Webmail aplication

[CoyoteKG]

Thank you for your effort to help me.
I learned a lot reading your posts.
I want to boast that now I have a high score on mail tester

http://www.mail-tester.com/web-mKOFyx

I have to take a little time for DKIM, and that is it
I belive I'll end by tonight.

I registered on SORBS and delisted me, but im still listed in this report...

 

[CoyoteKG]

Hello again.

I successfully set DKIM for ex4.info mail accounts.
I followed link that you provide to me.
And now I have evaluation 10/10 fot this mail.
http://www.mail-tester.com/web-3tkzdn

But I cant set it for ceman.info
Evaluation is 9/10, only DKIM problem
http://www.mail-tester.com/web-ZsERAV

I've been waiting for DNS sync, but unfortunately without progress..

I created new key, the same way like for ex4.info

  GNU nano 2.2.6        File: /etc/opendkim/TrustedHosts

127.0.0.1
localhost
192.168.0.1/24

*.ex4.info
*.ceman.info

#*.example.org

  GNU nano 2.2.6                File: /etc/opendkim/KeyTable

mail._domainkey.ex4.info ex4.info:mail:/etc/opendkim/keys/ex4.info/mail.private

mail._domainkey.ceman.info ceman.info:mail:/etc/opendkim/keys/ceman.info/mail.private
#mail._domainkey.example.org example.org:mail:/etc/opendkim/keys/example.org/mail.private

  GNU nano 2.2.6               File: /etc/opendkim/SigningTable

*@ex4.info mail._domainkey.ex4.info

*@ceman.info mail._domainkey.ceman.info
#*@example.org mail._domainkey.example.org

and created new directory ceman.info, and this is key

  GNU nano 2.2.6                     File: mail.txt

mail._domainkey IN      TXT     ( "v=DKIM1; k=rsa; "
          "p=MIGfMA0GCSqGSIb3DQEBAQUAA4GAFWNADCBiQKBgQC/KBOGqKxdfeYJBETSVjSJdi5OKe+KptDTZsBo3QUjnV74t1Zkt
RRpll3h2IP+4ui2+BoKa+IUzaOOnwUZfKeffsnkFm7c8hOdjnv1LujRcVF/bqUnktTIPH+2cgMrvbP/df4n7EiphQkghf0SGDbKjFvff
k3TulFzB1WUXxT0dYrgLIbPBQIDAQAB" )  ; ----- DKIM key mail for ceman.info

And my TXT record is:

host

mail._domainkey

text value
v=DKIM1; k=rsa; p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADASDCBiQKBgQC/KBOGqKdxeYJBETSVjSJdi5OKe+KptDTZBo3QUjnV74fst1ZktRRpll3h2IP+4ui2+BoKa+I UzaOOnwUZfKefnkFm7c8hOjnv1LujRcVF/bqUnktTIPH+2cgMrvbP/4n7EiphQkdsfghf0SGDbKjFvffk3TulFzB1WUXxT0dYrgLIbPBQIDAQAB

Everything like ex4.info but not works.

And one more thing,
I set dmarc, but http://mxtoolbox.com/domain/ceman.info/ still showing error

This is record from my dns zone
v=DMARC1; p=reject; rua=mailto[email protected], mailto:[email protected]

before it few days was
"v=DMARC1; p=none; rua=mailto[email protected]"


And I created SSL with this tutorial, but MXtolbox show error with https too..

 

[UFHH01]

Hi CoyoteKG,

again some links, where you can easily test your settings / modifications, etc....

DMARC:
https://dmarcian.com/dmarc-inspector/ex4.info
https://dmarcian.com/dmarc-inspector/ceman.info

Both test results are really well described, as for example:

DMARC record published in the wrong place!
If you're the owner of this domain, your DMARC record needs to discoverable at _dmarc.ceman.info, and not at ceman.info. The "_dmarc." part is required!

You setup the DMARC - TXT record at example.com and not at "_dmarc.example.com". Once again, an example:

_dmarc.example.com.    TXT    v=DMARC1; p=none; rua=mailto:[email protected]

​

DKIM:
http://dkimcore.org/c/keycheck

The test result for the selector "mail" at "ceman.info" shows:

This is not a good DKIM key record. You should fix the errors shown in red.
...
Public key
p= MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQC/KBOGqKxeYJBETSVjSJdi5OKe+KptDTZBo3QUjnV74t1ZktRRpll3h2IP+4ui2+BoKa+I UzaOOnwUZfKefnkFm7c8hOjnv1LujRcVF/bqUnktTIPH+2cgMrvbP/4n7EiphQkghf0SGDbKjFvffk3TulFzB1WUXxT0dYrgLIbPBQIDAQAB

• The p= field must be base64 encoded

Such issues appear, when you use line breaks for example. So the key might be valid, but the line break(s) results in false positive to the test. Try to use a text editor and merge the lines together:

p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQC/KBOGqKxeYJBETSVjSJdi5OKe+KptDTZBo3QUjnV74t1ZktRRpll3h2IP+4ui2+BoKa+IUzaOOnwUZfKefnkFm7c8hOjnv1LujRcVF/bqUnktTIPH+2cgMrvbP/4n7EiphQkghf0SGDbKjFvffk3TulFzB1WUXxT0dYrgLIbPBQIDAQAB

SSL:
https://www.ssllabs.com/ssltest/analyze.html?d=ex4.info
https://www.ssllabs.com/ssltest/analyze.html?d=ceman.info

Plesk generated certificates and self-signed certificates are never trusted sources, because there is no authority, which can confirm the source. Please consider to buy a certificate, or use free subdomain specific certificates, as for example from https://www.startssl.com/ .​

 

[CoyoteKG]

I copied from terminal, and that code did not stand in one line at my monitor, because that when I copied, and I did it with two "spaces" between lines also.

