postfix with DKIM support
 

Hi Dear Friends,

I build postfix with DKIM support, I prepend dkim signature onto my outgoing message. An email to a google account gives me "dkim=pass. An email to a yahoo account gives "dkim=permerror (bad sig)". anyone can let me know the reason and clue how can i fix this problem?

Gmail:
Authentication-Results: mx.google.com; spf=pass, smtp.mail=mark@digital-infotech.net; dkim=pass header.i=@digital-infotech.net

Yahoo:
Authentication-Results: mta1117.mail.sk1.yahoo.com from=digital-infotech.net; domainkeys=neutral (no sig); from=digital-infotech.net; dkim=permerror (future timestamp)

Thanks / Regards

Very similar to this thread:
https://www.linuxquestions.org/quest...-issue-942598/

Based on the message, you've been blacklisted as a spammer...and, this error has quite a lot of information on it, based on a Google search. Did you try to look?
http://serverfault.com/questions/106...h-ive-implemen
http://www.mail-archive.com/dkim-mil.../msg01723.html

Hi,

Thanks for your time & solution offered but that does not apply to me, my IP is not black listed and have all records created and available. But problem is still the same. But i am sure if signatures is getting pass results at Gmail then there is no configuration problem at my server side. it is something to do with DNS public key.

Gmail
dkim=pass header.i=@digital-infotech.net

Yahoo:
domainkeys=neutral (no sig); from=digital-infotech.net; dkim=permerror (future timestamp)

If you say so, sure. Based on the Postfix documentation and the small bit of error you posted, you're blacklisted. If you're not, how then do you explain that your SAME SERVER can email to Gmail servers, but not Yahoo??

How, exactly, do you KNOW your IP hasn't been blacklisted? Have you contacted Yahoo?

Dear Mr. TB. One

Thanks for your time and response, i appreciate your assistance. i reported the following problem.

Authentication-Results: mta1117.mail.sk1.yahoo.com from=digital-infotech.net; domainkeys=neutral (no sig); from=digital-infotech.net; dkim=permerror (future timestamp)

Here is the solution:

Yahoo appears to think that my timestamp is off by some amount of time in the future. We can recover from this error using correct time settings such as by using "ntpd & ntpdate" daemon.

if i do not enable "ntpd / ntpdate" to set the time correctly. Yahoo reports dkim check error = future_time_stemps. dkim=fail

But if i enable "ntpdate & ntpd" then dovecot fails with time shifted backwards errors. dovecot kills it self

Objective: dkim must pass and dovecot must not stop

Solution:

Disable these daemons --> ntpd and ntpdate

1. Configure ESX Server to receive the time from following servers

0.CC.pool.ntp.org
1.CC.pool.ntp.org
2.CC.pool.ntp.org

2. Restart NTP service on ESX

Note: Make sure upd:123 is open on corporate firewall for ESX IP to synchronize with above servers

Right click virtual machine, click settings then Options -> VMware Tools and select "synchronize guest time with host"

time is now set correctly & dkim=pass (ok)

New results From Yahoo & Hotmail

Authentication-Results: mta1224.mail.ac4.yahoo.com from=digital-infotech.net; domainkeys=neutral (no sig); from=digital-infotech.net; dkim=pass (ok)

Authentication-Results: hotmail.com; sender-id=pass (sender IP is 41.211.25.193) header.from=xxxx@digital-infotech.net; dkim=pass header.d=digital-infotech.net

But if the machine is not virtual simple configuring ntp & ntpdate will fix the issue.

Thanks / Prabhpal S. Mavi