Page 1 of 2 12 LastLast
Results 1 to 25 of 26
  1. #1
    Join Date
    Nov 2002
    Location
    Portland, Oregon
    Posts
    2,992

    So I got DKIM Signatures working in cPanel...

    2010-12-24 16:14:43 H=localhost.localdomain (webmail.nwtechgroup.com) [127.0.0.1] Warning: Sender rate 23.0 / 1h

    2010-12-24 16:14:44 1PWHmV-0001L9-UI <= john@nwtechgroup.com H=localhost.localdomain (webmail.nwtechgroup.com) [127.0.0.1] P=esmtpa A=dovecot_login:john@nwtechgroup.com S=1206 id=b1eacef86e96334e4c505a8d303a6d5c.squirrel@webmail.nwtechgroup.com

    2010-12-24 16:14:44 1PWHmV-0001L9-UI Message signed with DKIM: DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
    d=nwtechgroup.com; s=default; h=Message-ID: Date: Subject:From:To:

    Reply-To:MIME-Version:Content-Type:Content-Transfer-Encoding;
    bh=Ikg14KprzypYlejwPLa35vaNVzy198CRaqAFEDIficw=; b=NNpIAwZgPcYrL
    oyV6cWD4UBZuFpjVg+rekMFxUJwx7e/5XfReZ2ah1OrghDJdUJ/ECyjuKrgFbz7v
    OfKWy/JPZabVfTpKcFg6YBIcT/tHVwGxKkM82VYo21R+Yzb23LPRKuwGeLyA3DEs
    VxTC0nZqUFCMlmH2xnqEYN5pyy6dFI=

    2010-12-24 16:14:44 1PWHmV-0001L9-UI => ntgtest@www.brandonchecketts.com R=lookuphost T=remote_smtp H=www.brandonchecketts.com [207.210.219.125]
    2010-12-24 16:14:44 1PWHmV-0001L9-UI Completed


    Code:
    Thank you for using the verifier,
    
    The Port25 Solutions, Inc. team
    
    ==========================================================
    Summary of Results
    ==========================================================
    SPF check:          pass
    DomainKeys check:   neutral
    DKIM check:         pass
    Sender-ID check:    pass
    SpamAssassin check: ham
    
    ----------------------------------------------------------
    DKIM check details:
    ----------------------------------------------------------
    Result:         pass (matches From: john@nwtechgroup.com)
    ID(s) verified: header.d=nwtechgroup.com
    Canonicalized Headers:
        message-id:<3c9895b21ab83028e7ecb77bb86af47a.squirrel@webmail.nwtechgroup.com>'0D''0A'
        date:Fri,'20'24'20'Dec'20'2010'20'16:13:05'20'-0800'0D''0A'
        subject:'0D''0A'
        from:"N.W.'20'Technology'20'Group"'20'<john@nwtechgroup.com>'0D''0A'
        to:check-auth@verifier.port25.com'0D''0A'
        reply-to:john@nwtechgroup.com'0D''0A'
        mime-version:1.0'0D''0A'
        content-type:text/plain;charset=iso-8859-1'0D''0A'
        content-transfer-encoding:8bit'0D''0A'
        dkim-signature:v=1;'20'a=rsa-sha256;'20'c=relaxed/relaxed;'20'd=nwtechgroup.com;'20's=default;'20'h=Message-ID:Date:Subject:From:To:'20'Reply-To:MIME-Version:Content-Type:Content-Transfer-Encoding;'20'bh=Ikg14KprzypYlejwPLa35vaNVzy198CRaqAFEDIficw=;'20'b=
    
    Canonicalized Body:
        '0D''0A'
        '0D''0A'
        '0D''0A'
        '0D''0A'
        |'20'Northwest'20'Technology'20'Group'0D''0A'
        |'20'Fault'20'Tolerant,'20'Clustered'20'cPanel'AE''20'Web'20'Hosting'0D''0A'
        |'20'Professional'20'Web'20'Design,'20'Website'20'Overhauls'0D''0A'
        |'20'On-Location'20'I.T.'20'&'20'Network'20'Engineering'20'Solutions'0D''0A'
        '0D''0A'
        |'20'6950'20'Southwest'20'Hampton'20'Street'0D''0A'
        |'20'Tigard,'20'Oregon'20'97223'0D''0A'
        |'20''20'[Direct]'0D''0A'
        |'20'john@nwtechgroup.com'0D''0A'


    I'm honestly not sure if this is old news, but after some tweaking, I have a workaround for DKIM Signatures in cPanel. I am running 11.28.52-RELEASE_50725.

