Thanks Todd,

In fact everywhere it says example.com should say zaaam.com. I edited the email
and replaced all zaaam by example.
The problem is not there :(

Should I remove dkim and install Opendkim then?



________________________________
From: Todd Lyons <***@ivenue.com>
To: "***@yahoo.com" <***@yahoo.com>; dkim-milter general
discussion <dkim-milter-***@lists.sourceforge.net>
Sent: Mon, 27 September, 2010 1:22:01
Subject: Re: [dkim-milter-discuss] [SPAM] Help would be appreciated bad sig +
hardfail ?!

Your dkim-filter config file still has the domain set to "example.com"
instead of whatever real domain you are sending email as. So
dkim-filter is generating signatures for the domain "example.com",
which you do not own. When Yahoo tries to look up the dns for
example.com, it's not asking your local dns server for the key info,
it's looking it up in public DNS, which goes to IANA servers (because
they own the domain).

By the sound of it, you actually created your private key in the
zaaam.com domain, and testing that I see:

# dig +short -t txt mail._domainkey.zaaam.com
"v=DKIM1\; g=*\; k=rsa\; t=y\;
p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCdVfaH7HsphCUPCmEiABGx96PvDMrqC0ZQ324gZ5ND3btqtZnVglPlLVicg3LjAzMFmPiuYs7log4xQ2705G/gicNRlbP4ZjPTL2yqshKy1DNRfw4vSgUpMRfQVfcPeag32geSayoVEmu+MvAy136jphNnAxr18AUEKJDBycf7iQIDAQAB"


This means that you need to modify your dkim-filter.conf to sign for
the zaaam.com domain instead of example.com. You also have a few
entries in your /etc/mail/hosts which have example.com appended to
them, which seems incorrect, but I do not know for sure what local
host names you give to your machines.

One final note: development has stopped for this dkim-filter. It was
forked back in 2009 and a new project was started called opendkim,
it's on sourceforge, and the home website is http://www.opendkim.org.
The current version is opendkim-2.1.3 and an opendkim-2.2.0 release is
probably a week or so away.

