Get the most out of your Centmin Mod LEMP stack
Become a Member

Beta Branch add addons/opendkim.sh for dkim setup for 123.09beta01

Discussion in 'Centmin Mod Github Commits' started by eva2000, Apr 13, 2016.

Tags:
  1. eva2000

    eva2000 Administrator Staff Member

    31,025
    6,927
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +10,433
    Local Time:
    10:57 PM
    Nginx 1.13.x
    MariaDB 5.5
    add addons/opendkim.sh for dkim setup for 123.09beta01

    As outlined at Beta Branch - Automated DKIM setup with opendkim | Centmin Mod Community running addons/opendkim.sh will output the DNS entries for DKIM and SPF needed for your server's main hostname for emails sent via postfix MTA for your main hostname emails. You would need to manually update your main hostname's DNS TXT records.

    For clarification, this addon/opendkim.sh is for emails sent such a cron emails, email alerts sent by the server itself including centmin.sh menu option 22's wordpress cron emails, account setup emails. All the emails sent where the from user is @mainhostname.domain.com that are for system related level not @domain.com level.

    Code (Text):
    addons/opendkim.sh
    ---------------------------------------------------------------------------
    centos7.localdomain DKIM DNS Entry
    default._domainkey.centos7.localdomain  IN      TXT     "v=DKIM1; k=rsa; "        "p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCsA2vO13aEozDDiFL8JHOi5lPVbx/gM0Vc/uFMnUbfK3EAdolx3newoXwNJTXojME1epmejvSuxq82Zh120FkZ7maqXI/NeFy3kyoeESWXjW+pEvY6ve2IBiTg/dCb+SEw5rM5YXd9jk1UJOpyvUXdnTDmcQuhLOGrmEu0hRe0TQIDAQAB"
    ------------------------------------------------------------
    centos7.localdomain SPF DNS Entry
    centos7.localdomain. 14400 IN TXT "v=spf1 a mx ~all"
    ---------------------------------------------------------------------------
    ---------------------------------------------------------------------------
    DKIM & SPF TXT details saved at /root/centminlogs/dkim_spf_dns_centos7.localdomain_120416-141219.txt
    ---------------------------------------------------------------------------
    


    Continue reading...

    123.09beta01 branch
     
    Last edited: Oct 8, 2016
    • Like Like x 2
  2. RoldanLT

    RoldanLT Well-Known Member

    3,981
    966
    113
    May 25, 2014
    Phillipines
    Ratings:
    +1,331
    Local Time:
    8:57 PM
    1.11
    10.2
    I got this:
     
  3. eva2000

    eva2000 Administrator Staff Member

    31,025
    6,927
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +10,433
    Local Time:
    10:57 PM
    Nginx 1.13.x
    MariaDB 5.5
    did you install Centmin Mod 123.09beta01 first ?

    output for command
    Code (Text):
    ls -lahrt /root/centminlogs
     
  4. RoldanLT

    RoldanLT Well-Known Member

    3,981
    966
    113
    May 25, 2014
    Phillipines
    Ratings:
    +1,331
    Local Time:
    8:57 PM
    1.11
    10.2
    Yes I did but I already deleted that folder :|.
     
  5. eva2000

    eva2000 Administrator Staff Member

    31,025
    6,927
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +10,433
    Local Time:
    10:57 PM
    Nginx 1.13.x
    MariaDB 5.5
    There's the problem then that folder is required for all centmin.sh menu options and addon logging. I'll add a check for it and re-create it if it's missing :)
     
  6. RoldanLT

    RoldanLT Well-Known Member

    3,981
    966
    113
    May 25, 2014
    Phillipines
    Ratings:
    +1,331
    Local Time:
    8:57 PM
    1.11
    10.2
    Where can I find my DKIM & SPF TXT details?
     
  7. eva2000

    eva2000 Administrator Staff Member

    31,025
    6,927
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +10,433
    Local Time:
    10:57 PM
    Nginx 1.13.x
    MariaDB 5.5
    You must be using older version of addons/opendkim.sh latest as output like below
    Code (Text):
    smtpd_milters =
    non_smtpd_milters =
    milter_default_action = tempfail
    milter_protocol = 6
    smtpd_milters = inet:127.0.0.1:8891
    non_smtpd_milters = $smtpd_milters
    milter_default_action = accept
    milter_protocol = 2
    ---------------------------------------------------------------------------
    centos7.localdomain DKIM DNS Entry
    default._domainkey.centos7.localdomain  IN      TXT     "v=DKIM1; k=rsa; "        "p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQC+GvmpvrhrWzgtUZxUx4pmQwn49u9P/eR27JNR3AHHQMji3CcaAegIqJvrIqMips2/FkewaX80vTP6djgYFgx6hXdEp0iyIvAMuBddRM39bkjgLqJ4LDiXJQQNiTj2bUfpNDndyxXhfHNkX2sm1Vc+QA8rnGQAo0zkMj46rlPNaQIDAQAB"
    ------------------------------------------------------------
    centos7.localdomain SPF DNS Entry
    centos7.localdomain. 14400 IN TXT "v=spf1 a mx ~all"
    ---------------------------------------------------------------------------
    ---------------------------------------------------------------------------
    DKIM & SPF TXT details saved at /root/centminlogs/dkim_spf_dns_centos7.localdomain_150416-222003.txt
    ---------------------------------------------------------------------------
    
