DKIM-Patch 1.1.4 9


A new version of the DKIM-Patch for ISPConfig is available now.

With this version ISPConfig features a complete DMARC support.
The required DNS Records for DMARC (DKIM, SPF and DMARC) can be easily created using a wizard.
Modifications to the DKIM signing modify the records accordingly and the policy of the DMARC Records is set to ‘none’ (report), for the case that the signature has been disabled.

Download: DKIM-Patch

Changes to 1.1.3:


add support for DMARC-Records
add support for SPF-Records
increased default dkim-strength from 1024 bits to 2048 bits


Leave a Reply to ashok Cancel reply

Your email address will not be published. Required fields are marked *

9 thoughts on “DKIM-Patch 1.1.4

  • ashok

    one more question. sorry if this sounds stupid.

    Doesn this sign emails with DomainKeys?

    I mean, when i sent mail to yahoo, in headers it shows DKIM verified, but neutral and no signature for domain keys

    • Florian Schaal Post author

      Your mails will be signed with DKIM. You can also setup a domainkey-policy-record manually. But RFC 4871 (DKIM) superseded RFC 4870 (DomainKeys). AFAIK only yahoo checks for the policy-record for DomainKeys. If you would like to create a Domain Key Policy-Record, have a look at Henry´s Page. This is just a short TXT-Record like the SPF-Record (_domainkey.example.com o=OPTION).

  • ashok

    one more error. you restrict spf to spf button right ?

    but if we click spf button, only the spf of main domain can be added.

    What happens to subdomains mapped to same zone?

    • Florian Schaal Post author

      With the SPF-Button you edit the dns-zone for the domain. This dns-zone could examplec.com or sub.example.com. If you really use subdomains for sending emails, you can create an according dns-zone (sub.example.com) and setup a spf-record (maybe you won´t use A and MX – otherwise you must define A and MX-Records for sub.example.com – and use include example.com).
      http://www.openspf.org/FAQ/The_demon_question

  • ashok

    I installed your DKIM patch today. There is a bug in SPF part

    Your spf doesnt allow adding the googles spf which starts with a _ it says invalid

    _spf.google.com

  • Clouseau

    Opendmarc it is. For spf I will use cluebringer because of additional options like graylisting and quota(how many mails can sender send inside some timeframe). Tnx for info 🙂

  • Clouseau

    Hello,

    what is checking SPF record when email arrives? Also what is checking DMARC record when email arrives?

    Must I install opendmarc for dmarc cheking and cluebringer or similar for spf check?

    • Florian Schaal Post author

      Until now there is no checking for spf and dmarc. I discussed this a while ago with Till and we decided, to first integrate dmarc in ispconfig. I think, validating SPF and DMARC will bei implemented later (maybe in 3.1 – but i´m not sure if this would really happen in such a short time because ispconfig supports several os and this leads to a lot of testing). For validating SPF with postfix, have a look at my other post. For checking DMARC i recommend to use opendmarc. See here.