Ive been struggling the last couple of hours with setting up DKIM on my Postfix/CentOS 5.3 server.
It finally sends and signs the emails, but apparently Google still does not like it. The errors I'm getting are:
dkim=neutral (bad version)
[email protected]
from googles "show original" interface.
This is what my DKIM-signature header look like:
v=1; a=rsa-sha1; c=simple/simple;
d=mydomain.com.au; s=default;
t=1267326852;
bh=0wHpkjkf7ZEiP2VZXAse+46PC1c=;
h=Date:From:Message-Id:To:Subject;
b=IFBaqfXmFjEojWXI/WQk4OzqglNjBWYk3jlFC8sHLLRAcADj6ScX3bzd+No7zos6i
KppG9ifwYmvrudgEF+n1VviBnel7vcVT6dg5cxOTu7y31kUApR59dRU5nPR/to0E9l
dXMaBoYPG8edyiM+soXo7rYNtlzk+0wd5glgFP1I=
Very appreciative of any suggestions as to how I can solve this problem!
Btw, here is exactly how I installed dkim-milter in CentOS 5.3 for postfix, if anyone is interested (based on this guide):
mkdir dkim-milter
cd dkim-milter
wget http://www.topdog-software.com/oss/dkim-milter/dkim-milter-2.8.3-1.x86_64.rpm
======S======
Newest version: http://www.topdog-software.com/oss/dkim-milter/
======E======
rpm -Uvh dkim-milter-2.8.3-1.x86_64.rpm
/usr/bin/dkim-genkey -r -d mydomain.com.au
======S======
add contents of default.txt to DNS as TXT
_ssp._domainkey TXT dkim=unknown
_adsp._domainkey TXT dkim=unknown
default._domainkey TXT v=DKIM1; g=*; k=rsa; p=MIGfMA0GCSqGSIb3DQEBAQUAA4GWETBNiQKBgQC5KT1eN2lqCRQGDX+20I4liM2mktrtjWkV6mW9WX7q46cZAYgNrus53vgfl2z1Y/95mBv6Bx9WOS56OAVBQw62+ksXPT5cRUAUN9GkENPdOoPdpvrU1KdAMW5c3zmGOvEOa4jAlB4/wYTV5RkLq/1XLxXfTKNy58v+CKETLQS/eQIDAQAB
======E======
mv default.private default
mkdir /etc/mail/dkim/keys/mydomain.com.au
mv default /etc/mail/dkim/keys/mydomain.com.au
chmod 600 /etc/mail/dkim/keys/mydomain.com.au/default
chown dkim-milt.dkim-milt /etc/mail/dkim/keys/mydomain.com.au/default
vim /etc/dkim-filter.conf
======S======
ADSPDiscard yes
ADSPNoSuchDomain yes
AllowSHA1Only no
AlwaysAddARHeader no
AutoRestart yes
AutoRestartRate 10/1h
BaseDirectory /var/run/dkim-milter
Canonicalization simple/simple
Domain mydomain.com.au #add all your domains here and
seperate them with comma
ExternalIgnoreList /etc/mail/dkim/trusted-hosts
InternalHosts /etc/mail/dkim/trusted-hosts
KeyList /etc/mail/dkim/keylist
LocalADSP /etc/mail/dkim/local-adsp-rules
Mode sv
MTA MSA
On-Default reject
On-BadSignature reject
On-DNSError tempfail
On-InternalError accept
On-NoSignature accept
On-Security discard
PidFile /var/run/dkim-milter/dkim-milter.pid
QueryCache yes
RemoveOldSignatures yes
Selector default
SignatureAlgorithm rsa-sha1
Socket inet:20209@localhost
Syslog yes
SyslogSuccess yes
TemporaryDirectory /var/tmp
UMask 022
UserID dkim-milt:dkim-milt
X-Header yes
======E======
vim /etc/mail/dkim/keylist
======S======
*@mydomain.com.au:mydomain.com.au:/etc/mail/dkim/keys/mydomain.com.au/default
======E======
vim /etc/postfix/main.cf
======S====== Add:
smtpd_milters = inet:localhost:20209
non_smtpd_milters = inet:localhost:20209
milter_protocol = 2
milter_default_action = accept
======E======
vim /etc/mail/dkim/trusted-hosts
======S======
localhost
127.0.0.1
======E======
/etc/mail/local-host-names
======S======
localhost
127.0.0.1
======E======
/sbin/chkconfig dkim-milter on
/etc/init.d/dkim-milter start
/etc/init.d/postfix restart