DKIM funktioniert nicht

K

ka3ax

New Member
Hallo,

ich versuche nun mit DKIM die Mails zu signifizieren. Habe mich nach Anleitung gehalten, aber leider funktioniert nicht und ich finde den Fehler nicht.

Bin für jeden Hinweis dankbar.

Main opendkim.conf
Code: 
# This is a basic configuration that can easily be adapted to suit a standard
# installation. For more advanced options, see opendkim.conf(5) and/or
# /usr/share/doc/opendkim/examples/opendkim.conf.sample.

# Log to syslog
Syslog                  yes
# Required to use local socket with MTAs that access the socket as a non-
# privileged user (e.g. Postfix)
UMask                   002

# Sign for example.com with key in /etc/mail/dkim.key using
# selector '2007' (e.g. 2007._domainkey.example.com)
Domain                  [DOMAIN.de]
KeyFile                 /etc/opendkim/private_key
Selector                dkim

# Commonly-used options; the commented-out versions show the defaults.
#Canonicalization       simple
#Mode                   sv
#SubDomains             no
#ADSPDiscard            no

# Always oversign From (sign using actual From and a null From to prevent
# malicious signatures header fields (From and/or others) between the signer
# and the verifier.  From is oversigned by default in the Debian pacakge
# because it is often the identity key used by reputation systems and thus
# somewhat security sensitive.
OversignHeaders         From

# List domains to use for RFC 6541 DKIM Authorized Third-Party Signatures
# (ATPS) (experimental)

#ATPSDomains            example.com

# von Roman eingefügt ----------------------------
# Our KeyTable and SigningTable
KeyTable refile:/etc/opendkim/KeyTable
SigningTable refile:/etc/opendkim/SigningTable

# Trusted Hosts
#ExternalIgnoreList /etc/opendkim/TrustedHosts
InternalHosts /etc/opendkim/TrustedHosts

# Hashing Algorithm
SignatureAlgorithm rsa-sha256

# Auto restart when the failure occurs. CAUTION: This may cause a tight fork loops
#AutoRestart Yes

# Set the user and group to opendkim user
UserID opendkim:opendkim

# Specify the working socket
Socket inet:8891@localhost


dkim Einträge im Postfix conf
Code: 
# OpenDKIM
milter_default_action = accept
milter_protocol = 2
smtpd_milters = inet:localhost:8891
non_smtpd_milters = $smtpd_milters

Meldungen beim starten von opendkim
Code: 
 tail -f /var/log/mail.log |grep -i dkim
May  5 23:29:40 [DOMAIN] opendkim[2162]: OpenDKIM Filter: mi_stop=1
May  5 23:29:40 [DOMAIN] opendkim[2162]: OpenDKIM Filter v2.6.8 terminating with status 0, errno = 0
May  5 23:29:40 [DOMAIN] opendkim[5105]: OpenDKIM Filter v2.6.8 starting (args: -x /etc/opendkim.conf -u opendkim -P /var/run/opendkim/opendkim.pid)
Der Dienst wird erst beendet, weil ich opendkim neustarte. Habe eben probiert erst anzuhalten und dann starten: die Zeiten sind dann auch getrennt. So das beim starten nur die letzte Zeile auftaucht.

Der TXT-Eintrag im DNS, ist korrekt. Habe ihn bei http://dkimcore.org/tools/dkimrecordcheck.html geprüft, wird erkannt.

Wenn ich aber eine mail an appmaildev.com schicke, bekomme ich das hier als antwort
Code: 
This email is an automatic response from AdminSystem DKIM verifier service (1.0.0.5).
The service allows email senders to perform a simple check of SPF, DKIM and DomainKeys.
It is provided free of charge, in the hope that it is useful to the email community.

