Bonsoir,
Désolé pour le roman qui va suivre mais qui vous expliquera la situation aussi bien pour le serveur (SheevaPlug) que le problème.
Le serveur est un sheevaplug (plug-computer avec un processeur ARM 1,2 GHz et 512 Mo de RAM).
Le système (debian gnu/linux squeeze) est installé sur une clé usb connecté au serveur.
Situation : auto-hébergement.
Les services mails :
[ul]
[li]Postfix[/li]
[li]Dovecot[/li][/ul]
Ensuite, le tout est configuré et fonctionnel en SASL + TLS et pour finir le DKIMProxy qui li ne fonctionne pas.
Alors, la bonne et en même temps, la mauvaise nouvelle : aucune erreur dans les logs (ils n’existent pas).
Alors, le tuto que j’ai utilisé pour installer DKIMProxy (oui, je suis un peu faignant) : https://admin-serv.net/blog/165/installation-de-dkimproxy-sur-postfix/
L’installation de Postfix et Dovecot a été faite en me basant sur ce tuto : https://help.ubuntu.com/community/PostfixVirtualMailBoxClamSmtpHowto#Postfix%20SASL
Je n’ai pas mis l’anti-spam.
Maintenant les données :
[*]Mes réglages DNS (bookmyname)
_domainkey.colundrum.eu. 28800 TXT "o=~;"
postfix._domainkey.colundrum.eu. 28800 TXT "k=rsa; t=y; p=ma-clé-public-sans-saut-de-ligne"
@ 28800 TXT "v=spf1 a mx -all"[*]cat /etc/dkimproxy/dkimproxy_out.conf
[*]/etc/dkimproxy/dkimproxy_in.conf
# specify what address/port DKIMproxy should listen on
listen 127.0.0.1:10026
# specify what address/port DKIMproxy forwards mail to
relay 127.0.0.1:10024[*]/etc/postfix/main.cf (exclusivement ce que j’ai ajouté pour DKIMProxy)
content_filter = dksign:[127.0.0.1]:12028[*]/etc/postfix/master.cf (en intégralité)