Now I fixed that, and I checked on few dkim check portals, everything look like it is OK, but it is not.
http://dkimcore.org/tools/keycheck.html
http://protodave.com/tools/dkim-key-checker/
http://www.mail-tester.com/spf-dkim-check

mail-tester still showing dkim error
http://www.mail-tester.com/web-bgxP5j


And when I send mail from [email protected] to my gmail account, in header of that mail is

Authentication-Results: mx.google.com;
spf=pass (google.com: domain of [email protected] designates 213.239.193.5 as permitted sender) [email protected];
dmarc=pass (p=REJECT dis=NONE) header.from=ceman.info

But if I send from my [email protected] there is dkim=pass

Authentication-Results: mx.google.com;
spf=pass (google.com: domain of [email protected] designates 213.239.193.5 as permitted sender) [email protected];
dkim=pass [email protected]
Received: from webmail.ceman.info (localhost.localdomain [127.0.0.1])
by africka-sljiva.ex4.info (Postfix) with ESMTPA id 437962680988
for <[email protected]>; Fri, 25 Sep 2015 12:28:11 +0200 (CEST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=ex4.info; s=mail;
t=1443176891; bh=frcCV1k9oG9oKj3dpUqdJg1PxRT2RSN/XKdLCPjaYaY=;
h=Date:From:To:Subject:From;
b=UP0DvNIv068mQTDKAN7LMpkQKOrqJo7dh1O+XjdMmUCfs0e9QCn9O5EvfRJtwuI36
1DQqofitRxTn591IbWXcFrWazJ4i3FtnRQozlai8f3lrmx50SeR5zK/b242xz5na1s
09dTDyOfT7n6jmbt1VlA2GQYww9/Wf/h/FhykEV8=

 

[UFHH01]

Hi CoyoteKG,

again... please be patient, when you change DNS - entries. It may take UP TO 48 HOURS ( sometimes as well up to 72 hours, which is relative rarely ), untill DNS - servers are syncronized.

Both DKIM - entries for the selector "mail" are now VALID.

mail._domainkey.ex4.info => This is a valid DKIM key record
mail._domainkey.ceman.info => This is a valid DKIM key record​

 

[CoyoteKG]

Hello UFHH01, again,

I was patient, and I waited few days and after that I wrote previous post.
Now is Monday, and I think that is enough time for sync DNS, but I still have problem with DKIM, and I have not idea where am I wrong.

 

[UFHH01]

Hi CoyoteKG,

sorry, but I can't see any error for your DKIM - definitions for both domains, as stated already on Friday.
What makes you think, that you have problems?
Even if you did some tests in the past, please consider to re-test now, to get an actual state and if you don't mention them here, or show actual errors, we can't answer with new informations and/or suggestions.

 

[CoyoteKG]

Hello,

yes, on those DKIM check sites, showing that everything is OK.
But on mail tester error is still displayed
http://www.mail-tester.com/web-4Pm5Vr

I suspected that maybe this site maybe wrong sometimes, but I sent message to my gmail account, and in message header I cant find that DKIM is passed.

Delivered-To: [email protected]
Received: by 10.36.85.148 with SMTP id e142csp209749itb;
Mon, 28 Sep 2015 03:03:47 -0700 (PDT)
X-Received: by 10.194.179.231 with SMTP id dj7mr2157267wjc.146.1443434627876;
Mon, 28 Sep 2015 03:03:47 -0700 (PDT)
Return-Path: <[email protected]>
Received: from africka-sljiva.ex4.info (africka-sljiva.ex4.info. [213.239.193.5])
by mx.google.com with ESMTPS id fq6si20912013wib.110.2015.09.28.03.03.47
for <[email protected]>
(version=TLSv1.2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128);
Mon, 28 Sep 2015 03:03:47 -0700 (PDT)
Received-SPF: pass (google.com: domain of [email protected] designates 213.239.193.5 as permitted sender) client-ip=213.239.193.5;
Authentication-Results: mx.google.com;
spf=pass (google.com: domain of [email protected] designates 213.239.193.5 as permitted sender) [email protected];
dmarc=pass (p=REJECT dis=NONE) header.from=ceman.info
Received: from webmail.ceman.info (localhost.localdomain [127.0.0.1])
by africka-sljiva.ex4.info (Postfix) with ESMTPA id D3DFB26800AA
for <[email protected]>; Mon, 28 Sep 2015 12:03:46 +0200 (CEST)
MIME-Version: 1.0
Content-Type: text/plain; charset=US-ASCII;
format=flowed
Content-Transfer-Encoding: 7bit
Date: Mon, 28 Sep 2015 12:03:46 +0200
From: [email protected]
To: [email protected]
Subject: proba
Message-ID: <[email protected]>
X-Sender: [email protected]
User-Agent: Roundcube Webmail/1.1.2