We welcome any feedback you may have at <support@emailarchitect.net>.
Thank you for using the service.
AdminSystem Software Limited

============================================================
SPF result: Pass
============================================================
Domain: [DOMAIN.de]
IP: [IP-ADRESSE]

SPF Record: [DOMAIN.de]
	IN TXT = "v=spf1 mx ip4:[IP-ADRESSE] -all"


---SPF Trace Log---
Start to check SPF record
Sender IP:[IP-ADRESSE]
Sender Domain:[DOMAIN.de]

Parse Sender-IP [IP-ADRESSE]
Query TEXT record from DNS server for: [DOMAIN.de]
[TXT]: v=spf1 mx ip4:[IP-ADRESSE] -all
Parsing SPF record: v=spf1 mx ip4:[IP-ADRESSE] -all

Mechanisms: v=spf1

Mechanisms: mx
Testing mechanism mx
Query MX record from DNS server for: [DOMAIN.de]
[MX]: mail.[DOMAIN.de]
Testing mechanism A:mail.[DOMAIN.de]/128
Query A record from DNS server for: mail.[DOMAIN.de]
[A]: [IP-ADRESSE]
Testing CIDR: source=[IP-ADRESSE];  [IP-ADRESSE]/128
mx hit, Qualifier: +


============================================================
DomainKey result: none (no signature)
============================================================


============================================================
DKIM result: permerror (no key)
============================================================
Signed by: [ABSENDER]@[DOMAIN.de]
Expected Body Hash: rD2nW3CWIuM0qZz806I/nbNmk9S7GewywTwwPPjk9GQ=

---Original Message Header---
x-sender: [ABSENDER]@[DOMAIN.de]
x-receiver: AAAA3gcFBREA@appmaildev.com
Received: from [DOMAIN.de] ([[IP-ADRESSE]]) by mail.appmaildev.com with Microsoft SMTPSVC(7.5.7600.16385);
	 Mon, 5 May 2014 17:35:48 -0400
Received: from [192.168.1.21] (g228042216.adsl.alicedsl.de [92.228.42.216])
	by [DOMAIN.de] (Postfix) with ESMTPSA id 41D23A408C2
	for <AAAA3gcFBREA@appmaildev.com>; Mon,  5 May 2014 23:35:34 +0200 (CEST)
DKIM-Signature: v=1; a=rsa-sha256; c=simple/simple; d=[DOMAIN.de]; s=mail;
	t=1399325734; bh=rD2nW3CWIuM0qZz806I/nbNmk9S7GewywTwwPPjk9GQ=;
	h=Subject:From:Date:To:From;
	b=Js2vAlFatCID9QvkPYtFaUksuxxGatz3F8bA6nXqb9igUIO8vPfkO6oobTBRfSMNJ
	 rUNdkU3ttE4JOj0GQOLxJreU6Jdui+B0zT8MANMmzmlHQx1TPQNa0WGr7isNjDhaVi
	 qJdyy/lWzRNmI1jTe4KPnfcPciznN5Pvj6A05amE=
Subject: Dkim Test
From: <[ABSENDER]@[DOMAIN.de]>
Content-Type: text/plain;
	charset=utf-8
X-Mailer: iPhone Mail (11D167)
Message-Id: <3DE5453D-74D1-4520-8D01-6010CC418783@[DOMAIN.de]>
Date: Mon, 5 May 2014 23:35:34 +0200
To: "AAAA3gcFBREA@appmaildev.com" <AAAA3gcFBREA@appmaildev.com>
Content-Transfer-Encoding: quoted-printable
Mime-Version: 1.0 (1.0)
Return-Path: [ABSENDER]@[DOMAIN.de]
X-OriginalArrivalTime: 05 May 2014 21:35:48.0655 (UTC) FILETIME=[FAFB03F0:01CF68A9]
 
Last edited by a moderator:
sooo, ich habe jetzt beim googeln ein ähnliches Problem gefunden. Die Lösung war, das man in der opendkim.conf diese Zeilen auskommentiert hat.
Code: 
#KeyTable refile:/etc/opendkim/KeyTable
#SigningTable refile:/etc/opendkim/SigningTable

Ich habe das selbe gemacht und nun werden die Mails bei Googel als signiert angezeigt.

Das Tool appmaildev.com zeigt nun DKIM als bestanden an
Code: 
This email is an automatic response from AdminSystem DKIM verifier service (1.0.0.5).
The service allows email senders to perform a simple check of SPF, DKIM and DomainKeys.
It is provided free of charge, in the hope that it is useful to the email community.

