Hi Dear Community Friends,
it is few days now, i am trying to figure out why DKIM is working / not working. Any assistance would be very much appreciable.
Server IP is not blacklisted ever, MX, PTR SPF, DKIM records are available in DNS. why it is working at Gmail, why failing at Yahoo?
Gmail dkim=pass header.i=@digital-infotech.net
Yahoo: domainkeys=neutral (no sig); from=digital-infotech.net; dkim=permerror (future timestamp)
Prabh S. Mavi
Hi Dear Community Friends,
it is few days now, i am trying to figure out why DKIM is working / not working. Any assistance would be very much appreciable.
Server IP is not blacklisted ever, MX, PTR SPF, DKIM records are available in DNS. why it is working at Gmail, why failing at Yahoo?
Gmail dkim=pass header.i=@digital-infotech.net
Yahoo: domainkeys=neutral (no sig); from=digital-infotech.net; dkim=permerror (future timestamp)
Hello, Prabh.
Your answer lies in the info you provided:
domainkeys=neutral (no sig); from=digital-infotech.net; dkim=permerror (future timestamp)
Yahoo appears to think that your timestamp is off by some amount of time in the future.
Hello, Prabh.
Your answer lies in the info you provided:
domainkeys=neutral (no sig); from=digital-infotech.net; dkim=permerror (future timestamp)
Yahoo appears to think that your timestamp is off by some amount of time in the future.
-- Mike Burger http://www.bubbanfriends.org
Dear Mike,
Thank you very much for your response, do you mean i should configure NTP client ?
Thanks - Prabh
Prabh S. Mavi
Hello, Prabh.
Your answer lies in the info you provided:
domainkeys=neutral (no sig); from=digital-infotech.net; dkim=permerror (future timestamp)
Yahoo appears to think that your timestamp is off by some amount of time in the future.
-- Mike Burger http://www.bubbanfriends.org
Configured NTP, restarted server, sent new mail and i have.
Authentication-Results: mta1217.mail.mud.yahoo.com from=digital-infotech.net; domainkeys=neutral (no sig); from=digital-infotech.net; dkim=permerror (future timestamp)
Hello, Prabh.
Your answer lies in the info you provided:
domainkeys=neutral (no sig); from=digital-infotech.net; dkim=permerror (future timestamp)
Yahoo appears to think that your timestamp is off by some amount of time in the future.
-- Mike Burger
Hello Mike,
that actually worked!! i configured ntpd & ntpdate & restarted the server. But when i restarted the server, dovecot failed to start on boot (it is virtual machine). with this error.
dovecot: dovecot: Fatal: Time just moved backwards by 537 seconds. This might cause a lot of problems, so I'll just kill myself now.
immediately then, i tried to send one email from command line, here are the results. WORKED !!
mta1001.mail.gq1.yahoo.com from=example.net; domainkeys=neutral (no sig); from=digital-infotech.net; dkim=pass (ok)
i am sure i can deal with dovecot problem.
Thanks / Regards Prabh S. Mavi
On 5/2/2012 7:51 AM, Prabhpal S. Mavi wrote:
Hello Mike,
that actually worked!! i configured ntpd& ntpdate& restarted the server. But when i restarted the server, dovecot failed to start on boot (it is virtual machine). with this error.
dovecot: dovecot: Fatal: Time just moved backwards by 537 seconds. This might cause a lot of problems, so I'll just kill myself now.
immediately then, i tried to send one email from command line, here are the results. WORKED !!
mta1001.mail.gq1.yahoo.com from=example.net; domainkeys=neutral (no sig); from=digital-infotech.net; dkim=pass (ok)
i am sure i can deal with dovecot problem.
When you use ntpdate and move the time by a large amount I found some programs did not like that, dovecot being one of them. All you have to do is start/restart it and it will be fine. Best make sure nothing else failed in your logs or just reboot after such a large time fix.
But when i restarted the server, dovecot failed to start on boot (it is virtual machine). with this error.
dovecot: dovecot: Fatal: Time just moved backwards by 537 seconds. This might cause a lot of problems, so I'll just kill myself now.
immediately then, i tried to send one email from command line, here are the results. WORKED !!
mta1001.mail.gq1.yahoo.com from=example.net; domainkeys=neutral (no sig); from=digital-infotech.net; dkim=pass (ok)
i am sure i can deal with dovecot problem.
When you use ntpdate and move the time by a large amount I found some programs did not like that, dovecot being one of them. All you have to do is start/restart it and it will be fine. Best make sure nothing else failed in your logs or just reboot after such a large time fix.
