Hello,
I'm trying to configure Domain Keys signature for outgoing email.
- Under PSA control panel, I go to Domain > Email accounts > Preferences
- I tick the box for "Enable Domain Keys for outgoing email message..."
Then, whe I send an email, it works! It shows this in the header:
Comment: DomainKeys? See http://antispam.yahoo.com/domainkeys
DomainKey-Signature: a=rsa-sha1; q=dns; c=nofws; s=default; d=DOMAIN.TLD; b=Z2/wwouarg4fB0C+DcM9wlhiwAzSLtT4mByYTKdJMmH5m9Wa8PEGp4J0+9Kyuv0HfE4L3PgWiIF4pl2G9rVPIZZLKi4sgjO5hUJRCIMpZL7LZCIAtcPjzT+GHpgyDhHC; h=Received:Received:Received:Message-ID:Date:From:To:Subject:MIME-Version:Content-Type:Content-Disposition:Content-Transfer-Encoding:User-Agent;
So, now, I've to add a TXT record to my domain... But what is the content?
Do I have to copy the text from "a=rsa-sha1;" to "HpgyDhHC;" (end of the key)?
Thanks for the help!
Domain Keys - DNS record (PSA 9.2)
Re: Domain Keys - DNS record (PSA 9.2)
Sounds as if its working...
Are you using Plesk DNS? If so the DK sig is already set-up for you.
For third-party DNS, copy the Plesk DNS TXT settings for the domain and paste into a new TXT record "default._domainkey" -> "p=etc". you'll also need to create a DNS TXT record for "_domainkey" -> "t=y; o=-;" NOTE: using "t=y" will enable testing so if you mess up mail will still be delivered, remove it once you are sure all is well.
Should add, in case it is not obvious: "o=-" means ALL e-mail is signed, if not the case use "o=~" instead, which means MOST e-mail is signed.
Good luck.
Are you using Plesk DNS? If so the DK sig is already set-up for you.
For third-party DNS, copy the Plesk DNS TXT settings for the domain and paste into a new TXT record "default._domainkey" -> "p=etc". you'll also need to create a DNS TXT record for "_domainkey" -> "t=y; o=-;" NOTE: using "t=y" will enable testing so if you mess up mail will still be delivered, remove it once you are sure all is well.
Should add, in case it is not obvious: "o=-" means ALL e-mail is signed, if not the case use "o=~" instead, which means MOST e-mail is signed.
Good luck.
Re: Domain Keys - DNS record (PSA 9.2)
Hey, thanks a lot for your answer.
I had to enable the DNS service on the domain to see the TXT record, and then I could copy it to my DNS server (independant from Plesk).
Everything works well now!
But now, how can I configure SpamAssassin to lower the score if the email is signed correctly?
I tried to enable both Mail::SpamAssassin::Plugin::DKIM (/etc/mail/spamassassin/v312.pre) and Mail::SpamAssassin::Plugin::DomainKeys (/etc/mail/spamassassin/v310.pre). Psa-SpamAssassin starts, and works well, but when I send signed email to the server, nothing is shown in the header concerning rules linked to DKIM of SA (other usual rules show up).
Any idea?
Thanks for the help!
I had to enable the DNS service on the domain to see the TXT record, and then I could copy it to my DNS server (independant from Plesk).
Everything works well now!
But now, how can I configure SpamAssassin to lower the score if the email is signed correctly?
I tried to enable both Mail::SpamAssassin::Plugin::DKIM (/etc/mail/spamassassin/v312.pre) and Mail::SpamAssassin::Plugin::DomainKeys (/etc/mail/spamassassin/v310.pre). Psa-SpamAssassin starts, and works well, but when I send signed email to the server, nothing is shown in the header concerning rules linked to DKIM of SA (other usual rules show up).
Any idea?
Thanks for the help!
Re: Domain Keys - DNS record (PSA 9.2)
Okay, I figure it out: I had to install some PERL modules in order to make it works:
(from DAG repository http://dag.wieers.com/rpm/)
Then I can see in the PSA headers: "DKIM_SIGNED,DKIM_VERIFIED".
Code: Select all
yum install perl-Mail-DomainKeys
yum install perl-Mail-DKIMThen I can see in the PSA headers: "DKIM_SIGNED,DKIM_VERIFIED".