Error wihle installing dkim-milter

19 posts / 0 new
Last post
#1 Tue, 03/31/2015 - 07:54
szer0p

Error wihle installing dkim-milter

Hello Erik,

I dont know exactly where is the problem now

when i try to instal dkim-milter i got this error

Loaded plugins: fastestmirror, security
Setting up Install Process
Loading mirror speeds from cached hostfile
* base: mirrors.advancedhosters.com
* extras: mirrors.advancedhosters.com
* updates: mirrors.advancedhosters.com
No package dkim-milter available.
Error: Nothing to do

i tried to disable all the files in /etc/yum.repos.d

CentOS-Base.repo       CentOS-Vault.repo  webmin.repo
CentOS-Debuginfo.repo  epel.repo          webtatic-archive.repo
CentOS-fasttrack.repo  epel-testing.repo  webtatic.repo
CentOS-Media.repo      remi.repo          webtatic-testing.repo

i made it so in enabled=0 in all the files above

but nothing changed

i installed Virtualmin using install.sh

have u any idea thanks

Tue, 03/31/2015 - 15:54
andreychek

Howdy,

Hmm, it looks like there's quite a few non-default things that are going on there... that may be the cause of some of the issues you're seeing.

I would recommend disabling any third party repositories, as you've done.

However, you wouldn't want to disable any of the repositories with the name "CentOS" in the file name.

Another thing that's causing a problem is that your server appears to be missing the virtualmin.repo file.

Do you see anything in /etc/yum.repos.d that looks like it may have been that file? Could that file have been renamed to something else?

Also, what is in the webmin.repo file?

-Eric

Tue, 03/31/2015 - 18:39
szer0p

i dont think so .. i think its missed

in the webmin.repo file ist

[Webmin]
name=Webmin Distribution Neutral
baseurl=http://download.webmin.com/download/yum
enabled=1

but do u mean i musst enable the setting in the files name "CentOS" again ?

Tue, 03/31/2015 - 21:45
andreychek

Howdy,

Yes, the ones with the name "CentOS" in them aren't third party repositories, those are standard repositories.

Also, you won't need that Webmin repository, as everything in there is also contained in the Virtualmin repository.

So what you're missing at the moment is just the standard Virtualmin repository.

That's created when the install.sh script runs, so it's odd that it's not there! But it's simple to re-create -- to do that, make a file named /etc/yum.repos.d/virtualmin.repo, and for it's contents, use the following:

[virtualmin]
name=RHEL/CentOS/Scientific $releasever - $basearch - Virtualmin
baseurl=http://software.virtualmin.com/gpl/rhel/$releasever/$basearch/
enabled=1
gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-virtualmin
gpgcheck=1

[virtualmin-universal]
name=Virtualmin Distribution Neutral Packages
baseurl=http://software.virtualmin.com/gpl/universal/
enabled=1
gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-virtualmin
gpgcheck=1

Once you create the above file, are you then able to setup dkim?

-Eric

Tue, 03/31/2015 - 21:58
szer0p

yes its work !! !! agian u r genius ;)

wow :D

but can u please tell me what should i enable in the centos files i cant remember anymore what i disabled

thaaanks Erik

Tue, 03/31/2015 - 22:54
szer0p

Hello Erik

i testet if the DKIM was right installed on allaboutspam.com but i got this Error messege

Email contains invalid DKIM/Domain Keys Signature. Published Domain Keys policy does not specify whether to accept/reject such emails. Signing your Outbound emails and clearly specifying a policy to accept signed emails will minimize chances of your Email being considered as SPAM.

and i testet it again in http://dkimcore.org/

i got this error This is not a good DKIM key record. You should fix the errors shown in red.

DNS query failed for 'dkim232._domainkey.domain.com':NOERROR A public-key (p=) is required

what thats mean ?

and the SPF i enabled it from DNS options but i wont be work and in test site appears als not workin ..