#
# Postfix master process configuration file. For details on the format
# of the file, see the master(5) manual page (command: "man 5 master").
#
# Do not forget to execute "postfix reload" after editing this file.
#
# ==========================================================================
# service type private unpriv chroot wakeup maxproc command + args
# (yes) (yes) (yes) (never) (100)
# ==========================================================================
smtp inet n - - - - smtpd
-o smtpd_proxy_ehlo=no
-o content_filter=dksign:[127.0.0.1]:12028
submission inet n - - - - smtpd
# -o smtpd_tls_security_level=encrypt
-o smtpd_sasl_auth_enable=yes
-o smtpd_client_restrictions=permit_sasl_authenticated,reject
# -o milter_macro_daemon_name=ORIGINATING
-o smtpd_proxy_ehlo=no
-o content_filter=dksign:[127.0.0.1]:12028
#smtps inet n - - - - smtpd
# -o smtpd_tls_wrappermode=yes
# -o smtpd_sasl_auth_enable=yes
# -o smtpd_client_restrictions=permit_sasl_authenticated,reject
# -o milter_macro_daemon_name=ORIGINATING
#628 inet n - - - - qmqpd
pickup fifo n - - 60 1 pickup
cleanup unix n - - - 0 cleanup
qmgr fifo n - n 300 1 qmgr
#qmgr fifo n - - 300 1 oqmgr
tlsmgr unix - - - 1000? 1 tlsmgr
rewrite unix - - - - - trivial-rewrite
bounce unix - - - - 0 bounce
defer unix - - - - 0 bounce
trace unix - - - - 0 bounce
verify unix - - - - 1 verify
flush unix n - - 1000? 0 flush
proxymap unix - - n - - proxymap
proxywrite unix - - n - 1 proxymap
smtp unix - - - - - smtp
# When relaying mail as backup MX, disable fallback_relay to avoid MX loops
relay unix - - - - - smtp
-o smtp_fallback_relay=
# -o smtp_helo_timeout=5 -o smtp_connect_timeout=5
showq unix n - - - - showq
error unix - - - - - error
retry unix - - - - - error
discard unix - - - - - discard
local unix - n n - - local
virtual unix - n n - - virtual
lmtp unix - - - - - lmtp
anvil unix - - - - 1 anvil
scache unix - - - - 1 scache
#
# ====================================================================
# Interfaces to non-Postfix software. Be sure to examine the manual
# pages of the non-Postfix software to find out what options it wants.
#
# Many of the following services use the Postfix pipe(8) delivery
# agent. See the pipe(8) man page for information about ${recipient}
# and other message envelope options.
# ====================================================================
#
# maildrop. See the Postfix MAILDROP_README file for details.
# Also specify in main.cf: maildrop_destination_recipient_limit=1
#
maildrop unix - n n - - pipe
flags=DRhu user=vmail argv=/usr/bin/maildrop -d ${recipient}
#
# ====================================================================
#
# Recent Cyrus versions can use the existing "lmtp" master.cf entry.
#
# Specify in cyrus.conf:
# lmtp cmd="lmtpd -a" listen="localhost:lmtp" proto=tcp4
#
# Specify in main.cf one or more of the following:
# mailbox_transport = lmtp:inet:localhost
# virtual_transport = lmtp:inet:localhost
#
# ====================================================================
#
# Cyrus 2.1.5 (Amos Gouaux)
# Also specify in main.cf: cyrus_destination_recipient_limit=1
#
#cyrus unix - n n - - pipe
# user=cyrus argv=/cyrus/bin/deliver -e -r ${sender} -m ${extension} ${user}
#
# ====================================================================
# Old example of delivery via Cyrus.
#
#old-cyrus unix - n n - - pipe
# flags=R user=cyrus argv=/cyrus/bin/deliver -e -m ${extension} ${user}
#
# ====================================================================
#
# See the Postfix UUCP_README file for configuration details.
#
uucp unix - n n - - pipe
flags=Fqhu user=uucp argv=uux -r -n -z -a$sender - $nexthop!rmail ($recipient)
#
# Other external delivery methods.
#
ifmail unix - n n - - pipe
flags=F user=ftn argv=/usr/lib/ifmail/ifmail -r $nexthop ($recipient)
bsmtp unix - n n - - pipe
flags=Fq. user=bsmtp argv=/usr/lib/bsmtp/bsmtp -t$nexthop -f$sender $recipient
scalemail-backend unix - n n - 2 pipe
flags=R user=scalemail argv=/usr/lib/scalemail/bin/scalemail-store ${nexthop} ${user} ${extension}
mailman unix - n n - - pipe
flags=FR user=list argv=/usr/lib/mailman/bin/postfix-to-mailman.py
${nexthop} ${user}
dksign unix - - n - 10 smtp
-o smtp_send_xforward_command=no
-o content_filter=
127.0.0.1:12029 inet n - n - 10 smtpd
-o content_filter=
-o receive_override_options=no_unknown_recipient_checks,no_header_body_checks
-o smtpd_helo_restrictions=
-o smtpd_client_restrictions=
-o smtpd_sender_restrictions=
-o smtpd_recipient_restrictions=permit_mynetworks,reject
-o mynetworks=127.0.0.0/8Pour finir le résultat de deux tests :
[*]check-auth@verifier.port25.com
This message is an automatic response from Port25's authentication verifier
service at verifier.port25.com. The service allows email senders to perform
a simple check of various sender authentication mechanisms. It is provided
free of charge, in the hope that it is useful to the email community. While
it is not officially supported, we welcome any feedback you may have at
<verifier-feedback@port25.com>.