    Involves a bit of DNS tweaking and some tedious time spent in exim.conf, but I'm more than willing to write up a tutorial if you folks have a workaround in place already, but the jist is disabling DomainKeys in the cPanel and then tweaking exim.conf to use a custom generated dkim.key which you call out in the DNS zone:
    Code:
    remote_smtp:
      driver = smtp
      dkim_selector = default
      dkim_canon = relaxed
      dkim_private_key = /usr/local/cpanel/etc/exim/dkim.key
      dkim_domain = nwtechgroup.com
      interface = ${if exists {/etc/mailips}{${lookup{$sender_address_domain}lsearch*{/etc/mailips}{$value}{}}}{}}
      helo_data = ${if exists {/etc/mailhelo}{${lookup{$sender_address_domain}lsearch*{/etc/mailhelo}{$value}{$primary_hostname}}}{$primary_hostname}}
    I think that this process kills DomainKeys, but isn't this an outdated technology by now?

    Yeah, I know I left my domain and IP in here. I trust my firewalls.

    So anyway if there's a large enough request for a tutorial, I'd be happy to write one up.

    -John

    Last edited by Johnny Cache; 12-24-2010 at 08:38 PM.

  2. #2
    Join Date
    Dec 2007
    Posts
    1,278
    Let me burst your bubble. cPanel user area (not whm) Email Authentication.

    Tests everything and is accurate as long as the dns is hosted locally on the cPanel server.
    James Paul Woods
    Operations Manager
    HostKitty Internet Services

  3. #3
    Join Date
    Nov 2002
    Location
    Portland, Oregon
    Posts
    2,992
    From what I understand of it, SPF and DK are the only auth protocols that are implemented in cPanel. Been doing some readin' up on the cPanel support forums today.

    According to http://forums.cpanel.net/f145/add-su...ail-77940.html - the estimated release with support for DKIM has yet to be completed.

    Then, at http://forums.cpanel.net/f145/add-su...-77940-p9.html - you start reading peoples' frustration for the lack of this support.

    I'm not saying there aren't any other workarounds, but unless your exim_mainlog comes up with a DKIM Signature (not to be confused with DK) like this below example, then you might not have configured support for DKIM.

    Code:
     1PWKld-0002cM-4G <= user@domain.com H=localhost.localdomain (webmail.domain.com) [127.0.0.1] P=esmtpa A=dovecot_login:user@domain.tld S=1061 id=547f192b6840e82ce18953cc1493e0b2.squirrel@webmail.domain.tld
    
    2010-12-24 19:26:15 1PWKld-0002cM-4G Message signed with DKIM: DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
            d=domain.com; s=default; h=Message-ID:Date:Subject:From:To:
            Reply-To:MIME-Version:Content-Type:Content-Transfer-Encoding;
            bh=UH1i93V8Z8jKfR194SONrPEBPUxO62FbmGu32i/V7Qc=; b=Cm+rpoi1MJhw1
            3o9TeFPEiYEP/GLITzDkT/94DPqareAJgMl3zzggZ6gOPalgqP1+MuyDpQxh6GHY
            jURwrkiaUM/KJ+m3/l7VbFN29neoMixztqj8veYr87gnjfpgPxeQ8k7EtrZfMiLj
            KJbpPUfGedTOE12+MF1U5BllaEggbM=
    
    2010-12-24 19:26:17 1PWKld-0002cM-4G => nwtg.local@host.tld.net R=lookuphost T=remote_smtp H=XXXX.n3twork.net [XXX.XXX.XXX.XXX] X=TLSv1:DHE-RSA-AES256-SHA:256
    2010-12-24 19:26:17 1PWKld-0002cM-4G Completed
    Or email check-auth@verifier.port25.com. If your DKIM signature info looks like the below example:

    Code:
    ----------------------------------------------------------
    DKIM check details:
    ----------------------------------------------------------
    Result:         neutral (message not signed)
    ID(s) verified:
    ...Then you may be utilizing SPF and DK only.

