Page 1 of 3 | 1 | 2 | 3 | > | >> | All |
Posted By: myleene on April 26, 2015, 8:12 pm |
Applies to:
- Webuzo 2.3.4 - Centos 6.5 64bit - Exim 4.72 - A dedicated server having its own IP (*) It should work for different setups with minor adjustments. Detail: I couldn't find a guide detailing steps to do it and had to spend 2-3 hours on how to do it. I didn't even know what "DKIM" or "SPF" meant before my email started being rejected by GMail and I stopped receiving emails from my WordPress without me changing anything. Please note that I'm a novice in linux and that there may surely be an easier method to do this. I'm sharing as I really like Webuzo and I believe it may help others. Steps: 1) Start an ssh session and go to /etc/exim/ (*) It's not required, but it'll help in the next few steps. 2) Generate a private and public key to sign your messages with openssl: #openssl genrsa -out dkim.private.key 1024 (*) It works well if you get "Returned error code 0" and you see a file named "dkim.private.key" in that directory. 3) Extract the public key from the private key #openssl rsa -in dkim.private.key -out dkim.public.key -pubout -outform PEM (*) A new file named "dkim.private.key" will be created in this directory. 4) Open exim.conf to modify it: Replace: remote_smtp: driver = smtp With: remote_smtp: driver = smtp dkim_domain = ${lc:${domain:$h_from:}} dkim_selector = x dkim_private_key = /etc/exim/dkim.private.key dkim_canon = relaxed (*) It allows all domains linked to this server to use DKIM and use the private key you just created. if you opt to change "dkim_selector" it'll need to be adjusted in later steps. 5) Restart Exim (*) I go to "services" in Webuzo, but there are other options. 6) Adjust your DNS settings 6.1) If you don't have a mx record, create one: Priority: 1 Host: @ Points to: @ 6.2) Create a TXT setting specifying your SPF settings: Host: @ txt value: v=spf1 a mx ip4:999.999.9.99 ip6:9999:9999:99:3a32:: ~all (*) Adjust to your IPs. It's the only thing required for SPF to work. 6.3) Create a TXT setting specifying your DKIM: Host: x._domainkey txt value: v=DKIM1; p=<your public key> (*) If you changed "dkim_selector" under "Host", "x" will need to be adjusted accordingly. How to test: - https://www.dnswatch.info/dkim/create-dns-record - https://www.mail-tester.com/spf-dkim-check Then: send an email from this address to an external email and check if both SPF and DKIM are specified correctly in the header. You should see "spf=pass" and "dkim=pass" as well as other configurations depending on which email provider you send to. Hotmail and GMail are both good to confirm these settings. |
Posted By: peopleinside on July 6, 2015, 9:38 am | Post: 2 |
@myleene thanks for this post.
Some question: When you told to put the public key in point 6.3 to do that i have to download the public key file, open it and copy and paste in DNS the code between -----BEGIN PUBLIC KEY----- and -----END PUBLIC KEY----- or i should decode base 64 and than paste into DNS record? And in DNS record should pasted into <> or without <>? Also if I'M not using Webuzo for DNS record will work if i use CloudFlare? The point 6.3 i can do in Cloudflare where my DNS is used and the step 7 i should do in webuzo also if I'M not using DNS of Webuzo? Thanks. ----------------------- PeopleInside Web, security, open source passionate. |
Posted By: peopleinside on July 6, 2015, 4:50 pm | Post: 3 |
All solved, all works fine.
Yes the public key should be copied as is in the file between.. and should not edited or encoded, decoded. Pasted as is. Step 7 is better not skip And no issue with Cloudflare. Solved. Works THANKS ----------------------- PeopleInside Web, security, open source passionate. |
Posted By: awan89 on December 22, 2015, 4:59 am | Post: 4 |
Quote From : myleene April 26, 2015, 8:12 pm Applies to:
- Webuzo 2.3.4 - Centos 6.5 64bit - Exim 4.72 - A dedicated server having its own IP (*) It should work for different setups with minor adjustments. Detail: I couldn't find a guide detailing steps to do it and had to spend 2-3 hours on how to do it. I didn't even know what "DKIM" or "SPF" meant before my email started being rejected by GMail and I stopped receiving emails from my WordPress without me changing anything. Please note that I'm a novice in linux and that there may surely be an easier method to do this. I'm sharing as I really like Webuzo and I believe it may help others. Steps: 1) Start an ssh session and go to /etc/exim/ (*) It's not required, but it'll help in the next few steps. 2) Generate a private and public key to sign your messages with openssl: #openssl genrsa -out dkim.private.key 1024 (*) It works well if you get "Returned error code 0" and you see a file named "dkim.private.key" in that directory. 3) Extract the public key from the private key #openssl rsa -in dkim.private.key -out dkim.public.key -pubout -outform PEM (*) A new file named "dkim.private.key" will be created in this directory. 4) Open exim.conf to modify it: Replace: remote_smtp: driver = smtp With: remote_smtp: driver = smtp dkim_domain = ${lc:${domain:$h_from:}} dkim_selector = x dkim_private_key = /etc/exim/dkim.private.key dkim_canon = relaxed (*) It allows all domains linked to this server to use DKIM and use the private key you just created. if you opt to change "dkim_selector" it'll need to be adjusted in later steps. 5) Restart Exim (*) I go to "services" in Webuzo, but there are other options. 