LinuxQuestions.org
Latest LQ Deal: Linux Power User Bundle
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Newbie
User Name
Password
Linux - Newbie This Linux forum is for members that are new to Linux.
Just starting out and have a question? If it is not in the man pages or the how-to's this is the place!

Notices


Reply
  Search this Thread
Old 04-30-2012, 06:41 AM   #1
Prabhpal S. Mavi
LQ Newbie
 
Registered: Dec 2011
Posts: 5

Rep: Reputation: Disabled
postfix with DKIM support


Hi Dear Friends,

I build postfix with DKIM support, I prepend dkim signature onto my outgoing message. An email to a google account gives me "dkim=pass. An email to a yahoo account gives "dkim=permerror (bad sig)". anyone can let me know the reason and clue how can i fix this problem?

Gmail:
Authentication-Results: mx.google.com; spf=pass, smtp.mail=mark@digital-infotech.net; dkim=pass header.i=@digital-infotech.net

Yahoo:
Authentication-Results: mta1117.mail.sk1.yahoo.com from=digital-infotech.net; domainkeys=neutral (no sig); from=digital-infotech.net; dkim=permerror (future timestamp)

Thanks / Regards
 
Old 05-01-2012, 03:06 PM   #2
TB0ne
LQ Guru
 
Registered: Jul 2003
Location: Birmingham, Alabama
Distribution: SuSE, RedHat, Slack,CentOS
Posts: 18,477

Rep: Reputation: 3970Reputation: 3970Reputation: 3970Reputation: 3970Reputation: 3970Reputation: 3970Reputation: 3970Reputation: 3970Reputation: 3970Reputation: 3970Reputation: 3970
Quote:
Originally Posted by Prabhpal S. Mavi View Post
Hi Dear Friends,
I build postfix with DKIM support, I prepend dkim signature onto my outgoing message. An email to a google account gives me "dkim=pass. An email to a yahoo account gives "dkim=permerror (bad sig)". anyone can let me know the reason and clue how can i fix this problem?

Gmail:
Authentication-Results: mx.google.com; spf=pass, smtp.mail=mark@digital-infotech.net; dkim=pass header.i=@digital-infotech.net

Yahoo:
Authentication-Results: mta1117.mail.sk1.yahoo.com from=digital-infotech.net; domainkeys=neutral (no sig); from=digital-infotech.net; dkim=permerror (future timestamp)

Thanks / Regards
Very similar to this thread:
https://www.linuxquestions.org/quest...-issue-942598/

Based on the message, you've been blacklisted as a spammer...and, this error has quite a lot of information on it, based on a Google search. Did you try to look?
http://serverfault.com/questions/106...h-ive-implemen
http://www.mail-archive.com/dkim-mil.../msg01723.html
 
Old 05-02-2012, 04:42 AM   #3
Prabhpal S. Mavi
LQ Newbie
 
Registered: Dec 2011
Posts: 5

Original Poster
Rep: Reputation: Disabled
Hi,

Thanks for your time & solution offered but that does not apply to me, my IP is not black listed and have all records created and available. But problem is still the same. But i am sure if signatures is getting pass results at Gmail then there is no configuration problem at my server side. it is something to do with DNS public key.

Gmail
dkim=pass header.i=@digital-infotech.net

Yahoo:
domainkeys=neutral (no sig); from=digital-infotech.net; dkim=permerror (future timestamp)
 
Old 05-02-2012, 10:20 AM   #4
TB0ne
LQ Guru
 
Registered: Jul 2003
Location: Birmingham, Alabama
Distribution: SuSE, RedHat, Slack,CentOS
Posts: 18,477

Rep: Reputation: 3970Reputation: 3970Reputation: 3970Reputation: 3970Reputation: 3970Reputation: 3970Reputation: 3970Reputation: 3970Reputation: 3970Reputation: 3970Reputation: 3970
Quote:
Originally Posted by Prabhpal S. Mavi View Post
Hi,
Thanks for your time & solution offered but that does not apply to me, my IP is not black listed and have all records created and available. But problem is still the same. But i am sure if signatures is getting pass results at Gmail then there is no configuration problem at my server side. it is something to do with DNS public key.
If you say so, sure. Based on the Postfix documentation and the small bit of error you posted, you're blacklisted. If you're not, how then do you explain that your SAME SERVER can email to Gmail servers, but not Yahoo??

How, exactly, do you KNOW your IP hasn't been blacklisted? Have you contacted Yahoo?
 
Old 05-02-2012, 12:19 PM   #5
Prabhpal S. Mavi
LQ Newbie
 
Registered: Dec 2011
Posts: 5

Original Poster
Rep: Reputation: Disabled
Dear Mr. TB. One

Thanks for your time and response, i appreciate your assistance. i reported the following problem.

Authentication-Results: mta1117.mail.sk1.yahoo.com from=digital-infotech.net; domainkeys=neutral (no sig); from=digital-infotech.net; dkim=permerror (future timestamp)

Here is the solution:

Yahoo appears to think that my timestamp is off by some amount of time in the future. We can recover from this error using correct time settings such as by using "ntpd & ntpdate" daemon.

if i do not enable "ntpd / ntpdate" to set the time correctly. Yahoo reports dkim check error = future_time_stemps. dkim=fail

But if i enable "ntpdate & ntpd" then dovecot fails with time shifted backwards errors. dovecot kills it self

Objective: dkim must pass and dovecot must not stop

Solution:

Disable these daemons --> ntpd and ntpdate

1. Configure ESX Server to receive the time from following servers

0.CC.pool.ntp.org
1.CC.pool.ntp.org
2.CC.pool.ntp.org

2. Restart NTP service on ESX

Note: Make sure upd:123 is open on corporate firewall for ESX IP to synchronize with above servers

Right click virtual machine, click settings then Options -> VMware Tools and select "synchronize guest time with host"

time is now set correctly & dkim=pass (ok)

New results From Yahoo & Hotmail

Authentication-Results: mta1224.mail.ac4.yahoo.com from=digital-infotech.net; domainkeys=neutral (no sig); from=digital-infotech.net; dkim=pass (ok)

Authentication-Results: hotmail.com; sender-id=pass (sender IP is 41.211.25.193) header.from=xxxx@digital-infotech.net; dkim=pass header.d=digital-infotech.net

But if the machine is not virtual simple configuring ntp & ntpdate will fix the issue.

Thanks / Prabhpal S. Mavi

Last edited by Prabhpal S. Mavi; 05-02-2012 at 12:21 PM.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
dkim-milter and postfix on CentOS 5.6 fantasygoat Linux - Server 1 07-21-2011 01:58 AM
LXer: Set Up DKIM For Multiple Domains On Postfix With dkim-milter 2.8.x (CentOS 5.3) LXer Syndicated Linux News 0 09-07-2009 06:20 PM
LXer: Set Up DKIM On Postfix With dkim-milter (CentOS 5.2) LXer Syndicated Linux News 0 04-06-2009 12:30 PM
How to set up and configure perl Module Mail-DKIM for amavisd-new & postfix homyangcha Linux - Newbie 1 09-12-2008 12:36 AM
how to set up perl-mail-dkim with postfix using amavisd in centos 5.2 homyangcha Linux - Newbie 1 09-08-2008 05:03 PM


All times are GMT -5. The time now is 08:34 PM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration