Es ist eine neue Version des DKIM-Patch für ISPConfig verfügbar.
Mit dieser Version verfügt ISPConfig über einen kompletten DMARC-Support.
Die für DMARC erforderlichen DNS-Records (DKIM, SPF und DMARC) können bequem über einen Wizard angelegt werden.
Bei Änderungen an der DKIM-Signierung werden die Records entsprechend angepasst und der die Policy des DMARC-Records wird auf ‘none’ (Report) gesetzt, sollte die Signierung deaktiviert werden.
Download: DKIM-Patch
Changes to 1.1.3:
add support for DMARC-Records
add support for SPF-Records
increased default dkim-strength from 1024 bits to 2048 bits
one more question. sorry if this sounds stupid.
Doesn this sign emails with DomainKeys?
I mean, when i sent mail to yahoo, in headers it shows DKIM verified, but neutral and no signature for domain keys
Your mails will be signed with DKIM. You can also setup a domainkey-policy-record manually. But RFC 4871 (DKIM) superseded RFC 4870 (DomainKeys). AFAIK only yahoo checks for the policy-record for DomainKeys. If you would like to create a Domain Key Policy-Record, have a look at Henry´s Page. This is just a short TXT-Record like the SPF-Record (_domainkey.example.com o=OPTION).
one more error. you restrict spf to spf button right ?
but if we click spf button, only the spf of main domain can be added.
What happens to subdomains mapped to same zone?
With the SPF-Button you edit the dns-zone for the domain. This dns-zone could examplec.com or sub.example.com. If you really use subdomains for sending emails, you can create an according dns-zone (sub.example.com) and setup a spf-record (maybe you won´t use A and MX – otherwise you must define A and MX-Records for sub.example.com – and use include example.com).
http://www.openspf.org/FAQ/The_demon_question
I installed your DKIM patch today. There is a bug in SPF part
Your spf doesnt allow adding the googles spf which starts with a _ it says invalid
_spf.google.com
Thanks. It´s now fixed in the devel-branch: https://git.schaal-24.de/ispconfig/dkim/commit/adec968818b35d47fc0053558ecf42f19319637a
Opendmarc it is. For spf I will use cluebringer because of additional options like graylisting and quota(how many mails can sender send inside some timeframe). Tnx for info 🙂
Hello,
what is checking SPF record when email arrives? Also what is checking DMARC record when email arrives?
Must I install opendmarc for dmarc cheking and cluebringer or similar for spf check?
Until now there is no checking for spf and dmarc. I discussed this a while ago with Till and we decided, to first integrate dmarc in ispconfig. I think, validating SPF and DMARC will bei implemented later (maybe in 3.1 – but i´m not sure if this would really happen in such a short time because ispconfig supports several os and this leads to a lot of testing). For validating SPF with postfix, have a look at my other post. For checking DMARC i recommend to use opendmarc. See here.