But when I send from ex4.info, which is set like ceman.info, everything is OK, and in header is DKIM=pass

Delivered-To: [email protected]
Received: by 10.36.85.148 with SMTP id e142csp210923itb;
Mon, 28 Sep 2015 03:06:31 -0700 (PDT)
X-Received: by 10.180.88.37 with SMTP id bd5mr18968951wib.82.1443434790946;
Mon, 28 Sep 2015 03:06:30 -0700 (PDT)
Return-Path: <[email protected]>
Received: from africka-sljiva.ex4.info (africka-sljiva.ex4.info. [213.239.193.5])
by mx.google.com with ESMTPS id dj1si21166776wjc.70.2015.09.28.03.06.30
for <[email protected]>
(version=TLSv1.2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128);
Mon, 28 Sep 2015 03:06:30 -0700 (PDT)
Received-SPF: pass (google.com: domain of [email protected] designates 213.239.193.5 as permitted sender) client-ip=213.239.193.5;
Authentication-Results: mx.google.com;
spf=pass (google.com: domain of [email protected] designates 213.239.193.5 as permitted sender) [email protected];
dkim=pass [email protected];
dmarc=pass (p=NONE dis=NONE) header.from=ex4.info
Received: from webmail.ceman.info (localhost.localdomain [127.0.0.1])
by africka-sljiva.ex4.info (Postfix) with ESMTPA id 1532526800AA
for <[email protected]>; Mon, 28 Sep 2015 12:06:30 +0200 (CEST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=ex4.info; s=mail;
t=1443434790; bh=g3zLYH4xKxcPrHOD18z9YfpQcnk/GaJedfustWU5uGs=;
h=Date:From:To:Subject:From;
b=ndP25JiXS44C5X7sEsm8KiIAIlmfwSkx+QXGwf5pXZFgQxJ3eIdMQc3m89hKNacED
ORvLJnj8xarCsoZieesswPkVuZWlKFzyLKSxx9/1kevPpRWaPVRvi55uQwtSNDetER
/zfeNJ33r+w4p9cFZuMZkqzUfUsetsLKKLiWD33Y=
MIME-Version: 1.0
Content-Type: text/plain; charset=US-ASCII;
format=flowed
Content-Transfer-Encoding: 7bit
Date: Mon, 28 Sep 2015 12:06:30 +0200
From: [email protected]
To: [email protected]
Subject: test
Message-ID: <[email protected]>
X-Sender: [email protected]
User-Agent: Roundcube Webmail/1.1.2

In my post #22 you can see conf files of DKIM on my server

 

[UFHH01]

Hi CoyoteKG,

ah... now I see, what you mean.

Additional informations:
DomainKeys is NOT the same as as DKIM ... please see: http://lmgtfy.com/?q="DomainKeys"+"DKIM"+"difference"

At Home > Tools & Settings > Server-Wide Mail Settings , you will see your settings for DomainKeys :

DomainKeys spam protection

Allow signing outgoing mail
Verify incoming mail

If both settings are set, then outgoing mails are checked and incoming mail are verified.

If the "Allow signing outgoing mail" - options is enabled globally, then Plesk will add additional DNS - entries for each domain, like the ones that you already know from your manual DKIM - installation, but with the selector "default" and some slightly different value ( only the "p=xxxxxxxx" - string, instead of the whole default part "v=DKIM1; k=rsa; p=xxxx" ). You now have to add these domain - specific DNS - entries to your nameserver of your domain - provider, just like you already did at your manual DKIM - installation, but with the difference to use "default._domainkey" instead of "mail._domainkey" and please copy the string from Plesk to the value and try not to copy possible line breaks and/or spaces from Plesk, because this might lead to failures. It is again a good idea, to copy the value first to a text - editor of your choice, so that your are able to remove possible line breaks and/or spaces, before you paste it into your value - box of your domain - provider.

Once you setup all DNS - entries correctly, with the additional "default" entries, please wait again up to 48 hours, as mentioned before, because the DNS - server have to sync worldwirde.

During this time, you may check over your mail - log - files, that your outgoing - mails are signed and check for possible errors, which you should post, if you need help with your investigations.
There are several eMail - adresses, which might help you to investigate issues/errors ( for example ):

https://www.port25.com/support/authentication-center/email-verification/​

and/or
send an eMail to: [email protected]


If you need further help with OpenDKIM ( <= correct name for the short word usage "DomainKeys" ) , DKIM, SPF and DMARC, please consider to always include errors from logs, mail - headers, or result - links from mail-tester.com, or automated answers from the mail-checker-mail-adresses and to include possible configuration files ( yes... please each time, when you experience issues, which might have changed, in case of additional settings or modifications. You only leave out additional informations, if your new test - results haven't changed to your previous reply. ) We can only investigate issues based on your last documented informations.