DKIM-Patch 1.1.5 24


Es ist eine neue Version des DKIM-Patch für ISPConfig verfügbar.

Download: DKIM-Patch

Changes to 1.1.4:


create dkim-path during install
DMARC requieres SPF and DKIM (this breaks the current draft but DMARC is useless if you use spf OR dkim)
fixed an error if the dkim-path does not exists
add missing resync-values to lng-files
allow verification records for DMARC in a TXT-record (like example.com._report._dmarc.external.com. v=DMARC1;)
allow SPF-includes like_spf.google.com
allow multiple adresses for aggregate mail reports (rua) and forensic mail reports (ruf)
updated install.php to work on centos7


Kommentar erstellen

Deine E-Mail-Adresse wird nicht veröffentlicht. Erforderliche Felder sind markiert *

24 Gedanken zu “DKIM-Patch 1.1.5

  • Xanela

    Hello florian.
    How could change the length of the dkim key.
    Since many servers are rejecting me emails because the header exceeds the size of 998 bytes, and the field length exceeds the dkim signature.

    thank you very much

    • Florian Schaal Beitragsautor

      You can set the dkim-strength under system / serverconfig / SERVER / mail. Afterwards re-create the dkim-keys
      IF a server rejects your mail even with a key-strength 1024, you should send a mail to the postmaster.

        • Florian Schaal Beitragsautor

          Are you really using the latest version? please post the output of “grep version /home/raschaal/devel/own-git/dkim/server/plugins-enabled/mail_plugin_dkim.inc.php”
          I installed this patch for some customers in the last few days and i was always able to change the key-strength.
          You can NEVER use a dkim-strength < 1024 because this will lead to problems with gooogle and other mail-providers. If you really need a dkim-strength < 1024, feel free to send me a mail to info@schaal-24.de

  • Roman

    Hello,

    my TXT record for DKIM is shortened in Bind zone file.. Key pair (2048bit) is generated correctly, even in MySQL table is full length.

    But during save to zone files record is somehow shortened

    • Florian Schaal Beitragsautor

      Is the full key in the mail_domain table and in dns_rr table? Maybe your database-structure was not altered. You can check this with this sql-query:
      SELECT DATA_TYPE FROM INFORMATION_SCHEMA.COLUMNS WHERE TABLE_SCHEMA = ‘dbispconfig’ AND TABLE_NAME =’dns_rr’ AND column_name=’data’;
      If the output is not TXT, update the column with ALTER TABLE `dns_rr` CHANGE `data` `data` TEXT NOT NULL DEFAULT ”;

    • Florian Schaal Beitragsautor

      Correct me if i´m wrong: you found this on a page for the patch < 1.0? With 1.0 you don´t need such an entry in your template. If you create a key in the mail-domain, the dns-record will be created, too. If you would like to setup the dns-wizard to create a dkim-record, just enable the checkbox.

  • Stephane

    Hi,
    Is there a way to disable the wizard for SPF ?

    Cause I can’t write my own dns entry.
    And the spf wizard doesn’t allow me to make an include.

    Kind regards.

  • jo

    The DKIM-Selector shows by default “default1420755328” and ads this in front of the dkim-dns row. But the key can’t be veryfied because the dkim-dns row can’t be find on the server… What to do the the key can be find? (the key ist there on bind9)

    • Florian Schaal Beitragsautor

      Are you sure that amavis verifies the key against your own dns? It takes some time to update dns-records worldwide. Try dig @127.0.0.1 default1420755328._domainkey.YOURDOMAIN TXT to querie your local dns.

  • marc

    I’ve just installed you last patch after I installed opendkim. But now I wonder how and if to configure opendkim to work with ispconfig an your patch.

  • Jan

    Hello Florian,

    I have two questions:

    1) about compatibility with upcoming ISPConfig 3.1 where DKIM will be integrated. Is this patch the same code as will be used in this version? Is it safe install this patch and than upgrade to ISPConfig 3.1 when it will be ready?

    2) is this patch work correctly in multiserver setup? We have separated mail server on its own server. On which server should I install this patch? On master ISPConfig server and mail server?

    Thank you

    • Florian Schaal Beitragsautor

      1. The Code between this patch and ISPConfig 3.1 is quite the same. You can apply this patch and afterwards upgrade to 3.1.
      2. I use this in a multi-server setup so i´m sure it works without any problems. Run the installer on every server that runs mail and/or dns and also on the interface.