    Never hurts to look at your configs. At least my clients' emails aren't going into the Yahoo/Hotmail/Live.com "Junk" folders whatsoever anymore.

    But heck, I learned a ton today regardless!
    Last edited by Johnny Cache; 12-24-2010 at 11:43 PM. Reason: Omitted client email address

  4. #4
    Join Date
    Nov 2002
    Location
    Portland, Oregon
    Posts
    2,992
    I probably should have noted that I operate clustered environments. Oops!

  5. #5
    Yes it would help if you made a tut, i'm sick of my messages getting marked as spam sometimes :O

    - Ashton
    Ashton Allen | FuseWeb Limited
    Premium UK Webhosting
    | Shared Hosting | VPS | Reseller Hosting | VOIP |
    FuseWeb.co.uk Or follow us on Twitter

  6. #6
    Join Date
    Nov 2002
    Location
    Portland, Oregon
    Posts
    2,992
    Quote Originally Posted by essential-hosting View Post
    Yes it would help if you made a tut, i'm sick of my messages getting marked as spam sometimes :O

    - Ashton
    Okay, I will get started on this after the holidays. Anyone else?

  7. #7
    Join Date
    Dec 2007
    Posts
    1,278
    Wasn't one of these two things depreciated? Im going to have to assume the method your talking about was since I can't see cPanel including it only to have it be old.

    What's the point of having your system work with "dkim" when domainkeys isn't setup and is very easy to setup?

    If your mail is getting flagged as spam with domainkeys & spf you have other issues.
    James Paul Woods
    Operations Manager
    HostKitty Internet Services

  8. #8
    Join Date
    Mar 2006
    Location
    Johannesburg,South Africa
    Posts
    601
    Hi,

    Thanx for sharing your success in getting DKIM working on a cPanel server.

    With your setup, do I need to add a remote_smtp entry for every domain on the server, or does this configuration work for a shared server?
    South African Web Hosting - http://www.SoftDux.co.za || SA WebHostingTalk - http://www.webhostingtalk.co.za

  9. #9
    Join Date
    Nov 2002
    Location
    Portland, Oregon
    Posts
    2,992
    A remote_smtp entry will be required on each individual account. I've not tested it globally, yet.

  10. #10
    Join Date
    Nov 2002
    Location
    Portland, Oregon
    Posts
    2,992

  11. #11
    Join Date
    Nov 2002
    Location
    Portland, Oregon
    Posts
    2,992

  12. #12
    Quote Originally Posted by nwtg View Post
    DK and DKIM appear to be working on my cPanel nodes at this time.

    http://www.brandonchecketts.com/emai...nchecketts.com
    Could you please write a tutorial for this? Really sick of cPanel without DKIM support, your help would be much appreciated!

  13. #13
    Join Date
    Nov 2002
    Location
    Portland, Oregon
    Posts
    2,992
    Quote Originally Posted by p8xc8gji View Post
    Could you please write a tutorial for this? Really sick of cPanel without DKIM support, your help would be much appreciated!
    I will send the instruction (as it worked for me) in a PM.

  14. #14
    Join Date
    Mar 2006
    Location
    Johannesburg,South Africa
    Posts
    601
    Quote Originally Posted by nwtg View Post
    I will send the instruction (as it worked for me) in a PM.
    Can you please send it to me as well?
    South African Web Hosting - http://www.SoftDux.co.za || SA WebHostingTalk - http://www.webhostingtalk.co.za

  15. #15
    Join Date
    Jan 2004
    Location
    India
    Posts
    49
    Can you please send it to me also?
    Surebrowse

  16. #16
    Me too, could you send the installation instructions on PM?

