A new version of the DKIM-Patch for ISPConfig is available now.
With this version ISPConfig features a complete DMARC support.
The required DNS Records for DMARC (DKIM, SPF and DMARC) can be easily created using a wizard.
Modifications to the DKIM signing modify the records accordingly and the policy of the DMARC Records is set to ‘none’ (report), for the case that the signature has been disabled.
Download: DKIM-Patch
Changes to 1.1.3:
add support for DMARC-Records
add support for SPF-Records
increased default dkim-strength from 1024 bits to 2048 bits
one more question. sorry if this sounds stupid.
Doesn this sign emails with DomainKeys?
I mean, when i sent mail to yahoo, in headers it shows DKIM verified, but neutral and no signature for domain keys
Your mails will be signed with DKIM. You can also setup a domainkey-policy-record manually. But RFC 4871 (DKIM) superseded RFC 4870 (DomainKeys). AFAIK only yahoo checks for the policy-record for DomainKeys. If you would like to create a Domain Key Policy-Record, have a look at Henry´s Page. This is just a short TXT-Record like the SPF-Record (_domainkey.example.com o=OPTION).
one more error. you restrict spf to spf button right ?
but if we click spf button, only the spf of main domain can be added.
What happens to subdomains mapped to same zone?
With the SPF-Button you edit the dns-zone for the domain. This dns-zone could examplec.com or sub.example.com. If you really use subdomains for sending emails, you can create an according dns-zone (sub.example.com) and setup a spf-record (maybe you won´t use A and MX – otherwise you must define A and MX-Records for sub.example.com – and use include example.com).
http://www.openspf.org/FAQ/The_demon_question
I installed your DKIM patch today. There is a bug in SPF part
Your spf doesnt allow adding the googles spf which starts with a _ it says invalid
_spf.google.com
Thanks. It´s now fixed in the devel-branch: https://git.schaal-24.de/ispconfig/dkim/commit/adec968818b35d47fc0053558ecf42f19319637a
Opendmarc it is. For spf I will use cluebringer because of additional options like graylisting and quota(how many mails can sender send inside some timeframe). Tnx for info 🙂
Hello,
what is checking SPF record when email arrives? Also what is checking DMARC record when email arrives?
Must I install opendmarc for dmarc cheking and cluebringer or similar for spf check?
Until now there is no checking for spf and dmarc. I discussed this a while ago with Till and we decided, to first integrate dmarc in ispconfig. I think, validating SPF and DMARC will bei implemented later (maybe in 3.1 – but i´m not sure if this would really happen in such a short time because ispconfig supports several os and this leads to a lot of testing). For validating SPF with postfix, have a look at my other post. For checking DMARC i recommend to use opendmarc. See here.