6) Adjust your DNS settings 6.1) If you don't have a mx record, create one: Priority: 1 Host: @ Points to: @ 6.2) Create a TXT setting specifying your SPF settings: Host: @ txt value: v=spf1 a mx ip4:999.999.9.99 ip6:9999:9999:99:3a32:: ~all (*) Adjust to your IPs. It's the only thing required for SPF to work. 6.3) Create a TXT setting specifying your DKIM: Host: x._domainkey txt value: v=DKIM1; p=<your public key> (*) If you changed "dkim_selector" under "Host", "x" will need to be adjusted accordingly. How to test: - https://www.dnswatch.info/dkim/create-dns-record - https://www.mail-tester.com/spf-dkim-check Then: send an email from this address to an external email and check if both SPF and DKIM are specified correctly in the header. You should see "spf=pass" and "dkim=pass" as well as other configurations depending on which email provider you send to. Hotmail and GMail are both good to confirm these settings. --------------------------- Hai myleene, what do you mean "Host: @ " on the step 6.1 & 6.2? it's that just a symbol?? or it's a simbolic for a domain?? And for step 7 that you forget, can you more specify the steps? what is the format of the domain on input name in webuzo?? example: domain.com or info@domain.com? I Has been attach my webuzo setting at the moment, it's that correct?? hope some one can review & help. Thank you hope also someone else can help, i'm very frustating with DKIM & SPF settings on my webuzo account. many thanks |
Posted By: peopleinside on December 22, 2015, 1:46 pm | Post: 5 |
Hi awan89,
in the DNS you need to have an MX records for use email. Do you use email? Well so you have to decide if use mail.yourserver.ext for example. So you need to create an MX record called mail.yourdomain.ext mail handeled by if you manage the email in the same server where point your domain you can put yourserver.ext TTL maybe 10 is good. This on reply how to do point 6.1 For 6.2 suggest to use a wizard for create SPF record. This one: http://www.spfwizard.net/ or google winzard spf. For check after some minutes if is ok use this website: http://www.kitterman.com/spf/validate.html also this website https://www.mail-tester.com/spf-dkim-check also for test DKIM / is same of 6.3 so don't worry about point 7 skip it if you have already done Quote I forgot step 7:
7) In Webuzo, go to "Advance DNS Setting" and for the domain you wish to send email from add a txt record exactly as you did in step 6.3. I can imagine your frustration, is very hard in Webuzo set DKIM and SPF as they are not supported by the panel. Once you finished all test your settings here: https://www.mail-tester.com/ No need I look into your screen for tell if is correct or not, you have to test. Remember, are your domain using DNS on your server? If your nameserver points to the VPS where is installed webuzo is ok if not maybe you have to set up DNS where you have the domain name registered. From a first check i can't find records in your DNS of SPF on ballavata.com ----------------------- PeopleInside Web, security, open source passionate. |
Posted By: peopleinside on December 22, 2015, 5:31 pm | Post: 7 |
Hi awan89,
yes your emails goes into SPAM for SPF and DKIM also please use this link to test: https://www.mail-tester.com/ IT'S easy and safe, just send an email from your domain email address to the temp address generated in this page than press the button in the webpage and check issues. From your domain record I can see you are using DigitalOcean so your DNS record will be not readed in Webuzo. You have to work in DNS on the DigitalOcean. I tried to to the test at this page: https://www.mail-tester.com/spf-dkim-check by putting your domain baliavata.com and seems to be good. Let me check now here: http://www.kitterman.com/spf/validate.html Your SPF pass is OK so please do the test here: https://www.mail-tester.com/ I cannot do this for you and let me know your point if is 5/6 or 10/10 you will see all errors and what to fix. Emails go also into Gmail antispam if you have only redirection but not account email created in Webuzo, maybe. Let me know ----------------------- PeopleInside Web, security, open source passionate. |
Posted By: awan89 on December 22, 2015, 6:26 pm | Post: 9 |
Sory attachment not allowed by the forum.
|
Posted By: awan89 on December 22, 2015, 6:32 pm | Post: 10 |
The result
-0.001 BODY_SINGLE_WORD BODY_SINGLE_WORD -0.1 DKIM_SIGNED Message has a DKIM or DK signature, not necessarily valid This negative score will become positive if the signature is validated. See immediately below. 0.1 DKIM_VALID Message has at least one valid DKIM or DK signature Great! Your signature is valid 0.1 DKIM_VALID_AU Message has a valid DKIM or DK signature from author's domain Great! Your signature is valid and it's coming from your domain name -1.985 PYZOR_CHECK Listed in Pyzor (http://pyzor.sf.net/) 0.001 SPF_HELO_PASS SPF: HELO matches SPF record 0.001 SPF_PASS SPF: sender matches SPF record Great! Your SPF is valid 0.01 T_RP_MATCHES_RCVD Envelope sender domain matches handover relay domain |
Posted By: peopleinside on December 22, 2015, 7:44 pm | Post: 11 |
Sorry awan89 this not help me to understand.
Please consider to post a screenshot or better if you can open a ticket with screenshot and link in that test page at the bottom. You will find the link to share results. You can write privately to me at https://supporto.peopleinside.it or you can try to find me in chat. The test page give you a genaral vote, what vote you get? on the top? ----------------------- PeopleInside Web, security, open source passionate. |
Posted By: peopleinside on December 23, 2015, 12:24 pm | Post: 13 |
Hi awan89,
thank you for your reply. 9/10 is a great vote, your email is almost perfect. Maybe you miss 1 point of what? Maybe can be issue with DKIM? If you want to have 10/10 you shoud try the test again and maybe share the link of the test, maybe privately as in the top of the test will be visible your email address. 9/10 is good enough. I have 10/10 but 9/10 is good. You can keep DNS on Webuzo, will be not affect anything. No need to be deleted, just know is not read from the web, the DNS read is on Oceano ----------------------- PeopleInside Web, security, open source passionate. |