A new version of the DKIM-Patch for ISPConfig is available now.
Download: DKIM-Patch
Changes to 1.1.4:
create dkim-path during install
DMARC requieres SPF and DKIM (this breaks the current draft but DMARC is useless if you use spf OR dkim)
fixed an error if the dkim-path does not exists
add missing resync-values to lng-files
allow verification records for DMARC in a TXT-record (like example.com._report._dmarc.external.com. v=DMARC1;)
allow SPF-includes like_spf.google.com
allow multiple adresses for aggregate mail reports (rua) and forensic mail reports (ruf)
updated install.php to work on centos7
Hello florian.
How could change the length of the dkim key.
Since many servers are rejecting me emails because the header exceeds the size of 998 bytes, and the field length exceeds the dkim signature.
thank you very much
You can set the dkim-strength under system / serverconfig / SERVER / mail. Afterwards re-create the dkim-keys
IF a server rejects your mail even with a key-strength 1024, you should send a mail to the postmaster.
in place that tells me I do not see anything about the length of the dkim signature.
This is a screenshot of the site.
http://imgur.com/K0r2Rv5
would you kindly tell me how I should make the change in length of the signature dkim
Are you really using the latest version? please post the output of “grep version /home/raschaal/devel/own-git/dkim/server/plugins-enabled/mail_plugin_dkim.inc.php”
I installed this patch for some customers in the last few days and i was always able to change the key-strength.
You can NEVER use a dkim-strength < 1024 because this will lead to problems with gooogle and other mail-providers. If you really need a dkim-strength < 1024, feel free to send me a mail to info@schaal-24.de
Hello,
my TXT record for DKIM is shortened in Bind zone file.. Key pair (2048bit) is generated correctly, even in MySQL table is full length.
But during save to zone files record is somehow shortened
Is the full key in the mail_domain table and in dns_rr table? Maybe your database-structure was not altered. You can check this with this sql-query:
SELECT DATA_TYPE FROM INFORMATION_SCHEMA.COLUMNS WHERE TABLE_SCHEMA = ‘dbispconfig’ AND TABLE_NAME =’dns_rr’ AND column_name=’data’;
If the output is not TXT, update the column with ALTER TABLE `dns_rr` CHANGE `data` `data` TEXT NOT NULL DEFAULT ”;
Sory for panic, I forgot to apply your patch on my ns1 a ns2 DNS servers…
On one of screenshots in your blog (http://blog.schaal-24.de/wp-content/uploads/2013/05/DNS-create-Template.jpg). I saw record in Zone Templates.
TXT|default. _ domainkey. {DOMAIN}. |
{DKIM}|0|3600
Tell it it is necessary to bring manually or not?
Correct me if i´m wrong: you found this on a page for the patch < 1.0? With 1.0 you don´t need such an entry in your template. If you create a key in the mail-domain, the dns-record will be created, too. If you would like to setup the dns-wizard to create a dkim-record, just enable the checkbox.
Hi,
Is there a way to disable the wizard for SPF ?
Cause I can’t write my own dns entry.
And the spf wizard doesn’t allow me to make an include.
Kind regards.
Everything in “Any domains that may deliver or relay mail for this domain” should be used as an include.
here is the error :
http://img4.hostingpics.net/pics/246786ScreenShot20150109at125619.jpg
and
http://img4.hostingpics.net/pics/970919ScreenShot20150109at125741.jpg
Oups… i just fixed it in the git. It´s safe if you just update interface/web/dns/dns_spf_edit.php
Work fine, perfect !
The DKIM-Selector shows by default “default1420755328” and ads this in front of the dkim-dns row. But the key can’t be veryfied because the dkim-dns row can’t be find on the server… What to do the the key can be find? (the key ist there on bind9)
Are you sure that amavis verifies the key against your own dns? It takes some time to update dns-records worldwide. Try dig @127.0.0.1 default1420755328._domainkey.YOURDOMAIN TXT to querie your local dns.
I’ve just installed you last patch after I installed opendkim. But now I wonder how and if to configure opendkim to work with ispconfig an your patch.
The DKIM-integration uses amavis instead of opendkim to sign emails.
Hello Florian,
I have two questions:
1) about compatibility with upcoming ISPConfig 3.1 where DKIM will be integrated. Is this patch the same code as will be used in this version? Is it safe install this patch and than upgrade to ISPConfig 3.1 when it will be ready?
2) is this patch work correctly in multiserver setup? We have separated mail server on its own server. On which server should I install this patch? On master ISPConfig server and mail server?
Thank you
1. The Code between this patch and ISPConfig 3.1 is quite the same. You can apply this patch and afterwards upgrade to 3.1.
2. I use this in a multi-server setup so i´m sure it works without any problems. Run the installer on every server that runs mail and/or dns and also on the interface.
Thank you very much for your reply and your work. I am going to install the patch 🙂
The files created in the folder /var/lib/amavis/dkim owned root:root
I have fixed with chown -R
This doesn´t matter. The files are created with 644, but the DIRECTORY should owned by user and group amavis with permissions 750 or 770.
Ok, thank you so much Florian…