From: Stas S. <co...@gm...> - 2008-05-13 14:48:46
|
Hi, I'm trying to configure dk-filter with postfix on hardy, the package is also installed from repositories. (https://edge.launchpad.net/ubuntu/+source/dk-milter/1.0.0.dfsg-1) The server is actually on a sub domain, I believe this is not a problem? I followed mostly the steps described here: http://www.howtoforge.com/postfix_dkfilter_domain_keys_implementation But the example configs provided there, doesn't work at all. I mean, that after configuring like there postfix can't even connect to the port 10027, and even after changing: 127.0.0.1:10026 inet n - n - - smtpd to: 127.0.0.1:10027 inet n - n - - smtpd I still can't get my emails signed. The server already uses dkim-filter/dkim-milter for DKIM signing, and I'm looking forward to use both of these tools... Any help is welcomed.. Thank you in advance. -- () Campania Panglicii în ASCII /\ http://stas.nerd.ro/ascii/ |
From: Murray S. K. <ms...@se...> - 2008-05-13 16:11:39
|
What are your command line arguments to the filter, and what would you expect the From: header field to contain on outgoing mail? |
From: SM <sm...@re...> - 2008-05-13 16:22:23
|
At 07:48 13-05-2008, Stas Sushkov wrote: >I'm trying to configure dk-filter with postfix on hardy, the package >is also installed from repositories. >(https://edge.launchpad.net/ubuntu/+source/dk-milter/1.0.0.dfsg-1) >The server is actually on a sub domain, I believe this is not a problem? That should not be a problem as long as you specify that messages for that subdomain should be signed. In your Postfix main.cf configuration file, add: smtpd_milters = inet:localhost:8891 where 8891 is the port number on which the milter uses. Send a message using SMTP AUTH and it should be signed by the milter. If it doesn't work, see your postfix log. You should be running dk-filter with the -l and -h switch. Regards, -sm |
From: Stas S. <co...@gm...> - 2008-05-13 16:55:16
|
Murray: The package uses configuration from /etc/default/dk-filter After starting it as a daemon i can see in my processes: /usr/bin/dk-filter -u dk-filter -P /var/run/dk-filter/dk-filter.pid -p inet:8892@localhost -l -d subdomain.domain.tld -s /var/dkim-filter/private.key -S mail Actually i'm expecting anything to be contained in the header using dk-filter... The problem is that after shutting down dkim-filter I get only emails with a clean header, wich I believe shouldn't be so.... SM: I do have smtpd_milters = inet:localhost:8891 in my main.cf, and it works! I can see my emails validated when sending to google for example, but as I understood, dkim != dk, so yahoo is using dk, thats why I started to look for setting up dk-filter. The next problem I believe is in making postfix to use dk-filter for content_filter or I don't know... But as I said, using tutorials provided all over the web, It doesn't work... -- () Campania Panglicii în ASCII /\ http://stas.nerd.ro/ascii/ |
From: Murray S. K. <ms...@se...> - 2008-05-13 17:04:58
|
On Tue, 13 May 2008, Stas Sushkov wrote: > /usr/bin/dk-filter -u dk-filter -P /var/run/dk-filter/dk-filter.pid -p > inet:8892@localhost -l -d subdomain.domain.tld -s > /var/dkim-filter/private.key -S mail OK, so mail going through the filter should have a From: header field that looks something like: From: us...@su...d ...otherwise the mail won't sign. Also your postfix should be trying to talk to it on the inet:8892@localhost socket. Is that the case? Your remarks to SM suggested it's on 8891. > Actually i'm expecting anything to be contained in the header using > dk-filter... Well it won't sign "anything", it will only sign mail from that domain and from authorized clients. |
