Jump to content
Froxlor Forum

llucps

Members
  • Posts

    66
  • Joined

  • Last visited

  • Days Won

    1

llucps last won the day on October 23 2019

llucps had the most liked content!

llucps's Achievements

Contributor

Contributor (5/14)

  • Conversation Starter
  • Week One Done
  • One Month Later
  • One Year In
  • Collaborator Rare

Recent Badges

1

Reputation

  1. Congratulations! Just out of curiosity, I'm gladly surprise that Bullseye support has been added already. Does that mean that changes between Buster and Bullseye are not that big? Thank you @d00p!
  2. I understand.. I would change to openkdim, but since it's not supported and I'm a bit afraid to make the change in case I screw up my email setup. I'll leave the change I did to remove .priv from lib/Froxlor/Cron/Dns/DnsBase.php for the moment. I would really appreciate if you can add the option the chose both options on the dkim Froxlor settings so I can continue it to use it with dkim-keys for the moment. eventually I'll have to make the change.. I know. Thanks @d00p
  3. umm. sorry I'm not sure I quite follow you.. Do you mean that commit should be revert it? and leave the key name as it was: $privkey_filename = \Froxlor\FileDir::makeCorrectFile(Settings::Get('dkim.dkim_prefix') . '/dkim' . $domain['dkim_id']);
  4. Both .priv and .public files are inside /etc/postfix/dkim directory.. but I don't recall at all the the public keys were referenced on the dkim-config.keys file, I'm pretty sure only the private keys are referenced. So.... I just removed the .priv extension that was added to the commit https://github.com/Froxlor/Froxlor/commit/15a13a7783d85f77efe1619ed85bd46e9ad3935b so the dkim-config.keys looks for: *@xxxxxx.com:xxxxxxx.com:/etc/postfix/dkim/dkim1 *@xxxxxx.com:xxxxxxx.com:/etc/postfix/dkim/dkim2 *@xxxxxx.com:xxxxxxx.com:/etc/postfix/dkim/dkim3 *@xxxxxx.com:xxxxxxx.com:/etc/postfix/dkim/dkim4 *@xxxxxx.com:xxxxxxx.com:/etc/postfix/dkim/dkim5 *@xxxxxx.com:xxxxxxx.com:/etc/postfix/dkim/dkim6 *@xxxxxx.com:xxxxxxx.com:/etc/postfix/dkim/dkim7 and it WORKS Authentication-Results: mx.google.com; dkim=pass header.i=@xxxxxxxxx.com header.s=dkim1 header.b=MAWt7cPM; I don't know what to do now...
  5. Yes I posted the dkim-keys.conf on my previous post, which every line is for every domain I have on my system *@xxxxxx.com:xxxxxxx.com:/etc/postfix/dkim/dkim1.priv *@xxxxxx.com:xxxxxxx.com:/etc/postfix/dkim/dkim2.priv *@xxxxxx.com:xxxxxxx.com:/etc/postfix/dkim/dkim3.priv *@xxxxxx.com:xxxxxxx.com:/etc/postfix/dkim/dkim4.priv *@xxxxxx.com:xxxxxxx.com:/etc/postfix/dkim/dkim5.priv *@xxxxxx.com:xxxxxxx.com:/etc/postfix/dkim/dkim6.priv *@xxxxxx.com:xxxxxxx.com:/etc/postfix/dkim/dkim7.priv What I could try is to undo the .priv change on the commit you did on october the revert it how it was and see if it's working.
  6. Since according to DomainKeys settings in Froxlor, only dkim-filter is supported, I'm using dkim-filter with this following config: # Log to syslog Syslog yes # Required to use local socket with MTAs that access the socket as a non- # privileged user (e.g. Postfix) UMask 002 # Sign for example.com with key in /etc/mail/dkim.key using # selector '2007' (e.g. 2007._domainkey.example.com) Domain /etc/postfix/dkim/domains #KeyFile /etc/mail/dkim.key #Selector 2007 # Common settings. See dkim-filter.conf(5) for more information. #AutoRestart no #Background yes #Canonicalization simple #DNSTimeout 5 #Mode sv #SignatureAlgorithm rsa-sha256 #SubDomains no #ADSPDiscard no #Version rfc4871 #X-Header no ############################################### # Other (less-standard) configuration options # ############################################### # # If enabled, log verification stats here #Statistics /var/run/dkim-filter/dkim-stats # # KeyList is a file containing tuples of key information. Requires # KeyFile to be unset. Each line of the file should be of the format: # sender glob:signing domain:signing key file # Blank lines and lines beginning with # are ignored. Selector will be # derived from the key's filename. KeyList /etc/postfix/dkim/dkim-keys.conf # # If enabled, will generate verification failure reports for any messages # that fail signature verification. These