Wed, 04/01/2015 - 02:30
Diabolico
Diabolico's picture

Virtualmin - Email Messages - DomainKeys Identified Mail:

Signing of outgoing mail enabled? - Yes
Selector for DKIM record name - "put here whatever you want, e.g. myawesomedkim"
Reject incoming email with invalid DKIM signature? - Yes
Force generation of new private key? - up to you
Size of new DKIM key - 2048
Additional domains to sign for - list all domains you want to use DKIM
DNS records for additional domains - check if you have this option and filled with a code

Virtualmin - select virtual server, e.g. mygreatdomain.tld - Server Configuration - DNS Options:

SPF record enabled? - Yes
Allowed sender hostnames - mygreatdomain.tld (optional)
Allowed sender mail domains - mygreatdomain.tld (better to fill up the domain here but you can use both options)
Allowed sender IPv4 addresses - it should be automatically filled if not put your server IP
Allowed sender IPv6 addresses - if you have any
Included domains to allow - usually you dont need this
Action for other senders - Disallow (my default) or Discourage
DMARC record enabled? - Yes
DMARC policy for emails that fail SPF or DKIM - Reject (my default)
Percentage of messages to apply policy - 100%

Virtualmin - select virtual server, e.g. mygreatdomain.tld - Server Configuration - DNS Records:

- check if you have SPF record
- check if you have DKIM record, "myawesomedkim._domainkey"

Optional:

- add:
_dmarc.mygreatdomain.tld. IN TXT "v=DMARC1; pct=100; ruf=mailto:postmaster@mygreatdomain.tld; rua=mailto:postmaster@mygreatdomain.tld; p=reject"
- add:
_adsp._domainkey.mygreatdomain.tld. IN TXT dkim=all

If you lower your TTL before all changes you should get fast result if not wait until DNS will propagate.

- I often come to the conclusion that my brain has too many tabs open. -
Failing at desktop publishing & graphic design since 1994.

Wed, 04/01/2015 - 08:29
szer0p

Hey Erik thank you verymuch

YES i did all this but still by testing says that spf and dkim are not avalible in my vps

Fri, 04/03/2015 - 02:36
Diabolico
Diabolico's picture

szer0p how did you test your emails? If you check all details i posted in my previous post then i would like to suggest you to go here: "https://www.unlocktheinbox.com/resources/emailauthentication/", then log to usermin and send a email to "mailtest@unlocktheinbox.com", wait few minutes and see what result you will get. For something faster but with less details go here: "http://www.mail-tester.com/", copy random generated email and send empty email. Then click on "check" and see what you get.

P.S. If you use first option be sure to enable html in your emails (usermin) so you will have better overview of the result.

- I often come to the conclusion that my brain has too many tabs open. -
Failing at desktop publishing & graphic design since 1994.

Fri, 04/03/2015 - 07:26
szer0p

Hello Erik

yes i checked all the details above

i send a email to mailtest@unlocktheinbox.com i didnt get any email back but i used the other website

i got also negative 5/10 score

Ihre DKIM Signatur ist not right , the spf also and dmarc .. Your DKIM signature is not valid v=1; a=rsa-sha256; c=relaxed/simple; d=domain.com; s=default; t=1428063302; bh=Mc9oiGjr1ytBGKVZJo2JPdf/rUeD1EWN/kZhlsP/1pw=; h=From:Subject:To:Date; b=Mn8Yku+XfTRMZUYBMz2B6BoJByov2TCl3zRh1Ie0Ns9bVpIyh/rYUSdBnRMz/9SNJ63/bM4OYYXRoq9zpMS6osthC7WtcahFNZ4bZfUEA74D/tHyoIb/js2r23MeekvlLXCDAd8O5Tij0jsYvGtvmNojtVPYu0QQP2iI8gpuTHQ=

but this is not the dkim recorde in my dns record and i have another sector not default .. can is the problem with my dns in the server ? i dont know i did all things as u told me

what can i do now

thanks

Fri, 04/03/2015 - 10:30
szer0p

i think i have resolved the problem the SPF is now active but thie dkim is still invailed

DKIM Information:

DKIM Signature

Message contains this DKIM Signature: DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=domain.com; s=default; t=1428074501; bh=g3zLYH4xKxcPrHOD18z9YfpQcnk/GaJedfustWU5uGs=; h=Date:From:To:Subject; b=QQgR83rUeGB5zCTdDNWoWyVKJkXO9hZzpq3u45PsBtM6Se/v9NuR8ZI1g4kffS72+ eSFI211gpMQWAiTrn4lX/iklO3JVYcwYATKA25yILk4Vrga/NOCD75o4CT0s9xm/eE 3Dda+OZCdNbFniS2D8bP7Ir+IdJGnKJeffw64UJE= DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=domain.com; s=default; t=1428074501; bh=g3zLYH4xKxcPrHOD18z9YfpQcnk/GaJedfustWU5uGs=; h=Date:From:To:Subject; b=QQgR83rUeGB5zCTdDNWoWyVKJkXO9hZzpq3u45PsBtM6Se/v9NuR8ZI1g4kffS72+ eSFI211gpMQWAiTrn4lX/iklO3JVYcwYATKA25yILk4Vrga/NOCD75o4CT0s9xm/eE 3Dda+OZCdNbFniS2D8bP7Ir+IdJGnKJeffw64UJE=