From: Stas S. <co...@gm...> - 2008-05-13 17:35:57
|
Wait a bit, using the configuration from this tutorial: http://www.xspace.idv.tw/bo_blog/read.php?24 All I'm getting in logs is (connect to 127.0.0.1[127.0.0.1]:10027: Connection refused) Should i change: # # After-filter SMTP server. Receive mail from the content filter on # localhost port 10026. # 127.0.0.1:10026 inet n - n - - smtpd to: 127.0.0.1:10027 inet n - n - - smtpd ? Or you are asking me about already installed dkim-filter? If the configuration I'm using (from that how to) is wrong, can you guide me step by step on how should I start dk-filter? Do I have to make it listenning to a port? -- () Campania Panglicii în ASCII /\ http://stas.nerd.ro/ascii/ |
From: Murray S. K. <ms...@se...> - 2008-05-13 17:48:14
|
On Tue, 13 May 2008, Stas Sushkov wrote: > If the configuration I'm using (from that how to) is wrong, can you > guide me step by step on how should I start dk-filter? Do I have to make > it listenning to a port? I can't help you with configuring postfix, but I do know that postfix and dk-filter have to agree on which port they will use to communicate; the filter will listen there for connections from the MTA. The filter's port is specified using the "-p" command line flag, which I think you have set to something like "inet:8892@localhost". If you have postfix talking to ports like 10027, they're not communicating. |
From: Stas S. <co...@gm...> - 2008-05-13 17:50:45
|
And after that, can I use the same smtpd_milters=inet:localhost:MYPORT? -- () Campania Panglicii în ASCII /\ http://stas.nerd.ro/ascii/ |
From: Murray S. K. <ms...@se...> - 2008-05-13 17:54:05
|
On Tue, 13 May 2008, Stas Sushkov wrote: > And after that, can I use the same smtpd_milters=inet:localhost:MYPORT? I presume so. Again, I'm not a postfix user. |
From: Stas S. <co...@gm...> - 2008-05-13 17:56:11
|
I did how I said, the problem now is that, dk-filter rewrites dkim-filter header records... Now I have DomainKey record in the header, but I don't have anymore X-DKIM record... Any ideas? -- () Campania Panglicii în ASCII /\ http://stas.nerd.ro/ascii/ |
From: Murray S. K. <ms...@se...> - 2008-05-13 18:00:40
|
On Tue, 13 May 2008, Stas Sushkov wrote: > I did how I said, the problem now is that, dk-filter rewrites > dkim-filter header records... That's neat, since the code doesn't exist to do that. > Now I have DomainKey record in the header, but I don't have anymore > X-DKIM record... > > Any ideas? I suspect you've told postfix to talk to dk-filter (on port 8892) and not dkim-filter (on port 8891). Can postfix not talk to multiple filters at the same time? I'd be surprised if that's the case. |
From: Stas S. <co...@gm...> - 2008-05-13 18:04:13
|
Yes, I'm running the milters on different ports, and so I wrote in config: smtpd_milters = inet:localhost:8891 non_smtpd_milters = inet:localhost:8891 smtpd_milters = inet:localhost:8892 non_smtpd_milters = inet:localhost:8892 and here is ps aux |grep dk 107 2901 0.0 0.2 5320 632 ? Ss 14:50 0:00 /usr/sbin/dkim-filter -x /etc/dkim-filter.conf -u dkim-filter -P /var/run/dkim-filter/dkim-filter.pid -p inet:8891@localhost 107 2902 0.0 0.8 87652 2340 ? Sl 14:50 0:00 /usr/sbin/dkim-filter -x /etc/dkim-filter.conf -u dkim-filter -P /var/run/dkim-filter/dkim-filter.pid -p inet:8891@localhost 108 4583 0.0 0.5 24436 1504 ? Ssl 17:52 0:00 /usr/bin/dk-filter -u dk-filter -P /var/run/dk-filter/dk-filter.pid -p inet:8892@localhost -l -d domain.tld -s /var/dkim-filter/private.key -S mail -- () Campania Panglicii în ASCII /\ http://stas.nerd.ro/ascii/ |
From: Murray S. K. <ms...@se...> - 2008-05-13 18:07:49
|