will be sent to the r= address # in the policy record, if any. #SendReports yes # # If enabled, will issue a Sendmail QUARANTINE for any messages that fail # signature verification, allowing them to be inspected later. #Quarantine yes # # If enabled, will check for required headers when processing messages. # At a minimum, that means From: and Date: will be required. Messages not # containing the required headers will not be signed or verified, but will # be passed through #RequiredHeaders yes Socket inet:8891@localhost On-Default accept On-BadSignature accept On-DNSError accept On-InternalError accept On-NoSignature accept On-Security accept and frolxor settings:
  7. Hi @d00p, Yes it did.. I just posted the new dkim.priv files as you can see... Strange that this change has broken my setup.. because it all looks good apparently, but obvisouly isn't working for me Thanks.
  8. Hi, I just found out the that starting on the 8th of November which I believe is when I updated to the latest 0.10.22 froxlor the DKIM fails to send the public key. Looking at the email message source: dkim=temperror (no key for signature) header.i=@xxxxxxxxx.com header.s=dkim1.priv header.b=kWkNNAzJ; I just checked the froxlor database and the public and private keys are there. I also check the /etc/postfix/dkim/ and all the keys are also there, including dkim-keys.conf which lists all domains and its keys In fact I haven't changed or modified anything related to this, not at that I'm aware of anyway. I found this post But I don't know if it's related to my problem, I also restart postfix, dkim-filter, dovecot and the same dkim=temperror (no key for signature) Are you aware if there is change on the latest froxlor update that could cause this? or any idea how else to debug this? It's really strange since nothing seems to be changed from my side. Thanks, Lluc P.D. Could it be a permissions problem? I checked the /etc/postfix/dkim/ directory and the owner is root:root. Is this correct? I don't recall changing this neither. Just in case rings a bell. OK.. could it be this change? I suspect is coming from this change.. maybe? https://github.com/Froxlor/Froxlor/commit/15a13a7783d85f77efe1619ed85bd46e9ad3935b More things: On my /etc/postfix/dkim/ I have: drwxr-xr-x 2 root root 4096 Nov 7 11:32 . drwxr-xr-x 7 root root 4096 Aug 20 11:39 .. -rw-r----- 1 root root 887 Aug 9 10:58 dkim1 -rw-r----- 1 root root 887 Nov 7 11:32 dkim1.priv -rw-r--r-- 1 root root 272 Aug 9 10:58 dkim1.public -rw-r----- 1 root root 887 Aug 9 10:58 dkim2 -rw-r----- 1 root root 887 Nov 7 11:32 dkim2.priv -rw-r--r-- 1 root root 272 Aug 9 10:58 dkim2.public -rw-r----- 1 root root 887 Aug 9 10:58 dkim3 -rw-r----- 1 root root 887 Nov 7 11:32 dkim3.priv -rw-r--r-- 1 root root 272 Aug 9 10:58 dkim3.public -rw-r----- 1 root root 887 Aug 9 10:58 dkim4 -rw-r----- 1 root root 887 Nov 7 11:32 dkim4.priv -rw-r--r-- 1 root root 272 Aug 9 10:58 dkim4.public -rw-r----- 1 root root 887 Aug 9 10:58 dkim6 -rw-r----- 1 root root 887 Nov 7 11:32 dkim6.priv -rw-r--r-- 1 root root 272 Aug 9 10:58 dkim6.public -rw-r----- 1 root root 887 Aug 9 10:58 dkim7 -rw-r----- 1 root root 887 Nov 7 11:32 dkim7.priv -rw-r--r-- 1 root root 272 Aug 9 10:58 dkim7.public which the dkim1, dkim2 etc.. are the "old" private files, and the dkim1.priv dkim2.priv etc. are the new private keys file created with the latest commit I just published above. In the dkim-keys.conf I have: *@xxxxxx.com:xxxxxxx.com:/etc/postfix/dkim/dkim1.priv *@xxxxxx.com:xxxxxxx.com:/etc/postfix/dkim/dkim2.priv *@xxxxxx.com:xxxxxxx.com:/etc/postfix/dkim/dkim3.priv *@xxxxxx.com:xxxxxxx.com:/etc/postfix/dkim/dkim4.priv *@xxxxxx.com:xxxxxxx.com:/etc/postfix/dkim/dkim5.priv *@xxxxxx.com:xxxxxxx.com:/etc/postfix/dkim/dkim6.priv *@xxxxxx.com:xxxxxxx.com:/etc/postfix/dkim/dkim7.priv Although it looks ok to me... it's pointing the the dkim*.priv files
  9. It's ok! I'll wait it doesn't bother me at all. What's important is now we know why it was failing. Thanks.
  10. Yes! that was it It works now. For the moment I just modified the file manually until a new froxlor version comes out Thanks!
