PurpleHat - DKIM

[AlabamaNocDoc]

I have an install of PurpleHat (http://www.purplehat.org/?page_id=4) as a mail server running several different domains. Everything has been running flawlessly, however it has come to my attention that some mail is not making it to intended recipients and being kicked out or dumped as spam or being caught in a filter. In working with the intended recipient’s provider, they have stated that this is because DKIM is not on our machine. Being new to FreeBSD, can someone point me in the right direction in solving this? I have done many searches and have gotten bits and pieces however is there a Step-By-Step tutorial someone could point me to?

Thanks in advance for your time.

 

[SirDice]

In working with the intended recipient’s provider, they have stated that this is because DKIM is not on our machine.

They should still accept the email even if you don't have DKIM. It's not something that's mandatory and a lot of mail servers do not have it.

 

[DutchDaemon]

I think (it's been a couple of years now) it was rather easy to splice together the necessary information from opendkim(8) and opendkim.conf(5) (also see the /usr/local/etc/opendkim.conf.sample file), and from the documentation at http://www.opendkim.org/docs.html. I did it on Sendmail/BIND, but I think it's pretty MTA/DNS agnostic otherwise.

P.S.: if you click the man links: the port manuals are not present for FreeBSD 10 yet, so drop to "FreeBSD 9.2 + ports" there.
P.P.S.: DKIM should not be mandatory right now, it is not a widely implemented industry standard as such. I do use DKIM and SPF (and greylisting) because is gets outgoing mail accepted faster, and incoming mail spam-filtered faster, but that's about it.

 

[AlabamaNocDoc]

@SirDice - You are absolutely correct. They should be accepting the mail, however if sending to any domain that has their mail hosted with secureserver.net (Godaddy) or mxlogic.net, the emails are going ... we get confirmation that it is sent as well as received by their servers, but it never makes it to the e-mail recipient. I have spent several hours on the phone with them and they have put DKIM in their receive policies. Our server has been up for about a year now and had no problems sending to these servers before, however when their policy changed a couple of month ago, our mail stopped going through. I appreciate your comments on this though. Thank you!

@DutchDaemon - Thank you for your input as well, I'm really stuck here. I am running FreeBSD 9.1-RELEASE #0 r243825. For the past few weeks I have researched SPF and DKIM. Not being fluent in FreeBSD, I have found that step by step tutorials are best for me as I learn better when it's all written out. Unfortunately, I have run into stumbling blocks along the way, Version this for this, Version that for that etc. Confusing as to which version to use or where to get it, installation etc. I am very fluent with Windows, and have a complete understanding of what I'm trying to accomplish and how everything works and could have it set up in a Windows environment in a couple of hours, however, as I have been researching FreeBSD, I have found it to be a much better way to go. FreeBSD is a much more robust platform and even the mail server has performed far beyond my expectations. So I would like nothing better then to migrate all of our servers to FreeBSD. In my research, I found this link on setting up SPF with the PurpleHat install, unfortunately this is a dead link "http://forums.freebsd.org/showpost.php?p=151698&postcount=2". Found plenty of links for Ubuntu, Linux, but none for FreeBSD.
As in your P.P.S., I agree. As an end result I would also like to use DKIM and SPF as well as grey listing to complete my project but in my learning I seem to be getting more confused than educated, I just need a bit of direction. Thank you for your time!

 

[Edsel]

I have done many searches and have gotten bits and pieces however is there a Step-By-Step tutorial someone could point me to?

Try this one http://www.ipsure.com/blog/2012/dkim-mi ... m-instead/

It is very well written.

 

[SirDice]

Our server has been up for about a year now and had no problems sending to these servers before, however when their policy changed a couple of month ago, our mail stopped going through.

That should be an indication enough that the issue is on their side, not yours.

I've spend countless hours on the phone with dorky mail admins that insisted that our outgoing mail servers had to have MX records (MX records are for incoming mail servers only). You will have your work cut out for you. Ask them which RFC specifically mentions DKIM is now mandatory.