I have many domain on one server.
I want enable DKIM verification for each one. For do it, I follow this tutorial
Like said a the end of tutorial, I test my dkim DNS on http://dkimcore.org/c/keycheck
This is a valid DKIM key record
So it's supose to works right now, but when I send an email, there is no DKIM signature and only "domainkeys=neutral (no sig); dkim=neutral (no sig)". (tested on yahoo and gmail.)
So what's wrong with this method?
EDIT:
mail.log when I send a mail (with PHP) said:
opendkim[40952]: 628EF242A06: localhost [127.0.0.1] not internal
opendkim[40952]: 628EF242A06: not authenticated
opendkim[40952]: 628EF242A06: no signature data
other thing:
sudo opendkim-testkey -d mydomain.com -s default -k /etc/opendkim/keys/mydomain.com/default.private -v
response:
opendkim-testkey: key not secure
So it's the method to generate keys which is bad?
I add 127.0.0.1 and localhost to trusted host and used :
sudo service postfix reload
Now it's working... enjoy ;)
Related
I don't know if I am asking this in the right place.
I have an SSL cert for my website, and I am trying to setup a mail server (same domain) using the same cert.
I am using Postfix and Dovecot. When I try logging in from Evolution mail client, I get an error "Peer failed to perform TLS handshake". When I try an online service to verify I get "Recipient address rejected: User unknown in local recipient table."
I guess my actual question is, can I actually use the same SSL cert for my website and my email server?
What do I do to debug next?
You can use a certificate you have for the web server also for your mail server as long as it matches the hostname you use to access your mail server. Of course the certificate need to properly setup at the mail server, i.e. include the necessary intermediate certificates similar to how it is (hopefully) setup on the web server.
I am using Postfix and Dovecot.
This means you need to take care of multiple configurations, both for SMTP in Postfix and IMAP/POP3 (whatever you use) in Dovecot. And in all cases the certificates subject/SAN must match the hostname you use to connect to the server.
When I try logging in from Evolution mail client, I get an error "Peer failed to perform TLS handshake".
There are not enough information about this setup to find out what exactly is causing the TLS error. It is not even clear if the error is caused when retrieving mail (IMAP/POP3, i.e. Dovecot) or while sending (Postfix).
When I try an online service to verify I get "Recipient address rejected: User unknown in local recipient table."
This has nothing to do with TLS at all. The test server simply tried to use a recipient which your mail server (Postfix) will not accept.
What do I do to debug next?
The next steps would probably be to check if the certificate matches the names you use in the first place and to look into log files for error messages or warnings. Following steps depend on what the result of these steps is.
I can't seem to get outbound email working from my SugarCRM installation, with only the message SMTP connect() failed appearing in the logs.
I've set my smtp server to smtp.gmail.com, email address, password, TLS, port 587. When I go to 'Send Test Email' I get the error.
I've set my local hostname, installed openssl, set the host_name in config.php and included it as a referrer in config_override.php. I've also tried setting SMPTDebug to 2 in SugarPHPMail.php but that seemed to have no effect.
When I run openssl s_client -starttls smtp -crlf -connect smtp.gmail.com:587 the output includes Verify return code: 0 (ok) and I don't know where to go from here. I can connect via telnet to that host & port and get a 220 SMTP message back as expected.
I do also have an exchange server available, but haven't been able to get that one working either, and thought Gmail would be more easily-solved.
I'm on Sugar 6.5.26 hosted on Linux (Debian, Raspbian).
Ok I found the solution while looking for the 'Allow less secure apps' setting in Gmail.
I have two-step authentication switched on in my Gmail account, which will obviously complicate things but had slipped my mind. Therefore I needed to use an app-specific password, and not my normal Gmail password.
As soon as I created an app-specific password in Google (at https://myaccount.google.com/apppasswords) and plugged that into the SugarCRM settings, it worked fine. D'oh!
I've got multiple websites running on the same server, and I'm about to setup DKIM signatures for all of them. I followed this excellent guide and could successfully send signed emails from PHP on the first try.
The problem is that now all the outgoing emails are signed with the same domain, while I'd like them to be signed by respective domain instead. I can choose which emails to sign via the signing table, but it seems like I can't choose to sign all outgoing emails from domain X with signature Y.
Is this possible, and in that case - how do I do?
Thank you in advance.
OS: Debian
Web server: Nginx + PHP-FPM
Mail server: Postfix
DKIM: OpenDKIM
I am using google apps for email. I can send email out through c# code fine with smtp.gmail.com.
I would like to be able to use the name smtp.mydomain.com instead, but still have it go to smtp.gmail.com. I tried just seeing a CNAME in my DNS settings, but I get this error:
"The remote certificate is invalid according to the validation procedure."
Any ideas?
Thanks.
Yes, you can't, the TLS certificate used to communicate privately with the remote SMTP server is signed with smtp.gmail.com. The only solution is to create a SMTP relay with sendmail for example on your own server.
I Have install dot project on linux machine. using ssmtp for gmail account to sending emails for mails notifications . but when i create any user it doesn't send mails to user email ID for account creation. but i send maail form shell prompt.the error i am getting is Failed to send email: 530 5.7.0 Must issue a STARTTLS command first. 22sm11794837wfd.6 added :( . Please help me if any one have solution....
Gmail requires a secure connection (TLS or SSL).
You need to configure SSMPT (not dotProject) to talk securely with Google's SMTP server.
I think you can just add the following to your ssmtp.conf file and (assuming your SSMTP package was compiled with SSL support) it should then work:
UseTLS=YES
Or perhaps:
UseSTARTTLS=YES
More info here.
I assume "530 5.7.0 Must issue a STARTTLS command first." means that you have to connect with TLS (Transport Layer Security). Does dot project support that?