[CentOS] DKIM Pass - Fail - Solved !!!

Bob Hoffman bob at bobhoffman.com
Wed May 2 16:22:20 UTC 2012


On 5/2/2012 12:16 PM, Prabhpal S. Mavi wrote:
>>> But when i restarted the server, dovecot failed to start on boot (it is
>>> virtual machine). with this error.
>>>
>>> dovecot: dovecot: Fatal: Time just moved backwards by 537 seconds. This
>>> might cause a lot of problems, so I'll just kill myself now.
>>>
>>> immediately then, i tried to send one email from command line, here are
>>> the results. WORKED !!
>>>
>>> mta1001.mail.gq1.yahoo.com from=example.net; domainkeys=neutral (no
>>> sig);
>>> from=digital-infotech.net; dkim=pass (ok)
>>>
>>> i am sure i can deal with dovecot problem.
>>>
>>>
>> When you use ntpdate and move the time by a large amount I found some
>> programs did not like that, dovecot being one of them. All you have to
>> do is start/restart it and it will be fine. Best make sure nothing else
>> failed in your logs or just reboot after such a large time fix.
> Dear BOB. H
>
> Thank you very much for your response. i found some work around. Here it
> is, might help someone.
>
> if i do not enable "ntpd / ntpdate" to set the time correctly. Yahoo
> Reports dkim check error = future_time_stemps. dkim=fail
>
> But if i enable "ntpdate&  ntpd" then dovecot fails with time shifted
> backwards errors. dovecot kills it self
>
> Objective: dkim must pass and dovecot must not stop
>
> Solution:
>
> Disable these daemons -->  ntpd and ntpdate
>
>
> 1. Configure ESXi Server to receive the time from following servers
>
> 0.CC.pool.ntp.org
> 1.CC.pool.ntp.org
> 2.CC.pool.ntp.org
>
>
> 2. Restart NTP service on ESX
>
> Note: Make sure upd:123 is open on corporate firewall for ESX IP to
> synchronize with above servers
>
> Right click virtual machine, click settings then Options ->  VMware Tools
> select "synchronize guest time with host"
>
> time is now set correctly&  dkim=pass (ok)
>
> Authentication-Results:	 mta1224.mail.ac4.yahoo.com
> from=digital-infotech.net; domainkeys=neutral (no sig);
> from=digital-infotech.net; dkim=pass (ok)
>
>
> Prabh S. Mavi
>
>
ntpdate should be run just once and then just have ntpd on.. the nptdate 
should bring the server to the proper time and cause dovecot to 
fail..you should only need to run it once (assuming the server is left 
on and not off for long periods).
I run ntpd as a daemon, but not ntpdate...
you do have to set up ntp as you have done to get in the pools, but 
leaving ntp on as a daemon should not affect it...at least it does not 
with mine.



More information about the CentOS mailing list