    ---------------------------------------------------------------------------
    centos7.localdomain DKIM DNS Entry
    default._domainkey.centos7.localdomain  IN      TXT     "v=DKIM1; k=rsa; "        "p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDFAdxxshI+WJwjcq/Sm0P4AyiBXk3j0Ye5FfyJSg421DdQo2pVtHt+xf3e4lmHzxKxvQ2A61kX42MGqYGriLumXXl1ipUZIVARzjHprYowmv/eWeYapjaiTuULNlvotkOSVApRPVXrk/6dCXI4DyHwdXi8HCk8GyRAOIm5xPmp8wIDAQAB"
    ------------------------------------------------------------
    centos7.localdomain SPF DNS Entry
    centos7.localdomain. 14400 IN TXT "v=spf1 a mx ~all"
    ---------------------------------------------------------------------------
    ---------------------------------------------------------------------------
    DKIM & SPF TXT details saved at /root/centminlogs/dkim_spf_dns_centos7.localdomain_150416-222003.txt
    ---------------------------------------------------------------------------
     
  8. eva2000

    eva2000 Administrator Staff Member

    31,025
    6,927
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +10,433
    Local Time:
    10:57 PM
    Nginx 1.13.x
    MariaDB 5.5
    You can clean up old runs with command
    Code (Text):
    addons/opendkim.sh clean

    then re-run it to re-generate a new set of dkim and spf records

    just update 123.09beta01 code via centmin.sh menu option 23 submenu option 2 first to update addons/opendkim.sh first
     
  9. eva2000

    eva2000 Administrator Staff Member

    31,025
    6,927
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +10,433
    Local Time:
    10:57 PM
    Nginx 1.13.x
    MariaDB 5.5
    hold off, i think i see a bug in current addons/opendkim.sh in the output might need to fix too
     
    • Like Like x 1
  10. eva2000

    eva2000 Administrator Staff Member

    31,025
    6,927
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +10,433
    Local Time:
    10:57 PM
    Nginx 1.13.x
    MariaDB 5.5
    just updated addons/opendkim.sh with fix

    clean command actually deletes old entry and regenerates a new dkim and spf dns set in one command so no need to re-run it again
    Code (Text):
    addons/opendkim.sh clean
     
    • Like Like x 1
  11. RoldanLT

    RoldanLT Well-Known Member

    3,981
    966
    113
    May 25, 2014
    Phillipines
    Ratings:
    +1,331
    Local Time:
    8:57 PM
    1.11
    10.2
    So I have 2 DNS new entry now.
    For DKIM record, you have some errors?
    As double quote is not accepted on Cloudflare.
    I remove all " and it is now accepted.

    What is this line for by the way?
    dig +short default._domainkey.host.domain.com TXT
     
  12. eva2000

    eva2000 Administrator Staff Member

    31,025
    6,927
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +10,433
    Local Time:
    10:57 PM
    Nginx 1.13.x
    MariaDB 5.5
    depends on dns provider, so use whatever the dns provider formatting suggests

    you can type that command to verify dkim is setup properly in SSH
     
    • Like Like x 1
  13. pamamolf

    pamamolf Well-Known Member

    2,837
    254
    83
    May 31, 2014
    Ratings:
    +450
    Local Time:
    2:57 PM
    Nginx-1.13.x
    MariaDB 10.1.x
    Just test opendkim and when the script ends it is output the DKIM DNS Entry and the SPF DNS Entry twice :(

    Also it will be great if we can have a note for:

    Code:
    dig +short default._domainkey.server.domain.com TXT
    that it is for testing it :)
     
  14. pamamolf

    pamamolf Well-Known Member

    2,837
    254
    83
    May 31, 2014
    Ratings:
    +450
    Local Time:
    2:57 PM
    Nginx-1.13.x
    MariaDB 10.1.x
    Does this addon can be configured per domain?

    For example if i have a vhost domain.com and use the Opendkim addon and then install IPB forum all registered users will get email notifications from a non signed from opendkim server....

    But it works if i login to the server and send a test mail from ssh as it seems that is using the hostname .....
     
  15. eva2000

    eva2000 Administrator Staff Member

    31,025
    6,927
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +10,433
    Local Time:
    10:57 PM
    Nginx 1.13.x
    MariaDB 5.5
    that's normal see the example i posted, also does the same
    see 1st post for main hostname only
    that's because the forum has a from email address domain not from server's hostname
     
  16. pamamolf

    pamamolf Well-Known Member

    2,837
    254
    83
    May 31, 2014
    Ratings:
    +450
    Local Time:
    2:57 PM
    Nginx-1.13.x
    MariaDB 10.1.x
    and we can't do anything about it?
     
