DKIM-Patch 1.1.8 13


Es ist eine neue Version des DKIM-Patch für ISPConfig verfügbar.

Download: DKIM-Patch

Changes to 1.1.7:


for ISPConfig 3.0.5.4.p7 only
add CSRF-Check from ISPConfig
updated installer for ISPConfig 3.0.5.4.p7
changed config-file-check to prevent saving the keys in the wrong file if a single amavis-config-file exists after upgrading to a "split-config"


Kommentar erstellen

Deine E-Mail-Adresse wird nicht veröffentlicht. Erforderliche Felder sind markiert *

13 Gedanken zu “DKIM-Patch 1.1.8

    • Florian Schaal Beitragsautor

      Just revert the changes from postfix main.cf and master.cf. and additional the changes from the amavis-config

  • Robert Kiss

    Hi,
    I install this plugin but postfix stops sending emails. I get error postfix/qmgr[13234]: warning: connect to transport private/amavis: Connection refused.
    Nothing helps except rolling back changes in 50-user, master.cf, main.cf.

    Thank you for help.

    • Florian Schaal Beitragsautor

      Seems like a wrong amavis-config. Can you provide the full log-string and diff the amavis-config with the modifications against a working config?

      • Robert Kiss

        Hi,

        Here is my amavis config before install:
        use strict;

        #
        # Place your configuration directives here. They will override those in
        # earlier files.
        #
        # See /usr/share/doc/amavisd-new/ for documentation and examples of
        # the directives you can use in this file
        #

        @bypass_virus_checks_maps = (
        \%bypass_virus_checks, \@bypass_virus_checks_acl, \$bypass_virus_checks_re);

        @bypass_spam_checks_maps = (
        \%bypass_spam_checks, \@bypass_spam_checks_acl, \$bypass_spam_checks_re);

        #
        # Database connection settings
        #

        @lookup_sql_dsn =
        ( [‘DBI:mysql:database=dbispconfig;host=127.0.0.1;port=3306’, ‘ispconfig’, ‘4b4de0bf02d96c64fa20166bc62e427a’] );

        # @storage_sql_dsn = @lookup_sql_dsn; # none, same, or separate database
        #$sql_select_policy = ‘SELECT “Y” as local FROM mail_domain WHERE CONCAT(“@”,domain) IN (%k)’;
        # $banned_files_quarantine_method = ‘sql’;
        # $spam_quarantine_method = ‘sql’;

        #
        # SQL Select statements
        #

        $sql_select_policy =
        ‘SELECT *,spamfilter_users.id’.
        ‘ FROM spamfilter_users LEFT JOIN spamfilter_policy ON spamfilter_users.policy_id=spamfilter_policy.id’.
        ‘ WHERE spamfilter_users.email IN (%k) ORDER BY spamfilter_users.priority DESC’;

        $sql_select_white_black_list = ‘SELECT wb FROM spamfilter_wblist’.
        ‘ WHERE (spamfilter_wblist.rid=?) AND (spamfilter_wblist.email IN (%k))’ .
        ‘ ORDER BY spamfilter_wblist.priority DESC’;

        #
        # Quarantine settings
        #

        $final_virus_destiny = D_BOUNCE;
        $final_spam_destiny = D_DISCARD;
        $final_banned_destiny = D_BOUNCE;
        $final_bad_header_destiny = D_PASS;

        # Default settings, we st this very high to not filter aut emails accidently
        $sa_spam_subject_tag = ‘***SPAM*** ‘;
        $sa_tag_level_deflt = 20.0; # add spam info headers if at, or above that level
        $sa_tag2_level_deflt = 60.0; # add ‘spam detected’ headers at that level
        $sa_kill_level_deflt = 60.0; # triggers spam evasive actions
        $sa_dsn_cutoff_level = 100; # spam level beyond which a DSN is not sent

        #
        # Disable spam and virus notifications for the admin user.
        # Can be overridden by the policies in mysql
        #

        $virus_admin = undef;
        $spam_admin = undef;

        #
        # Enable Logging
        #

        $DO_SYSLOG = 1;
        $LOGFILE = “/var/log/amavis.log”; # (defaults to empty, no log)

        # Set the log_level to 5 for debugging
        $log_level = 0; # (defaults to 0)

        #———— Do not modify anything below this line ————-
        1; # insure a defined return

        Install.php add this code below las line:

        $inet_socket_port = [10024,10026];
        $forward_method = ‘smtp:[127.0.0.1]:10025’;
        $notify_method = ‘smtp:[127.0.0.1]:10027’;
        $interface_policy{‘10026’} = ‘ORIGINATING’;
        $policy_bank{‘ORIGINATING’} = {originating => 1,smtpd_discard_ehlo_keywords => [‘8BITMIME’],forward_method => ‘smtp:[127.0.0.1]:10027’,};
        @mynetworks = qw(0.0.0.0/8 127.0.0.0/8 10.0.0.0/8 172.16.0.0/12 192.168.0.0/16);
        $signed_header_fields{‘received’} = 0;
        $enable_dkim_verification = 1;
        $enable_dkim_signing = 1;
        @dkim_signature_options_bysender_maps = ({ ‘.’ => { ttl => 21*24*3600, c => ‘relaxed/simple’ } } );

        – I try to put last return line after this lines but its not help.

  • Slayer

    Hi all,

    In dmarcian.com, I get:
    DMARC coverage: 100%
    SPF coverage: 91%
    DKIM coverage: 75%

    Its safe to change the policy to quarantine ou reject?

    • Florian Schaal Beitragsautor

      I think you can go with quarantine or reject. I would use quarantine before changing the policy to reject.

      • Slayer

        Thanks Florian,

        SPF alignment eventually fails because the Return-Path sent from cronjob, autoresponder or php sendmail has a different domain.
        Some Dkim fail because the known temperror problem with Microsoft servers.

        These e-mails using the quarantine policy will not be marked as spam?

        • Florian Schaal Beitragsautor

          If the mail comes from a different domain and you don´t have a dmarc-record for this domain, there will be no check.

  • Stephane

    Hi,
    is there a way to implement domainkeys and DKIM ?
    Cause i see that – for exemple – roundcube use domainkey…
    That should be nice if it’s possible.

    Kind regards.

    • Florian Schaal Beitragsautor

      DKIM is an “upgrade” of the DomainKeys from yahoo. I don´t think, that you need DKIM and DomainKeys. You can compare DomainKeys and DKIM on dkim.org.