Thank you for using the verifier,
The Port25 Solutions, Inc. team
==========================================================
Summary of Results
==========================================================
SPF check: pass
DomainKeys check: fail
DKIM check: fail
Sender-ID check: pass
SpamAssassin check: ham
==========================================================
Details:
==========================================================
HELO hostname: localhost
Source IP: 62.147.228.142
mail-from: "name"@colundrum.eu
----------------------------------------------------------
SPF check details:
----------------------------------------------------------
Result: pass
ID(s) verified: smtp.mail="name"@colundrum.eu
DNS record(s):
colundrum.eu. SPF (no records)
colundrum.eu. 28800 IN TXT "v=spf1 a mx -all"
colundrum.eu. 28800 IN A 62.147.228.142
----------------------------------------------------------
DomainKeys check details:
----------------------------------------------------------
Result: fail (bad signature)
ID(s) verified: header.From="name"@colundrum.eu
DNS record(s):
postfix._domainkey.colundrum.eu. 28800 IN TXT "k=rsa; p=clé-publique"
----------------------------------------------------------
DKIM check details:
----------------------------------------------------------
Result: fail (signature doesn't verify)
ID(s) verified:
Canonicalized Headers:
Message-ID:'20'<4D851F28.60705@colundrum.eu>'0D''0A'
Date:'20'Sat,'20'19'20'Mar'20'2011'20'22:24:56'20'+0100'0D''0A'
From:'20'=?ISO-8859-1?Q?Florent_CARR=C9?='20'<"name"@colundrum.eu>'0D''0A'
MIME-Version:'20'1.0'0D''0A'
To:'20'check-auth@verifier.port25.com'0D''0A'
Subject:'20'test'0D''0A'
Content-Type:'20'multipart/alternative;'0D''0A'
'20'boundary="------------060703050004010405070603"'0D''0A'
DKIM-Signature:'20'v=1;'20'a=rsa-sha1;'20'c=simple;'20'd=colundrum.eu;'20'h=message-id'0D''0A'
'09':date:from:mime-version:to:subject:content-type;'20's=postfix;'20'bh=8'0D''0A'
'09'UVpbKPe3nGxf5nIWhD8de6+1fc=;'20'b=
Canonicalized Body:
This'20'is'20'a'20'multi-part'20'message'20'in'20'MIME'20'format.'0D''0A'
--------------060703050004010405070603'0D''0A'
Content-Type:'20'text/plain;'20'charset=ISO-8859-1;'20'format=flowed'0D''0A'
Content-Transfer-Encoding:'20'7bit'0D''0A'
'0D''0A'
test'0D''0A'
'0D''0A'
--------------060703050004010405070603'0D''0A'
Content-Type:'20'text/html;'20'charset=ISO-8859-1'0D''0A'
Content-Transfer-Encoding:'20'7bit'0D''0A'
'0D''0A'
<!DOCTYPE'20'HTML'20'PUBLIC'20'"-//W3C//DTD'20'HTML'20'4.01'20'Transitional//EN">'0D''0A'
<html>'0D''0A'
'20''20'<head>'0D''0A'
'0D''0A'
'20''20''20''20'<meta'20'http-equiv="content-type"'20'content="text/html;'20'charset=ISO-8859-1">'0D''0A'
'20''20'</head>'0D''0A'
'20''20'<body'20'text="#3333ff"'20'bgcolor="#ffffff">'0D''0A'
'20''20''20''20'<font'20'face="Baskerville">test</font>'0D''0A'
'20''20'</body>'0D''0A'
</html>'0D''0A'
'0D''0A'
--------------060703050004010405070603--'0D''0A'
DNS record(s):
postfix._domainkey.colundrum.eu. 28800 IN TXT "k=rsa; p=clé-publique"
NOTE: DKIM checking has been performed based on the latest DKIM specs
(RFC 4871 or draft-ietf-dkim-base-10) and verification may fail for
older versions. If you are using Port25's PowerMTA, you need to use
version 3.2r11 or later to get a compatible version of DKIM.