On Tue, 13 May 2008, Stas Sushkov wrote: > Yes, I'm running the milters on different ports, and so I wrote in config: > smtpd_milters = inet:localhost:8891 > non_smtpd_milters = inet:localhost:8891 > smtpd_milters = inet:localhost:8892 > non_smtpd_milters = inet:localhost:8892 So maybe the second setting of each of those overrides the first. Can you do something like this? smtpd_milters = inet:localhost:8891,inet:localhost:8892 non_smtpd_milters = inet:localhost:8891,inet:localhost:8892 I'm guessing, just like you are. Once again, I'm not a postfix user. |
From: Stas S. <co...@gm...> - 2008-05-13 18:15:52
|
Yes Murray, you're the man!!! It works!!! :) Thank you very much... If I could I would buy you some beer :) Yesterday, actually today, I wrote a complete tutorial on how to get DKIM configured on latest Ubuntu [1], and I'm thinking to write one more tutorial about DK on Ubuntu hardy... But I wouldn't got this done without your help, so, one more time thank you! Have a nice day guys... Cheers. [1]: http://stas.nerd.ro/blog/index.php/2008/05/13/configure-postfix-and-dkim-filter-on-ubuntu-hardy/ -- () Campania Panglicii în ASCII /\ http://stas.nerd.ro/ascii/ |
From: SM <sm...@re...> - 2008-05-13 18:17:29
|
At 10:35 13-05-2008, Stas Sushkov wrote: >using the configuration from this tutorial: >http://www.xspace.idv.tw/bo_blog/read.php?24 That webpage is not about dk-milter. >All I'm getting in logs is (connect to 127.0.0.1[127.0.0.1]:10027: >Connection refused) You are not running a content filter on that port. A milter is not a content filter. >If the configuration I'm using (from that how to) is wrong, can you >guide me step by step on how should I start dk-filter? Do I have to >make it listenning to a port? You are starting dk-filter (the milter) correctly. But you have not configured Postfix to call it. The installation steps are similar to what you did for dkim-milter. Regards, -sm |
From: Stas S. <co...@gm...> - 2008-05-13 18:24:46
|
Thank you SM, we finally solved it. The problem with DKIM and DK is still actual, there's no good documentation on how to make your servers use this features. Every simple user, trying to implement DKIM/DK on his server can screw up due to lack of real well tested tutorials, which exist on the web so far... Hope that these tutorials I'm writing will help somebody in future, and save your time... Cheers. -- () Campania Panglicii în ASCII /\ http://stas.nerd.ro/ascii/ |
From: Stas S. <co...@gm...> - 2008-05-13 19:12:24
|
Done, thank you guys one more time! http://stas.nerd.ro/blog/index.php/2008/05/13/configuring-postfix-domainkeys-dkim-on-ubuntu-hardy/ -- () Campania Panglicii în ASCII /\ http://stas.nerd.ro/ascii/ |
From: SM <sm...@re...> - 2008-05-13 19:42:49
|
At 09:52 13-05-2008, Stas Sushkov wrote: >The package uses configuration from /etc/default/dk-filter >After starting it as a daemon i can see in my processes: >/usr/bin/dk-filter -u dk-filter -P /var/run/dk-filter/dk-filter.pid -p >inet:8892@localhost -l -d subdomain.domain.tld -s >/var/dkim-filter/private.key -S mail [snip] >smtpd_milters = inet:localhost:8891 in my main.cf, and it works! I can >see my emails validated when sending to google for example, but as I >understood, dkim != dk, so yahoo is using dk, thats why I started to >look for setting up dk-filter. dk-filter is using port 8892. You are not calling from smtpd_milters as the port is 8891. If you have two milters, you should have two entries, one for each milter and the entry should have the port on which the milter is running. >The next problem I believe is in making postfix to use dk-filter for >content_filter or I don't know... dk-filter is not a content filter. Regards, -sm |