Linux - Newbie This Linux forum is for members that are new to Linux.
Just starting out and have a question?
If it is not in the man pages or the how-to's this is the place! |
Notices |
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
Are you new to LinuxQuestions.org? Visit the following links:
Site Howto |
Site FAQ |
Sitemap |
Register Now
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
|
|
04-30-2012, 07:41 AM
|
#1
|
LQ Newbie
Registered: Dec 2011
Posts: 5
Rep:
|
postfix with DKIM support
Hi Dear Friends,
I build postfix with DKIM support, I prepend dkim signature onto my outgoing message. An email to a google account gives me "dkim=pass. An email to a yahoo account gives "dkim=permerror (bad sig)". anyone can let me know the reason and clue how can i fix this problem?
Gmail:
Authentication-Results: mx.google.com; spf=pass, smtp.mail=mark@digital-infotech.net; dkim=pass header.i=@digital-infotech.net
Yahoo:
Authentication-Results: mta1117.mail.sk1.yahoo.com from=digital-infotech.net; domainkeys=neutral (no sig); from=digital-infotech.net; dkim=permerror (future timestamp)
Thanks / Regards
|
|
|
05-01-2012, 04:06 PM
|
#2
|
LQ Guru
Registered: Jul 2003
Location: Birmingham, Alabama
Distribution: SuSE, RedHat, Slack,CentOS
Posts: 27,428
|
Quote:
Originally Posted by Prabhpal S. Mavi
Hi Dear Friends,
I build postfix with DKIM support, I prepend dkim signature onto my outgoing message. An email to a google account gives me "dkim=pass. An email to a yahoo account gives "dkim=permerror (bad sig)". anyone can let me know the reason and clue how can i fix this problem?
Gmail:
Authentication-Results: mx.google.com; spf=pass, smtp.mail=mark@digital-infotech.net; dkim=pass header.i=@digital-infotech.net
Yahoo:
Authentication-Results: mta1117.mail.sk1.yahoo.com from=digital-infotech.net; domainkeys=neutral (no sig); from=digital-infotech.net; dkim=permerror (future timestamp)
Thanks / Regards
|
Very similar to this thread:
https://www.linuxquestions.org/quest...-issue-942598/
Based on the message, you've been blacklisted as a spammer...and, this error has quite a lot of information on it, based on a Google search. Did you try to look?
http://serverfault.com/questions/106...h-ive-implemen
http://www.mail-archive.com/dkim-mil.../msg01723.html
|
|
|
05-02-2012, 05:42 AM
|
#3
|
LQ Newbie
Registered: Dec 2011
Posts: 5
Original Poster
Rep:
|
Hi,
Thanks for your time & solution offered but that does not apply to me, my IP is not black listed and have all records created and available. But problem is still the same. But i am sure if signatures is getting pass results at Gmail then there is no configuration problem at my server side. it is something to do with DNS public key.
Gmail
dkim=pass header.i=@digital-infotech.net
Yahoo:
domainkeys=neutral (no sig); from=digital-infotech.net; dkim=permerror (future timestamp)
|
|
|
05-02-2012, 11:20 AM
|
#4
|
LQ Guru
Registered: Jul 2003
Location: Birmingham, Alabama
Distribution: SuSE, RedHat, Slack,CentOS
Posts: 27,428
|
Quote:
Originally Posted by Prabhpal S. Mavi
Hi,
Thanks for your time & solution offered but that does not apply to me, my IP is not black listed and have all records created and available. But problem is still the same. But i am sure if signatures is getting pass results at Gmail then there is no configuration problem at my server side. it is something to do with DNS public key.
|
If you say so, sure. Based on the Postfix documentation and the small bit of error you posted, you're blacklisted. If you're not, how then do you explain that your SAME SERVER can email to Gmail servers, but not Yahoo??
How, exactly, do you KNOW your IP hasn't been blacklisted? Have you contacted Yahoo?
|
|
|
05-02-2012, 01:19 PM
|
#5
|
LQ Newbie
Registered: Dec 2011
Posts: 5
Original Poster
Rep:
|
Dear Mr. TB. One
Thanks for your time and response, i appreciate your assistance. i reported the following problem.
Authentication-Results: mta1117.mail.sk1.yahoo.com from=digital-infotech.net; domainkeys=neutral (no sig); from=digital-infotech.net; dkim=permerror (future timestamp)
Here is the solution:
Yahoo appears to think that my timestamp is off by some amount of time in the future. We can recover from this error using correct time settings such as by using "ntpd & ntpdate" daemon.
if i do not enable "ntpd / ntpdate" to set the time correctly. Yahoo reports dkim check error = future_time_stemps. dkim=fail
But if i enable "ntpdate & ntpd" then dovecot fails with time shifted backwards errors. dovecot kills it self
Objective: dkim must pass and dovecot must not stop
Solution:
Disable these daemons --> ntpd and ntpdate
1. Configure ESX Server to receive the time from following servers
0.CC.pool.ntp.org
1.CC.pool.ntp.org
2.CC.pool.ntp.org
2. Restart NTP service on ESX
Note: Make sure upd:123 is open on corporate firewall for ESX IP to synchronize with above servers
Right click virtual machine, click settings then Options -> VMware Tools and select "synchronize guest time with host"
time is now set correctly & dkim=pass (ok)
New results From Yahoo & Hotmail
Authentication-Results: mta1224.mail.ac4.yahoo.com from=digital-infotech.net; domainkeys=neutral (no sig); from=digital-infotech.net; dkim=pass (ok)
Authentication-Results: hotmail.com; sender-id=pass (sender IP is 41.211.25.193) header.from=xxxx@digital-infotech.net; dkim=pass header.d=digital-infotech.net
But if the machine is not virtual simple configuring ntp & ntpdate will fix the issue.
Thanks / Prabhpal S. Mavi
Last edited by Prabhpal S. Mavi; 05-02-2012 at 01:21 PM.
|
|
|
All times are GMT -5. The time now is 05:13 AM.
|
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.
|
Latest Threads
LQ News
|
|