A new version of the DKIM-Patch for ISPConfig is available now.
Download: DKIM-Patch
Changes to 1.1.7:
for ISPConfig 3.0.5.4.p7 only
add CSRF-Check from ISPConfig
updated installer for ISPConfig 3.0.5.4.p7
changed config-file-check to prevent saving the keys in the wrong file if a single amavis-config-file exists after upgrading to a "split-config"
do you have some uninstall procedures ? if we have to apply on a production machine and something is going wrong how we can be back to the initial situation ?
thank you
Just revert the changes from postfix main.cf and master.cf. and additional the changes from the amavis-config
Hi,
I install this plugin but postfix stops sending emails. I get error postfix/qmgr[13234]: warning: connect to transport private/amavis: Connection refused.
Nothing helps except rolling back changes in 50-user, master.cf, main.cf.
Thank you for help.
Seems like a wrong amavis-config. Can you provide the full log-string and diff the amavis-config with the modifications against a working config?
Hi,
Here is my amavis config before install:
use strict;
#
# Place your configuration directives here. They will override those in
# earlier files.
#
# See /usr/share/doc/amavisd-new/ for documentation and examples of
# the directives you can use in this file
#
@bypass_virus_checks_maps = (
\%bypass_virus_checks, \@bypass_virus_checks_acl, \$bypass_virus_checks_re);
@bypass_spam_checks_maps = (
\%bypass_spam_checks, \@bypass_spam_checks_acl, \$bypass_spam_checks_re);
#
# Database connection settings
#
@lookup_sql_dsn =
( [‘DBI:mysql:database=dbispconfig;host=127.0.0.1;port=3306’, ‘ispconfig’, ‘4b4de0bf02d96c64fa20166bc62e427a’] );
# @storage_sql_dsn = @lookup_sql_dsn; # none, same, or separate database
#$sql_select_policy = ‘SELECT “Y” as local FROM mail_domain WHERE CONCAT(“@”,domain) IN (%k)’;
# $banned_files_quarantine_method = ‘sql’;
# $spam_quarantine_method = ‘sql’;
#
# SQL Select statements
#
$sql_select_policy =
‘SELECT *,spamfilter_users.id’.
‘ FROM spamfilter_users LEFT JOIN spamfilter_policy ON spamfilter_users.policy_id=spamfilter_policy.id’.
‘ WHERE spamfilter_users.email IN (%k) ORDER BY spamfilter_users.priority DESC’;
$sql_select_white_black_list = ‘SELECT wb FROM spamfilter_wblist’.
‘ WHERE (spamfilter_wblist.rid=?) AND (spamfilter_wblist.email IN (%k))’ .
‘ ORDER BY spamfilter_wblist.priority DESC’;
#
# Quarantine settings
#
$final_virus_destiny = D_BOUNCE;
$final_spam_destiny = D_DISCARD;
$final_banned_destiny = D_BOUNCE;
$final_bad_header_destiny = D_PASS;
# Default settings, we st this very high to not filter aut emails accidently
$sa_spam_subject_tag = ‘***SPAM*** ‘;
$sa_tag_level_deflt = 20.0; # add spam info headers if at, or above that level
$sa_tag2_level_deflt = 60.0; # add ‘spam detected’ headers at that level
$sa_kill_level_deflt = 60.0; # triggers spam evasive actions
$sa_dsn_cutoff_level = 100; # spam level beyond which a DSN is not sent
#
# Disable spam and virus notifications for the admin user.
# Can be overridden by the policies in mysql
#
$virus_admin = undef;
$spam_admin = undef;
#
# Enable Logging
#
$DO_SYSLOG = 1;
$LOGFILE = “/var/log/amavis.log”; # (defaults to empty, no log)
# Set the log_level to 5 for debugging
$log_level = 0; # (defaults to 0)
#———— Do not modify anything below this line ————-
1; # insure a defined return
Install.php add this code below las line:
$inet_socket_port = [10024,10026];
$forward_method = ‘smtp:[127.0.0.1]:10025’;
$notify_method = ‘smtp:[127.0.0.1]:10027’;
$interface_policy{‘10026’} = ‘ORIGINATING’;
$policy_bank{‘ORIGINATING’} = {originating => 1,smtpd_discard_ehlo_keywords => [‘8BITMIME’],forward_method => ‘smtp:[127.0.0.1]:10027’,};
@mynetworks = qw(0.0.0.0/8 127.0.0.0/8 10.0.0.0/8 172.16.0.0/12 192.168.0.0/16);
$signed_header_fields{‘received’} = 0;
$enable_dkim_verification = 1;
$enable_dkim_signing = 1;
@dkim_signature_options_bysender_maps = ({ ‘.’ => { ttl => 21*24*3600, c => ‘relaxed/simple’ } } );
– I try to put last return line after this lines but its not help.
Hi all,
In dmarcian.com, I get:
DMARC coverage: 100%
SPF coverage: 91%
DKIM coverage: 75%
Its safe to change the policy to quarantine ou reject?
I think you can go with quarantine or reject. I would use quarantine before changing the policy to reject.
Will there be a release shortly for ISPConfig 3.0.5.4.p8?
Thanks for the great work
1.1.8 is p8-ready
Thanks Florian,
SPF alignment eventually fails because the Return-Path sent from cronjob, autoresponder or php sendmail has a different domain.
Some Dkim fail because the known temperror problem with Microsoft servers.
These e-mails using the quarantine policy will not be marked as spam?
If the mail comes from a different domain and you don´t have a dmarc-record for this domain, there will be no check.
Hi,
is there a way to implement domainkeys and DKIM ?
Cause i see that – for exemple – roundcube use domainkey…
That should be nice if it’s possible.
Kind regards.
DKIM is an “upgrade” of the DomainKeys from yahoo. I don´t think, that you need DKIM and DomainKeys. You can compare DomainKeys and DKIM on dkim.org.