  17. eva2000

    eva2000 Administrator Staff Member

    31,025
    6,927
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +10,433
    Local Time:
    10:57 PM
    Nginx 1.13.x
    MariaDB 5.5
    the addon was originally to ensure server sent emails i.e. from cronjobs and backup scripts got to their destination and not land in spam/junk inboxes

    test output for main hostname centos7.localdomain
    Code (Text):
    addons/opendkim.sh
    ---------------------------------------------------------------------------
    centos7.localdomain DKIM DNS Entry
    default._domainkey.centos7.localdomain  IN      TXT     "v=DKIM1; k=rsa; "        "p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDXS1ZQRbZbKb7EGGZ708ESrcVWbzg9X/coz943JPCgIyvJtoBJFjd/I+ajHxicW5uqgFCtxOKhigOQJqCZDTPQwO2z9QJ1qI+NQfYqUEOhdG7Ui8ReipmIEoXt11WqdBPAc7yustrdhcghYn9dUdWfzpWgHo6f1WlLbs5UsVYmbQIDAQAB"
    ------------------------------------------------------------
    centos7.localdomain SPF DNS Entry
    centos7.localdomain. 14400 IN TXT "v=spf1 a mx ~all"
    ---------------------------------------------------------------------------
    ---------------------------------------------------------------------------
    DKIM & SPF TXT details saved at /root/centminlogs/dkim_spf_dns_centos7.localdomain_130816-195944.txt
    ---------------------------------------------------------------------------
    


    but i just updated addons/opendkim.sh to fix the duplicate output, it was in fact due to another hidden feature in that yes the addon can support other domains other than main hostname but it's untested so use without guarantees

    test output for newdomain.com
    Code (Text):
    addons/opendkim.sh newdomain.com
    
    ---------------------------------------------------------------------------
    newdomain.com DKIM DNS Entry
    default._domainkey.newdomain.com        IN      TXT     "v=DKIM1; k=rsa; "        "p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDPhRN7Wt522LnbiQvKRDVBWpBJlT7hJJUsc5cf0KOBHJqI85oIavmE3Kl973UgxAWZizSmyFLjypFlkhAEH2Zc/Pec/X07BEgGmX5PHq8kOAxaeyguflYXSzE9FSxyUPaCgfGWjwr8UrJIIAOWxMn18xIh6fybk5sT3j0R3rfBiQIDAQAB"
    ------------------------------------------------------------
    newdomain.com SPF DNS Entry
    newdomain.com. 14400 IN TXT "v=spf1 a mx ~all"
    ---------------------------------------------------------------------------
    ---------------------------------------------------------------------------
    DKIM & SPF TXT details saved at /root/centminlogs/dkim_spf_dns_newdomain.com_130816-200339.txt
    ---------------------------------------------------------------------------

    location of the keys
    Code (Text):
    ls -lah /etc/opendkim/keys/          
    total 0
    drwxr-x--- 4 opendkim opendkim 52 Aug 13 20:03 .
    drwxr-xr-x 3 root     opendkim 70 Aug 13 19:50 ..
    drwxr-xr-x 2 opendkim opendkim 38 Aug 13 19:59 centos7.localdomain
    drwxr-xr-x 2 opendkim opendkim 38 Aug 13 20:03 newdomain.com


    note for domains and DKIM only useful for this addon if emails form domain web app script are sent from server postfix. If you use third party smtp you need to setup DKIM as per their instructions
     
    • Winner Winner x 1
  18. pamamolf

    pamamolf Well-Known Member

    2,837
    254
    83
    May 31, 2014
    Ratings:
    +450
    Local Time:
    2:57 PM
    Nginx-1.13.x
    MariaDB 10.1.x
    Dkim signature doesn't seem to be attached on emails :(

    At least this is what i get from online mail testers like:

    Code:
    https://www.mail-tester.com/
    Checking dkim for domain and hostname using as selector "default" both are ok here:

    Code:
    https://www.mail-tester.com/spf-dkim-check
    But when i send a test mail from Invision mail tester i am getting that my email doesn't have a Dkim signature.... :(

    I just contact the admin of the page and he did some validation tests and he told me that DNS is ok and in general all are ok and the issue seems to be from the server (maybe Postfix setings?) that doesn't attach the DKIM signature on emails from domain or hostname ......

    Can anyone please test it with any of your domains so we can verify anything related ?

    Thanks
     
  19. eva2000

    eva2000 Administrator Staff Member

    31,025
    6,927
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +10,433
    Local Time:
    10:57 PM
    Nginx 1.13.x
    MariaDB 5.5
    This is for emails @mainhostname.domain.com only not for any site domain names @domain.com
     
  20. pamamolf

    pamamolf Well-Known Member

    2,837
    254
    83
    May 31, 2014
    Ratings:
    +450
    Local Time:
    2:57 PM
    Nginx-1.13.x
    MariaDB 10.1.x
    I thought that using opendkim.sh newdomain.com was for @newdomain.com ?