----------------------------------------------------------
Sender-ID check details:
----------------------------------------------------------
Result: pass
ID(s) verified: header.From="name"@colundrum.eu
DNS record(s):
colundrum.eu. SPF (no records)
colundrum.eu. 28800 IN TXT "v=spf1 a mx -all"
colundrum.eu. 28800 IN A 62.147.228.142
----------------------------------------------------------
SpamAssassin check details:
----------------------------------------------------------
SpamAssassin v3.2.5 (2008-06-10)
Result: ham (1.0 points, 5.0 required)
pts rule name description
---- ---------------------- --------------------------------------------------
3.9 HELO_LOCALHOST HELO_LOCALHOST
0.0 HTML_MESSAGE BODY: HTML included in message
-2.6 BAYES_00 BODY: Bayesian spam probability is 0 to 1%
[score: 0.0000]
-0.4 AWL AWL: From: address is in the auto white-list
==========================================================
Explanation of the possible results (adapted from
draft-kucherawy-sender-auth-header-04.txt):
==========================================================
"pass"
the message passed the authentication test.
"fail"
the message failed the authentication test.
"softfail"
the message failed the authentication test, and the authentication
method has either an explicit or implicit policy which doesn't require
successful authentication of all messages from that domain.
"neutral"
the authentication method completed without errors, but was unable
to reach either a positive or a negative result about the message.
"temperror"
a temporary (recoverable) error occurred attempting to authenticate
the sender; either the process couldn't be completed locally, or
there was a temporary failure retrieving data required for the
authentication. A later retry may produce a more final result.
"permerror"
a permanent (unrecoverable) error occurred attempting to
authenticate the sender; either the process couldn't be completed
locally, or there was a permanent failure retrieving data required
for the authentication.
==========================================================
Original Email
==========================================================
Return-Path: <"name"@colundrum.eu>
Received: from localhost (62.147.228.142) by verifier.port25.com (PowerMTA(TM) v4.0b3) id hgkfis11u9cf for <check-auth@verifier.port25.com>; Sat, 19 Mar 2011 17:25:02 -0400 (envelope-from <"name"@colundrum.eu>)
Authentication-Results: verifier.port25.com smtp.mail="name"@colundrum.eu; mfrom=pass;
Authentication-Results: verifier.port25.com header.From="name"@colundrum.eu; domainkeys=fail (bad signature);
Authentication-Results: verifier.port25.com; dkim=fail (signature doesn't verify);
Authentication-Results: verifier.port25.com header.From="name"@colundrum.eu; pra=pass;
Received: from localhost (sheevaplug.colundrum.eu [127.0.0.1])
by localhost (Postfix) with ESMTP id 9809759C
for <check-auth@verifier.port25.com>; Sat, 19 Mar 2011 22:24:54 +0100 (CET)
DKIM-Signature: v=1; a=rsa-sha1; c=simple; d=colundrum.eu; h=message-id
:date:from:mime-version:to:subject:content-type; s=postfix; bh=8
UVpbKPe3nGxf5nIWhD8de6+1fc=; b=w5T4lXrKe4hIog8tnC46Xc1icslMwDrHm
O1nVI3dpWv21634eiRaazif6/3rT/oCEVGoC8T1pcpW7XFeXrkodhdQXJgjK4dql
Mhy4B5Ak2Yz9+8FH0QgYhfGJBmBeJ0PB7ZGOgapnyjI0BJpAEKCBDh94qV8/r7VT
S6pyEHFaqc=
DomainKey-Signature: a=rsa-sha1; c=simple; d=colundrum.eu; h=message-id
:date:from:mime-version:to:subject:content-type; q=dns; s=
postfix; b=NZkGTAspYjVlBFU/qYrMN+5MHwqYSLNkzW7514cKX1o0XGNrEJLja
IPB09xlFAXzo4tjVZ5EtT1FgDw/FESB+dty/R2dxA5IgiaCwUMSVLBEb7uFi7EqU
6GcgTcPcRrEsKErAWVz1HL8d3mbDPysyaxvKa9ZzKus6NF6OXCxkW0=
Received: from MacBook-Pro-de-Florent-CARRE.local (unknown [192.168.1.1])
(using TLSv1 with cipher AES256-SHA (256/256 bits))
(No client certificate requested)
by localhost (Postfix) with ESMTPSA id 2C336597
for <check-auth@verifier.port25.com>; Sat, 19 Mar 2011 22:24:53 +0100 (CET)
Message-ID: <4D851F28.60705@colundrum.eu>
Disposition-Notification-To: =?ISO-8859-1?Q?Florent_CARR=C9?=
<"name"@colundrum.eu>
Date: Sat, 19 Mar 2011 22:24:56 +0100
From: =?ISO-8859-1?Q?Florent_CARR=C9?= <"name"@colundrum.eu>
User-Agent: Mozilla/5.0 (Macintosh; U; Intel Mac OS X 10.6; fr; rv:1.9.2.15) Gecko/20110303 Lightning/1.0b3pre Thunderbird/3.1.9
MIME-Version: 1.0
To: check-auth@verifier.port25.com
Subject: test
Content-Type: multipart/alternative;
boundary="------------060703050004010405070603"
This is a multi-part message in MIME format.