We welcome any feedback you may have at <support@emailarchitect.net>.
Thank you for using the service.
AdminSystem Software Limited

============================================================
SPF result: Pass
============================================================
Domain: [DOMAIN.DE]
IP: [IP]

SPF Record: [DOMAIN.DE]
	IN TXT = "v=spf1 mx ip4:[IP] -all"


---SPF Trace Log---
Start to check SPF record
Sender IP:[IP]
Sender Domain:[DOMAIN.DE]

Parse Sender-IP [IP]
Query TEXT record from DNS server for: [DOMAIN.DE]
[TXT]: v=spf1 mx ip4:[IP] -all
Parsing SPF record: v=spf1 mx ip4:[IP] -all

Mechanisms: v=spf1

Mechanisms: mx
Testing mechanism mx
Query MX record from DNS server for: [DOMAIN.DE]
[MX]: mail.[DOMAIN.DE]
Testing mechanism A:mail.[DOMAIN.DE]/128
Query A record from DNS server for: mail.[DOMAIN.DE]
[A]: [IP]
Testing CIDR: source=[IP];  [IP]/128
mx hit, Qualifier: +


============================================================
DomainKey result: none (no signature)
============================================================


============================================================
DKIM result: pass
============================================================
Signed by: [ABSENDER]@[DOMAIN.DE]
Expected Body Hash: aZCcAl4b9cIcquYHMquCsnoszgGRNrK3R12/fOlktsE=

PublicKey: dkim._domainkey.[DOMAIN.DE]
	IN TXT = "v=DKIM1;h=rsa-sha256;k=rsa;p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDhXRe0CP6p9xHXkopqZZSlDGljffp0R9LUXM6FmCtY1M/atqSZ3hYe7uDAN3DL6LpTmXqyG1FUxL5R4QZYotWwsxic8fHQM//gqnl79Q7pqOfNROTGCdetn9kp//V8Zg1ajX9Hx1hVczg4Gbw9Nw4eP12dF6Pg61ckKbMfWdZGSwIDAQAB;"

---Original Message Header---
x-sender: [ABSENDER]@[DOMAIN.DE]
x-receiver: AAAA3gcFBREA@appmaildev.com
Received: from [DOMAIN.DE] ([[IP]]) by mail.appmaildev.com with Microsoft SMTPSVC(7.5.7600.16385);
	 Tue, 6 May 2014 16:59:16 -0400
Received: by [DOMAIN.DE] (Postfix, from userid 33)
	id 68315A40940; Tue,  6 May 2014 22:58:56 +0200 (CEST)
DKIM-Signature: v=1; a=rsa-sha256; c=simple/simple; d=[DOMAIN.DE]; s=dkim;
	t=1399409936; bh=aZCcAl4b9cIcquYHMquCsnoszgGRNrK3R12/fOlktsE=;
	h=To:Subject:Date:From:From;
	b=DqtdZHc4xT6HbC70mpnfaFXGfbRzDHnfOMhzMGeV40eYuberEEbgNvj6yKwT/dQPp
	 //BGxNXYo9wFCYIZpyPvrq659sRKFLNpAftgZv1W8XfPJidNQ5U2O4odd7SHk8IhUV
	 46C57QYRBL+QHuKmTfO9qGmvrAyT7/XmwQ6e408A=
To: AAAA3gcFBREA@appmaildev.com
Subject: dkim test
X-PHP-Originating-Script: 1000:rcube.php
MIME-Version: 1.0
Content-Type: multipart/alternative;
 boundary="=_2ba0022fe7933c8ce3bc7c904d506af3"
Date: Tue, 06 May 2014 22:58:56 +0200
From: Roman Lutz <[ABSENDER]@[DOMAIN.DE]>
Message-ID: <dfa1b16187714037be97dbcc56d233b2@[DOMAIN.DE]>
X-Sender: [ABSENDER]@[DOMAIN.DE]
User-Agent: Webmail
Return-Path: [ABSENDER]@[DOMAIN.DE]
X-OriginalArrivalTime: 06 May 2014 20:59:17.0123 (UTC) FILETIME=[0B238530:01CF696E]

Jetzt Frage ich mich, welche Bedeutung haben die Auskommentierte Zeilen?

Bei appmaildev.com Steht das DKIM-Test bestanden wurde, aber für DomainKey keine Signatur vorhanden ist. Das verstehe ich nicht ganz. Ich dachte DKIM ist "DomainKey"!?
 
You must log in or register to reply here.
Back
Top