Dear BOB. H
Thank you very much for your response. i found some work around. Here it is, might help someone.
if i do not enable "ntpd / ntpdate" to set the time correctly. Yahoo Reports dkim check error = future_time_stemps. dkim=fail
But if i enable "ntpdate & ntpd" then dovecot fails with time shifted backwards errors. dovecot kills it self
Objective: dkim must pass and dovecot must not stop
Solution:
Disable these daemons --> ntpd and ntpdate
1. Configure ESXi Server to receive the time from following servers
0.CC.pool.ntp.org 1.CC.pool.ntp.org 2.CC.pool.ntp.org
2. Restart NTP service on ESX
Note: Make sure upd:123 is open on corporate firewall for ESX IP to synchronize with above servers
Right click virtual machine, click settings then Options -> VMware Tools select "synchronize guest time with host"
time is now set correctly & dkim=pass (ok)
Authentication-Results: mta1224.mail.ac4.yahoo.com from=digital-infotech.net; domainkeys=neutral (no sig); from=digital-infotech.net; dkim=pass (ok)
Prabh S. Mavi
On 5/2/2012 12:16 PM, Prabhpal S. Mavi wrote:
But when i restarted the server, dovecot failed to start on boot (it is virtual machine). with this error.
dovecot: dovecot: Fatal: Time just moved backwards by 537 seconds. This might cause a lot of problems, so I'll just kill myself now.
immediately then, i tried to send one email from command line, here are the results. WORKED !!
mta1001.mail.gq1.yahoo.com from=example.net; domainkeys=neutral (no sig); from=digital-infotech.net; dkim=pass (ok)
i am sure i can deal with dovecot problem.
When you use ntpdate and move the time by a large amount I found some programs did not like that, dovecot being one of them. All you have to do is start/restart it and it will be fine. Best make sure nothing else failed in your logs or just reboot after such a large time fix.
Dear BOB. H
Thank you very much for your response. i found some work around. Here it is, might help someone.
if i do not enable "ntpd / ntpdate" to set the time correctly. Yahoo Reports dkim check error = future_time_stemps. dkim=fail
But if i enable "ntpdate& ntpd" then dovecot fails with time shifted backwards errors. dovecot kills it self
Objective: dkim must pass and dovecot must not stop
Solution:
Disable these daemons --> ntpd and ntpdate
- Configure ESXi Server to receive the time from following servers
0.CC.pool.ntp.org 1.CC.pool.ntp.org 2.CC.pool.ntp.org
- Restart NTP service on ESX
Note: Make sure upd:123 is open on corporate firewall for ESX IP to synchronize with above servers
Right click virtual machine, click settings then Options -> VMware Tools select "synchronize guest time with host"
time is now set correctly& dkim=pass (ok)
Authentication-Results: mta1224.mail.ac4.yahoo.com from=digital-infotech.net; domainkeys=neutral (no sig); from=digital-infotech.net; dkim=pass (ok)
Prabh S. Mavi
ntpdate should be run just once and then just have ntpd on.. the nptdate should bring the server to the proper time and cause dovecot to fail..you should only need to run it once (assuming the server is left on and not off for long periods). I run ntpd as a daemon, but not ntpdate... you do have to set up ntp as you have done to get in the pools, but leaving ntp on as a daemon should not affect it...at least it does not with mine.
ntpdate should be run just once and then just have ntpd on.. the nptdate should bring the server to the proper time and cause dovecot to fail..you should only need to run it once (assuming the server is left on and not off for long periods). I run ntpd as a daemon, but not ntpdate... you do have to set up ntp as you have done to get in the pools, but leaving ntp on as a daemon should not affect it...at least it does not with mine.
Dear BOB. H,
Thanks for your response, you are right, it is "ntpdate" that create the problem after reboot not "ntpd". once the time is corrected by "ntpdate" after that no issues as long as server is up.
there are other solution, who wish to run both daemons. bash script can monitor dovecot every 5min through cron. when dovecot will stop due to time shifted error after reboot, script will start it again. and would be fine as long as server does not reboot again.
Thanks / Regards
Prabh S. Mavi
on 5/2/2012 9:36 AM Prabhpal S. Mavi spake the following:
ntpdate should be run just once and then just have ntpd on.. the nptdate should bring the server to the proper time and cause dovecot to fail..you should only need to run it once (assuming the server is left on and not off for long periods). I run ntpd as a daemon, but not ntpdate... you do have to set up ntp as you have done to get in the pools, but leaving ntp on as a daemon should not affect it...at least it does not with mine.
Dear BOB. H,
Thanks for your response, you are right, it is "ntpdate" that create the problem after reboot not "ntpd". once the time is corrected by "ntpdate" after that no issues as long as server is up.
there are other solution, who wish to run both daemons. bash script can monitor dovecot every 5min through cron. when dovecot will stop due to time shifted error after reboot, script will start it again. and would be fine as long as server does not reboot again.
Thanks / Regards
Prabh S. Mavi
NTPD will slowly and constantly keep your clock in sync... You do not need to run dtpdate constantly as it will force the large time jumps...
-
Bob Hoffman -
Mike Burger -
Prabhpal S. Mavi -
Scott Silva