--------------060703050004010405070603
Content-Type: text/plain; charset=ISO-8859-1; format=flowed
Content-Transfer-Encoding: 7bit
test
--------------060703050004010405070603
Content-Type: text/html; charset=ISO-8859-1
Content-Transfer-Encoding: 7bit
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<html>
<head>
<meta http-equiv="content-type" content="text/html; charset=ISO-8859-1">
</head>
<body text="#3333ff" bgcolor="#ffffff">
<font face="Baskerville">test</font>
</body>
</html>
--------------060703050004010405070603--[*]sa-test@sendmail.net
[code]
sendmail.net Sender Authentication Auto-Responder $Revision: 1.19 $
This service runs at sa-test@sendmail.net and allows remote users
to perform a simple, automated test to see if different Sender
Authentication schemes are working. Mail sent to this service
is checked by our Sender Authentication filters for any valid
credentials or signatures. A script receives the message, checks
for a special header with the results of the tests, and composes
this response message based on what it finds. This response is also
signed with DomainKeys and DomainKeys Identified Mail (DKIM).
Please note that the DKIM filter signing this reply message conforms
to the latest IETF draft version, and thus may not be successfully
verified by older implementations. If you are using dkim-filter from
Sendmail, Inc., upgrade to at least version 1.0.0 to be compatible
with the most recent version of DKIM.
We hope this service has been helpful to you.
Authentication System: DomainKeys Identified Mail
Result: DKIM signature NOT confirmed
Description: Signature verification failed; signature is missing or key could not be found
Reporting host: sendmail.net
More information: http://mipassoc.org/dkim/
Sendmail milter: https://sourceforge.net/projects/dkim-milter/
Authentication System: Domain Keys
Result: DK signature confirmed BAD
Description: Signature verification failed, message may have been tampered with or corrupted
Reporting host: sendmail.net
More information: http://antispam.yahoo.com/domainkeys
Sendmail milter: https://sourceforge.net/projects/domainkeys-milter/
Authentication System: Sender ID
Result: SID data confirmed GOOD
Description: Sending host is authorized for sending domain
Reporting host: sendmail.net
More information: http://www.microsoft.com/senderid
Sendmail milter: https://sourceforge.net/projects/sid-milter/
Authentication System: Sender Permitted From (SPF)
Result: SPF data confirmed GOOD
Description: Sending host is authorized for sending domain
Reporting host: sendmail.net
More information: http://spf.pobox.com/[/code]
Quand je fais le test : http://dkimcore.org/tools/dkimrecordcheck.html
Il trouve bien l’enregistrement DNS.
Voilà, j’espère vous avoir donné le maximum d’informations.
J’y suis dessus depuis environ 9h et j’en peux plus parce que je ne comprends pas d’où peut venir le problème.
Merci beaucoup et bonne soirée/nuit.
PS : l’ uname -a du serveur est dans ma signature.
edit : tous les paquets sont installés par apt-get (aucune compilation à partir des sources.
edit 2 : suppression de la clé publique pour supprimer le débordement d’affichage.
edit 3 : j’ai changé le nom de l’adresse mail par “name”
je pense que colundrum a trouvé sa réponse, ce qu’il indique dans son dernier message 