Signature Information: v= Version: 1 a= Algorithm: rsa-sha256 c= Method: relaxed/simple d= Domain: domain.com s= Selector: default q= Protocol:
bh= g3zLYH4xKxcPrHOD18z9YfpQcnk/GaJedfustWU5uGs= h= Signed Headers: Date:From:To:Subject b= Data: QQgR83rUeGB5zCTdDNWoWyVKJkXO9hZzpq3u45PsBtM6Se/v9NuR8ZI1g4kffS72+ eSFI211gpMQWAiTrn4lX/iklO3JVYcwYATKA25yILk4Vrga/NOCD75o4CT0s9xm/eE 3Dda+OZCdNbFniS2D8bP7Ir+IdJGnKJeffw64UJE= Public Key DNS Lookup

Building DNS Query for default._domainkey.domain.com Retrieved this publickey from DNS: Validating Signature

result = invalid Details: public key: not available

Fri, 04/03/2015 - 15:40
Diabolico
Diabolico's picture

Did you try to generate new key? Maybe something went wrong with one you have now? Another thing if you didnt get any result from mailtest@unlocktheinbox.com it could be two things, you are blacklisted with them (easy to remove, check their page how) or you have problem with your email server. This could be another thing to consider. This is why Virtualmin is best to install on clean OS, while i had several problems with Centos 7 (probably they sort it until now) on 6.6 it works good.

- I often come to the conclusion that my brain has too many tabs open. -
Failing at desktop publishing & graphic design since 1994.

Fri, 04/03/2015 - 16:19
szer0p

Ooh this is crazy .. anyway i have centos 6.6

when i check the DKIM from http://dkimcore.org/c/keycheck i write the sector name and my domain name then i get this " This is a valid DKIM key record"

how could is here valid and other test method not valid ?

now another problem that i sloved it befor 7 days .. not reciving emails i tried to send from hotmail i didnt get the email but i get email from the same server ..

:(

Sun, 04/05/2015 - 17:49
szer0p

when i try to generate a new key i got this Error

Finding virtual servers to enable DKIM for ..
.. found 2 servers

Extracting public key from private key in /etc/dkim.key ..
.. done

Setting domain and selector in DKIM filter configuration ..
.. done

Adding DKIM records to DNS domain domain.com ..
.. records already exist

Adding DKIM records to DNS domain domain.de ..
.. records already exist

Enabling DKIM filter at boot time ..
.. done

Starting DKIM filter ..
.. start failed : Starting DomainKeys Identified Mail Milter (dkim-filter): dkim-filter: smfi_opensocket() failed [FAILED]

DKIM setup failed!
Fri, 04/03/2015 - 16:47
szer0p

Error in the mail log

Apr  3 23:41:17 server dkim-filter[8014]: Sendmail DKIM Filter: Unable to bind to port inet:8891@localhost: Address already in use
Apr  3 23:41:17 server dkim-filter[8014]: Sendmail DKIM Filter: Unable to create listening socket on conn inet:8891@localhost
Apr  3 23:41:17 server dkim-filter[8014]: smfi_opensocket() failed

i checked for the port 8891 netstat -nlp | grep 8891

i got this tcp 0 0 127.0.0.1:8891 0.0.0.0:* LISTEN 8042/opendkim

but i removed opendkim !! how can remove it from this port and make the dkim-filter insted of it?