Regards.... Todd

On Sun, Sep 26, 2010 at 5:24 PM, ***@yahoo.com
<***@yahoo.com> wrote:
>
> I'm running ubuntu 10.04 with postfix and dkim-filter.
> All my configuration checks out ok...or at least I think so. But dkim sig is
>not being accepted by yahoo and gmail servers.
> My postfix main.cf
> # DKIM
> milter_default_action = accept
> milter_protocol = 2
> smtpd_milters = inet:localhost:8891
> non_smtpd_milters = inet:localhost:8891
> My /etc/default/dkim-filter
> SOCKET="inet:***@localhost" # Ubuntu default - listen on loopback on port
8891
> My /etc/dkim-filter.conf
> Syslog yes
> LogWhy True
> # Required to use local socket with MTAs that access the socket as a non-
> # privileged user (e.g. Postfix)
> #UMask 002
> # Sign for example.com with key in /etc/mail/dkim.key using
> # selector '2007' (e.g. 2007._domainkey.example.com)
> Domain example.com
> KeyFile /etc/mail/mail.key
> Selector mail
> InternalHosts /etc/mail/hosts
> # Common settings. See dkim-filter.conf(5) for more information.
> AutoRestart yes
> Background yes
> Canonicalization relaxed/relaxed
> DNSTimeout 5
> Mode sv
> SignatureAlgorithm rsa-sha256
> SubDomains yes
> #ADSPDiscard no
> #Version rfc4871
> X-Header no
> ###############################################
> # Other (less-standard) configuration options #
> ###############################################
> My InternalHosts file /etc/mail/hosts
> 127.0.0.1/8
> 192.168.1.0/24
> localhost
> example.com
> www.example.com
> mail.example.com
> cerebrus.example.com
> umongus.example.com
> My Bind9 Dns entries for the example domain
> mail._domainkey IN TXT "k=rsa;
>p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDBcAtF+RCk9wpagy3b3Y8566FWZ354fMjlz7ZmYYJzg+GT1ruGl/lvwXZkQTzMyvpGgBM5ShUmopVswN3Cv/+M1UTU8lto1fnTFJb2bu$
>
> _domainkey IN TXT "t=y; o=-"
> My Maddog domain dns entries:
> mail._domainkeyv=DKIM1; g=*; k=rsa; t=y;
>p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCdVfaH7HsphCUPCmEiAB
>Gx96PvDMrqC0ZQ324gZ5ND3btqtZnVglPlLVicg3LjAzMFmPiuYs7log4xQ2
>705G/gicNRlbP4ZjPTL2yqshKy1DNRfw4vSgUpMRfQVfcPeag32geSayoVEm
>u+MvAy136jphNnAxr18AUEKJDBycf7iQIDAQAB1 Hour
> _domainkeyt=y; o=-1 Hour
>
> Tests DONE:
> mail.log shows
> Sep 26 23:51:48 hostname dkim-filter[6880]: 7440A1C72EFF mode select: signing
> tests online:
> http://domainkeys.sourceforge.net/policycheck.html
>
> Testing example.com
>
> Policy TXT=t=y; o=-
>
> This policy record appears valid.
>
> http://domainkeys.sourceforge.net/selectorcheck.html
>
> mail._domainkey.example.com
>
> TXT Record length = 230
>
> k=rsa; t=y;
>p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCdVfaH7HsphCUPCmEiABGx96PvDM
>
>...rqC0ZQ324gZ5ND3btqtZnVglPlLVicg3LjAzMFmPiuYs7log4xQ2705G/gicNRlbP4ZjPTL2yqshKy1D
>D
>
> ...NRfw4vSgUpMRfQVfcPeag32geSayoVEmu+MvAy136jphNnAxr18AUEKJDBycf7iQIDAQAB
>
> This selector appears valid.
>
> TagValueExplanation
> krsaThe public key algorithm used to verify the signature
> pMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKB
> gQCdVfaH7HsphCUPCmEi...Modulus Size=1024
> Exponent=65537
> tyThis Selector is in test mode
>
> EMAIL RESPONSES FROM YAHOO HEADERS:
>
> Received-SPF: pass (mta1259.mail.ac4.yahoo.com: domain of ***@example.com
>designates "MY IP" as permitted sender)
>
> X-YMailISG: c.gT32wcZAq6BhWv1Ruvg855nFbd_y5ko.Kp_udqSapMrJKA
>
> _49jz8gJqUMIJbLm7CB1JrGSYyus_6sTpfVpBb_Eamd3vwqlgv2.mcBfIQhn
>
> IHf9p9h26.gUl4Mg8qVCm1sWDZz4ZsFzTul5hOI9MDKEwuKH7PNx_NfppAfE
>
> T5yYi9rUFe8Un5RdTeTj0ExUnwD1t9YG._qzYUX9o.MDd2JawZ.Vxy9.uHYa
>
> fj.ss65SfUrVBJ1myXnc8XQBbCPi6wUV_HgmiTsUyxaLEo3woAP_fPVtuz4C
>
> OqC5sB_Qc9FOzuNnnxYKbUa7lXPLDy.9ALT6BpRt7CeCL0LhJOSwM02g4ikf
>
> 4K9sZ2eFGS3uQ_IFJxEt_asaa2lOaFkwooP6YdqAtWwAOjDoDRnE1ecv6MUf
>
> bVhVJGgMksYXb.faMi0EriW1vkBqFu3hcwwQUSbi75TTCWN3ScBbSb1njm5X
>
> 2dmWhYkox602qDW4pzXoZIQ2gmNB
>
> X-Originating-IP: [MY IP]
>
> Authentication-Results: mta1259.mail.ac4.yahoo.com from=example.com;
>domainkeys=neutral (no sig); from=example.com; dkim=permerror (bad sig)
>
> DKIM-Signature: v=1; a=rsa-sha256; c=simple/simple; d=zaaam.com; s=mail;
>
> t=1285544437; bh=+RXOTVB28eXhx0k/tu8av/BLmD8wZpkVU5Pa6hB6w4I=;
>
> h=To:Date:Subject:Message-ID:From:MIME-Version:Content-Type;
>
> b=bu3Eqt4KXl2um8ivT6+BHKDLYTibUHK6eTAmYMPW9vDVVyg2lqfzntL06n5bBe4AK
>
> BagYp+tKc8dtY+q+uH4uFHUOHwV03ZrUdcCNMjaFkR+jTUuC8yCrr0kTZSc9GhsVUr
>
> v9MaeaOKra20C9+dgeXhjfTUDvGI1bniquZA/ITc=
>
> EMAIL RESPONSES FROM GMAIL HEADERS:
>
> Authentication-Results: mx.google.com; spf=pass (google.com: domain of
>***@example.com designates "MY IP" as permitted sender)
>smtp.mail=***@example.com; dkim=hardfail (test mode) header.i=@example.com
> Received: from host.example.com (host.example.com [LAN IP])
> by host.example.com (Postfix) with ESMTP id 9C8431C72F00
> for <***@gmail.com>; Sun, 26 Sep 2010 23:51:48 +0000 (GMT)
> DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=zaaam.com; s=mail;
> t=1285545108; bh=p8pafqTNhtsModsSazJmcokGeAFPfXlSGnULI/Z7QDU=;
> h=To:Date:Subject:Message-ID:From:MIME-Version:Content-Type;
> b=UlDd4VZo826VxOkDdNR5ER+3jGjMRiPQoB5lEdPWKSUvbibdqTGQmL5PrIKoZpIqX
> c7DGlc504Y1FCQb/pW8M2bYNtrt5nRfJ9XqlfdE9as9ECb44KoqJZCldvBEvCZSCYo
> hQEMUT2LeDezo+EtEpgXAmO87pWN8QaxbKY2a9J0=
>
> I'm out of ideas... full day trying and testing this?!?!?! What can be wrong?
>
> ------------------------------------------------------------------------------
> Start uncovering the many advantages of virtual appliances
> and start using them to simplify application deployment and
> accelerate your shift to cloud computing.
> http://p.sf.net/sfu/novell-sfdev2dev
> _______________________________________________
> dkim-milter-discuss mailing list
> dkim-milter-***@lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/dkim-milter-discuss
>



--
Regards... Todd
I seek the truth...it is only persistence in self-delusion and
ignorance that does harm. -- Marcus Aurealius