  11. Yes.. I'll wait and check again at the end of the day or tomorrow and see if it's a cache problem. I hope it is and it seems so, otherwise I don't know where else to look at. As you see the entry is valid and all looks good fingers crossed! Thanks and I let you know!
  12. I just sent you a private message with the domain Thanks!
  13. Hi, I've upgraded to 0.10.20 and I noticed the removal of underscore in the DKIM selector. I know it's old but I've been using dkim-filter perfectly for 6 years, I don't know if it's coincidence but after the upgrade Google and Outook give a: Authentication-Results: mx.google.com; dkim=temperror (no key for signature) header.i=@xxxxxxxx.com header.s=dkim_1 header.b=gJgMgR3B; DKIM-Signature: v=1; a=rsa-sha256; c=simple/simple; d=xxxxxxx.com; s=dkim_1; t=1596958620; bh=OcFrXmsxPwiq9nLiqWOthXQmkOsI8oRkgTPZrapwNcQ=; h=To:From:Subject:Message-ID:Date:MIME-Version:Content-Type: Content-Transfer-Encoding; b=i6AsOFO6zo8/9OX4mnKexsYMhCkmmD6kwZKOGlCv841/2/6GnifTBNwb0G22llbj8 l4A55phHEFtxWpxqTeremRJRe0pDB8cFwRZ0gc7LWCH5+wJm+1wiK6IA1pMgMF6uVk WOUqByJPsLB0GFVxwAPr/G1Ri+0HtmdhG8lPtTT8= See that the tag s=dkim_1 still has the underscore in it.. I suspect the error comes from this.. Could it be that there is a cache on Google and Outlook servers? I tested the record with "dig" and it seems to be fine. dig dkim1._domainkey.xxxxxxxx.com IN TXT ; <<>> DiG 9.10.6 <<>> dkim1._domainkey.xxxxxxxx.com IN TXT ;; global options: +cmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 47910 ;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1 ;; OPT PSEUDOSECTION: ; EDNS: version: 0, flags:; udp: 512 ;; QUESTION SECTION: ;dkim1._domainkey.xxxxxxxxx.com. IN TXT ;; ANSWER SECTION: dkim1._domainkey.xxxxxxxxx.com. 41008 IN TXT "v=DKIM1;k=rsa;p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDNM1lxpivQagMjp2KAk0wVUw+OeXFKYyzZ1qbTCUQbvWsFmKPasIOq6dK7F+BMYihelr+T4FP5/GFzwcYEZbA9GxOjpW87iVF7qXgOiYndEpu7ELz9sCrx4AQaXwdGMn/4sAIvTtK6hzqehgulWlTAw59grv4WBOx76ss/m0Ui/wIDAQAB;t=s" I also manually deleted the dkim keys from /etc/postfix/dkim and run /usr/bin/php /var/www/froxlor/scripts/froxlor_master_cronjob.php --force --debug to regenerate all the files which it did. And I did also send an email to auth-results@verifier.port25.com and the result is still showing the underscore on DKIM selector: DKIM check details: ---------------------------------------------------------- Result: permerror (syntax error in s= tag: Error in "dkim_1": invalid character U+005F ('_') in domain label) ID(s) verified: DNS record(s): NOTE: DKIM checking has been performed based on the latest DKIM specs (RFC 4871 or draft-ietf-dkim-base-10) and verification may fail for older versions. If you are using Port25's PowerMTA, you need to use version 3.2r11 or later to get a compatible version of DKIM. The TXT record is due to 43200 seconds (7 hours) so maybe I have to wait those hours for all the servers to replicate the dkim selector change? Any idea where else could i look? Thanks!
  14. Hi, I forgot to attached the log I when the cron job failed: [Sat 18 Jul 2020 12:04:02 AM CEST] Please refer to https://curl.haxx.se/libcurl/c/libcurl-errors.html for error code: 6 [Sat 18 Jul 2020 12:04:02 AM CEST] Can not init api. [Sat 18 Jul 2020 12:04:03 AM CEST] Please refer to https://curl.haxx.se/libcurl/c/libcurl-errors.html for error code: 6 [Sat 18 Jul 2020 12:04:03 AM CEST] Can not init api. [Sat 18 Jul 2020 12:04:03 AM CEST] Please refer to https://curl.haxx.se/libcurl/c/libcurl-errors.html for error code: 6 [Sat 18 Jul 2020 12:04:45 AM CEST] Can not get domain new authz. [Sat 18 Jul 2020 12:04:45 AM CEST] Please add '--debug' or '--log' to check more details. [Sat 18 Jul 2020 12:04:45 AM CEST] See: https://github.com/acmesh-official/acme.sh/wiki/How-to-debug-acme.sh [Sat 18 Jul 2020 12:04:45 AM CEST] Error renew subdomain.maindomain.com. According to the documentation error code 6 is "Couldn't resolve host. The given remote host was not resolved.", so it might well be a one-time problem. I have other domains and another server with Froxlor with the latest 0.10.19 and I haven't had any problems, all domains have been renewed eventually with no issues. I also saw this other post, I don't know if it could be related. Thanks anyway!
×
×
  • Create New...