Fri, 04/03/2015 - 17:32
szer0p

i solved the problem i fotget to delete this from main.cf milter_protocol = 2 smtpd_milters = , inet:127.0.0.1:8891, inet:127.0.0.1:12768,inet:localhost:8891 non_smtpd_milters = , inet:127.0.0.1:8891, inet:127.0.0.1:12768,inet:localhost:8891 milter_default_action = accept

i will then wait till tomorrow and check it again

thanks

Sun, 04/05/2015 - 17:57
szer0p

the DKIM RECORD is this:

dkimpal._domainkey.domain.com. IN TXT ( "v=DKIM1; k=rsa; t=s; p=MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA4DEwZ6uo3Px3c"
"zUuxpdPtIBqzc4IVHeZURfF9XSrXoBScB6SN5KmXUponrPIsM/WjuAeoa+s3RqxHtU3eKnuZK1pcMgl2"
"csf/oMdJLJ38PZU4T5yNQpmRf2w/J25p1M8sxX+FawCS1aAhZaQ72GOj/GTlhJarqDjiSpS8cyOSPNvb"
"5rrPdaZWZ+msz5q/hfaxUqtFgu13oiD8Fsw6jxF2a05/lKKB6Az2PI0i6cZ/ajCH5Mgdo34+ODOsNodC"
"PEv+fqe7sgQ2cZusKyVkIVJ981B6OAFzIS7GjoV0t/o9qS7YqxukMUtPu9NACa6oWNoxPLwT6DW9Cw+E"
"aueN+QcswIDAQAB" )

the TEST for the DKIM is this

The DKIM signature of your message is:

v=1;
a=rsa-sha256;
c=simple/simple;
d=domain.com;
s=dkimpal;
t=1428273719;
bh=g3zLYH4xKxcPrHOD18z9YfpQcnk/GaJedfustWU5uGs=;
h=Date:To:Subject:MIME-Version:Content-Type:Content-Transfer-Encoding:Message-Id:From;
b=WubnCeofbVDFcShMZ+7zK6HZlicSnowxNQC6SolrSmJ3MH4QPS9zzNiLo0eax+1kPZhOb84qB8/eN//R7iCPt2aTxEpkUDc6XacTdYJsiiG7sSp3zSbCm99d6XGmtYssYrBemQtHPhgpCrRd4hT8HHRQUo1DeVCzlXTwRgaCkw4orb8QL9kxg8TFHSjZacHgmQanbSWqEeVATE6hTcM3dgYUJt/kdKtHLswghiYBAHKdIkcmfOwuuo7BztVfePPlIBFpBTPxtwzJqfz/jDg7qS3uKqqK5Etc9h+Ztf1YO471+GH8TumXDXYofONcTOcX7LXZNwwcoMKEFnTAytmdxA==
Your public key is:

"v=DKIM1;
k=rsa;
t=s;
p=MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuZAimH4VzznW3lDiXTOqq0Rzb17RC1oO+fFCd9dldX4wR0jY7iFcOD5OSoN+kzYYibUckhcZJ/kP8W98KGegE2njGkDngVQjHLPCq3tacR+2iQ5RR/LMbAJn4J2+CpViOmq9cQWwC/zGH+SGcIQo872h0kDxm6kKJ0y4WM6JxZ433K2CKfxRMyG9off6""e2VqeAt1AgE3Ky3Mc2jy1zR0Gb1s5aHL38uIg9jYOjIwHlY+BHWgqQBI65fdCx1iNwplbVyul5fCQUShcorB6AzDdBtjg2+JQX99niiBjKxBkkWLxl5mgaMnigvzJYslWWYW25p2QECn6EUBwHB5N6fYvwIDAQAB"
key length: 2048bits

DKIM Signatur is not valid

What is the Problem now ? :( why is the invalied .. when i check http://dkimcore.org/c/keycheck i get This is a valid DKIM key record..

can u please help me ??

Mon, 04/06/2015 - 06:39
berndtnetwork

Hello,

I had the same error message about invalid dkim record on my servers main account. I have entered the Master DNS information before turning it into a web/email account. So I think my problem was it didn't get updated because when I made the virtual server for the Master DNS I didn't tick create the DNS record because it was already created.

I had to enter the keys manually by copy and paste from another account. If you don't have another account and you are only using one, you can still copy and paste from "DNS records for additional domains" that's in the "DomainKeys Identified Mail"

Sat, 04/11/2015 - 04:50
szer0p

Hello berndtnetwork,

Thanks for reply but i didnt get it what do u mean exactly i have only one website with 2 domains and till now i get the same error ..

i dont know how can i fix it

any idea?

Topic locked