DKIM sign works only for the MTA instance about haraka-plugin-dkim HOT 10 CLOSED

If you merely claim that you followed the instructions, nobody can help you. Prove it. Show us what you did. hint: https://haraka.github.io/plugins/dkim_sign#single-domain-configuration

from haraka-plugin-dkim.

I will show:
I used the dkim generator provided dkim_key_gen.sh.
Folder: relay.mymta.com contains all the files: DNS, selector, private, public

dkim_sign.ini:

[main]


[sign]
enabled = true
selector = apr2024
domain = relay.mymta.com
key_path = /opt/haraka/config/dkim/relay.mymta.com/private

DKIM set in the main domain:

ubuntu@relay:/opt/haraka$ dig apr2024._domainkey.relay.mymta.com TXT +short
"v=DKIM1;p=MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA4SyoWWf7/G0gkeIdxl7kEWojoDmiNIhMupB9gOhtYcBDPLVXcGF2ksVD0ztkU9SYhuFYOUgGeooHKr+hGcOQclSsbw2+ deleted the rest"
ubuntu@relay:/opt/haraka$

I also tried to copy the private file generated in the dkim folder under the main domain and renamed the file:
key_path = /opt/haraka/config/dkim.private.key

from haraka-plugin-dkim.

Try configuring it EXACTLY as the docs specify.

The DKIM plugin was recently republished, you are using the old version, so continue following the docs you originally cited above.

Your dkim_sign.ini file should be configured thusly:

selector=apr2024
domain=relay.mymta.com
headers_to_sign=From, Sender, Reply-To, Subject, Date, Message-ID, To, Cc, MIME-Version

And your DKIM private key should be stored as config/dkim.private.key

from haraka-plugin-dkim.

Thanks,
That worked.

I'm confused about which documentation to follow - the one in the "Getting Started" section or the one in the "Plugins" page under the github repo. Can you please advise me on which one is more recent?

from haraka-plugin-dkim.

If you're using a version of Haraka older than 2.0.4 (not yet released), then follow the docs that came with Haraka. (haraka -h dkim_sign). For newer versions (after the DKIM plugin was repackaged as a NPM module), the docs here in this repo are the most current.

from haraka-plugin-dkim.

Thank you,
I have Haraka version 3.0.3 and I followed your suggestions. One thing I am trying to do is deny mail from IPs when SPF fails, and here is my SPF configuration:

[relay]
context=myself

[defer]
helo_temperror=true
mfrom_temperror=true

[deny]
mfrom_fail=true
openspf_text=true

[deny_relay]
mfrom_fail=true
openspf_text=true

I am still able to use any domain without the SPF, how can I achieve that?

from haraka-plugin-dkim.

Keep reading the spf plugin docs

from haraka-plugin-dkim.

I have read it like 10 times, but I am not able to figure out, what is wrong here?
spf.ini
[deny]
mfrom_fail=true

from haraka-plugin-dkim.

Look at all the entries in the [deny] block in the docs. Use your knowledge about SPF and SMTP to deduce what they apply to. Twiddle the knobs to do the needful.

from haraka-plugin-dkim.

Finally, I have resolved the issue where the signed domain was showing Softfail by adding softfail and none to the config. It took me several hours, but I have successfully set up the entire system including Haraka's filters, options, and optimization to prevent spam and bounce.

However, I still have a few questions regarding the email queue log to avoid email marketing. I believe the Karama plugin handles domain reputation, but I'm not sure how to see the stats of the domain's reputation with Karama. What is the best way to monitor outgoing emails for spam, email marketing, and bounces?

How much retention of the score stats are saved on Redis?
Amazing MTA by the way. can be achieved with the right configuration the perfect MTA with the perfect filters.

By the way, is there any way to add a spammer automatically to the access.domains or mail_from.access.blacklist? or even dnsbl detection to the connect.rdns_access.blacklist?

from haraka-plugin-dkim.