  17. #17
    Join Date
    Nov 2002
    Location
    Portland, Oregon
    Posts
    2,992

    DKIM Signature Support ETA 11.32


    According to the cPanel folks, DKIM signature support will be released for QA in EDGE 11.32.x, but they will be pulling support for DK. (See http://forums.cpanel.net/f145/add-su...77940-p13.html)

    It would be best to wait until this is deployed by the engineers before attempting to use my workaround.


    From cPanelDavidG - Update: We will be implementing DKIM but dropping DomainKeys due largely to the input on this thread indicating the old DomainKeys standard is basically no longer being used. Just updating this thread in case anyone wants to take any preemptive maintenance on their servers just before 11.32 reaches production tiers. Currently, version 11.30 is in EDGE and will soon be propagating to all production tiers, paving the way for 11.31/11.32 to begin propagating through pre-production tiers.

  18. #18
    Hello,

    I tried several times to install the dkim and didn't succeed.

    Brandon Test Results

    result = fail
    Details: bad RSA signature

    I used step by step this short tutorial techinterplay.com/enabled-dkim-cpanel-server.html

    Don't know what i did wrong. Please help me

  19. #19
    Join Date
    Nov 2002
    Location
    Portland, Oregon
    Posts
    2,992

    11.32

    Quote Originally Posted by nicu1985 View Post
    Hello,

    I tried several times to install the dkim and didn't succeed.

    Brandon Test Results

    result = fail
    Details: bad RSA signature

    I used step by step this short tutorial techinterplay.com/enabled-dkim-cpanel-server.html

    Don't know what i did wrong. Please help me
    If you have the available resources, try updating to 11.32.2.8. WHM/cPanel 11.32 has DKIM signature support. I've been running it in a QA environment for a few weeks now, and have sent in a few bugs, but DKIM authentication is working fine.

  20. #20
    So where do I find information on how to setup the dkim signature, ie where does that information go in the email app for the current run of cpanel?

  21. #21
    Quote Originally Posted by scottmoss View Post
    So where do I find information on how to setup the dkim signature, ie where does that information go in the email app for the current run of cpanel?
    Cpanel now support this feature in any version higher than 11.32
    <<< Please see Forum Guidelines for signature setup. >>>

  22. #22

    Step by step directions to setup dkim for cpanel

    what I was really looking for were step by step directions on how to setup DKIM for CPANEL.

  23. #23
    Quote Originally Posted by scottmoss View Post
    what I was really looking for were step by step directions on how to setup DKIM for CPANEL.
    You can upgrade to latest stable cpanel version, the upgrade will enable DKIM and it will remove old domain keys.
    <<< Please see Forum Guidelines for signature setup. >>>

  24. #24
    then where in the updated cpanel console would one go to add the dkim signature to the mail, config, so the mail server has the private key?

  25. #25
    Quote Originally Posted by scottmoss View Post
    then where in the updated cpanel console would one go to add the dkim signature to the mail, config, so the mail server has the private key?
    You can check whether DKIM is installed or not from under DKIM "Email Authentication" in any cpanel account, you should see "Status: Enabled & Active (DNS Check Passed)
    "
    <<< Please see Forum Guidelines for signature setup. >>>

Page 1 of 2 12 LastLast

Similar Threads

  1. Need Help with DKIM
    By galleline in forum VPS Hosting
    Replies: 4
    Last Post: 11-21-2010, 02:23 AM
  2. DKIM w/ cPanel/Exim Linux Server
    By apacheMan in forum Hosting Security and Technology
    Replies: 22
    Last Post: 10-18-2010, 03:39 PM
  3. install dkim in cpanel
    By droidman in forum Hosting Security and Technology
    Replies: 1
    Last Post: 09-12-2010, 07:04 AM
  4. how to set DKIM and Domain Keys on centos 5.2 with cPanel ??
    By koolnhot in forum Hosting Security and Technology
    Replies: 5
    Last Post: 07-01-2009, 07:44 AM
  5. Uniform email signatures across a group of people with Cpanel hosting?
    By Azam_net in forum Hosting Software and Control Panels
    Replies: 1
    Last Post: 06-09-2009, 02:53 PM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •