216.239.32.0/19 ~all"
_netblocks2.google.com. SPF (no records)
_netblocks2.google.com. 2057 IN TXT "v=spf1 ip6:2001:4860:4000::/36 ip6:2404:6800:4000::/36 ip6:2607:f8b0:4000::/36 ip6:2800:3f0:4000::/36 ip6:2a00:1450:4000::/36 ip6:2c0f:fb50:4000::/36 ~all"
_netblocks3.google.com. SPF (no records)
_netblocks3.google.com. 2057 IN TXT "v=spf1 ~all"
----------------------------------------------------------
SpamAssassin check details:
----------------------------------------------------------
SpamAssassin v3.3.2 (2011-06-06)
Result: ham (1.7 points, 5.0 required)
pts rule name description
---- ---------------------- --------------------------------------------------
0.0 FREEMAIL_FROM Sender email is commonly abused enduser mail provider
(petr.parolek[at]gmail.com)
-0.0 SPF_HELO_PASS SPF: HELO matches SPF record
0.0 DKIM_ADSP_CUSTOM_MED No valid author signature, adsp_override is
CUSTOM_MED
-0.0 T_RP_MATCHES_RCVD Envelope sender domain matches handover relay
domain
-0.0 SPF_PASS SPF: sender matches SPF record
0.8 BAYES_50 BODY: Bayes spam probability is 40 to 60%
[score: 0.5001]
0.9 NML_ADSP_CUSTOM_MED ADSP custom_med hit, and not from a mailing list
==========================================================
Explanation of the possible results (from RFC 5451)
==========================================================
SPF and Sender-ID Results
=========================
"none"
No policy records were published at the sender's DNS domain.
"neutral"
The sender's ADMD has asserted that it cannot or does not
want to assert whether or not the sending IP address is authorized
to send mail using the sender's DNS domain.
"pass"
The client is authorized by the sender's ADMD to inject or
relay mail on behalf of the sender's DNS domain.
"policy"
The client is authorized to inject or relay mail on behalf
of the sender's DNS domain according to the authentication
method's algorithm, but local policy dictates that the result is
unacceptable.
"fail"
This client is explicitly not authorized to inject or
relay mail using the sender's DNS domain.
"softfail"
The sender's ADMD believes the client was not authorized
to inject or relay mail using the sender's DNS domain, but is
unwilling to make a strong assertion to that effect.
"temperror"
The message could not be verified due to some error that
is likely transient in nature, such as a temporary inability to
retrieve a policy record from DNS. A later attempt may produce a
final result.
"permerror"
The message could not be verified due to some error that
is unrecoverable, such as a required header field being absent or
a syntax error in a retrieved DNS TXT record. A later attempt is
unlikely to produce a final result.
DKIM and DomainKeys Results
===========================
"none"
The message was not signed.
"pass"
The message was signed, the signature or signatures were
acceptable to the verifier, and the signature(s) passed
verification tests.
"fail"
The message was signed and the signature or signatures were
acceptable to the verifier, but they failed the verification
test(s).
"policy"
The message was signed but the signature or signatures were
not acceptable to the verifier.
"neutral"
The message was signed but the signature or signatures
contained syntax errors or were not otherwise able to be
processed. This result SHOULD also be used for other
failures not covered elsewhere in this list.
"temperror"
The message could not be verified due to some error that
is likely transient in nature, such as a temporary inability
to retrieve a public key. A later attempt may produce a
final result.
"permerror"
The message could not be verified due to some error that
is unrecoverable, such as a required header field being
absent. A later attempt is unlikely to produce a final result.
==========================================================
Original Email
==========================================================
Return-Path: <www-data at srv.parolek.eu>
Received: from srv.parolek.eu (77.93.223.248) by verifier.port25.com id hnjop020i3gn for <check-auth2 at verifier.port25.com>; Mon, 19 Jan 2015 06:59:12 -0500 (envelope-from <www-data at srv.parolek.eu>)
Authentication-Results: verifier.port25.com; spf=neutral (SPF-Result: None) smtp.mailfrom=www-data at srv.parolek.eu
Authentication-Results: verifier.port25.com; domainkeys=neutral (message not signed) header.From=petr.parolek at gmail.com
Authentication-Results: verifier.port25.com; dkim=neutral (message not signed)
Authentication-Results: verifier.port25.com; sender-id=softfail (SPF-Result: SoftFail) header.From=petr.parolek at gmail.com
Received: by srv.parolek.eu (Postfix, from userid 33)
id 8F8C9B9C1; Mon, 19 Jan 2015 12:59:10 +0100 (CET)
To: check-auth2 at verifier.port25.com
Subject: test
X-PHP-Originating-Script: 33:verify-dkim.php
MIME-Version: 1.0
Content-Type: text/plain; charset=utf-8
Content-Transfer-Encoding: 8bit
From: petr.parolek at gmail.com
Message-Id: <20150119115910.8F8C9B9C1 at srv.parolek.eu>
Date: Mon, 19 Jan 2015 12:59:10 +0100 (CET)
test
More information about the Community-list
mailing list