Connect. Communicate. Collaborate. Securely.

Home » Kerio User Forums » Kerio Connect » DomainKeys
  •  
keywerks

Messages: 73
Karma: -2
Send a private message to this user
Will KMS support DomainKeys in a future release?
  •  
keywerks

Messages: 73
Karma: -2
Send a private message to this user
No suggestions?

*************************************
PHPStar - the missing gear in your web engine
Visit http://phpstar.keywerks.de
*************************************
  •  
peterj

Messages: 852
Karma: 1
Send a private message to this user

No but I would rather the IETF go down the DNS based Caller-ID route anyway.

Domainkeys sounds like too much administration.

I'm not bothered about validation as long as source can be relied upon...

  •  
Pavel Dobry (Kerio)

Messages: 5245
Karma: 251
Send a private message to this user
peterj wrote on Fri, 19 November 2004 16:57


No but I would rather the IETF go down the DNS based Caller-ID route anyway.

Domainkeys sounds like too much administration.

I'm not bothered about validation as long as source can be relied upon...




Yes, KMS will support DomainKeys, SPF and Sender-ID (if it will be standardized).
  •  
keywerks

Messages: 73
Karma: -2
Send a private message to this user
Great! Thanks a lot :-)

*************************************
PHPStar - the missing gear in your web engine
Visit http://phpstar.keywerks.de
*************************************
  •  
cbsys

Messages: 13
Karma: 0
Send a private message to this user

Quote:

Yes, KMS will support DomainKeys, SPF and Sender-ID (if it will be standardized).


I notice that there is STILL no support for DomainKeys and a lot of ISPs are now using it, this is preventing our clients from sending emails!

[Updated on: Fri, 14 November 2008 11:57]

  •  
freakinvibe

Messages: 1552
Karma: 62
Send a private message to this user
Why can't your client send mails? I don't think there are any mails hosts absolutely requiring DKIM?

Dexion AG - The Blackberry Specialists in Switzerland
https://dexionag.ch
  •  
cbsys

Messages: 13
Karma: 0
Send a private message to this user
Our clients mail gets rejected by the recipients email server - a rejection message is sent back to them :

Your message did not reach some or all of the intended recipients.

Subject: Sales for Octob er
Sent: 10/11/2008 10:49

The following recipient(s) cannot be reached:

phil<_a.t_>nippi.net on 10/11/2008 10:59
mail.ukmailscan.net: 550 Sorry, this message fails DomainKeys
  •  
freakinvibe

Messages: 1552
Karma: 62
Send a private message to this user
That probably happens if you forward mails with domainkeys in the header or some mailgateway inbetween re-writes the header.

http://www.bluebottle.com/domainkeys-is-flawed.php

Dexion AG - The Blackberry Specialists in Switzerland
https://dexionag.ch
  •  
cbsys

Messages: 13
Karma: 0
Send a private message to this user
No - these are brand new emails composed and send from kerio
  •  
freakinvibe

Messages: 1552
Karma: 62
Send a private message to this user
That is strange. For a test I sent a mail to phil<_a.t_>nippi.net and it got through with no error (I am using KMS). See log below:

[17/Nov/2008 18:23:06][3668] {smtpc} Connecting to mail.ukmailscan.net, delivering mail from <me<_a.t_>mydomain.com>
[17/Nov/2008 18:23:11][3668] {smtpc} Connected to mail.ukmailscan.net
[17/Nov/2008 18:23:12][3668] {smtpc} Received greeting: 220 ukmailscan.net ESMTP SecurityGateway 1.1.0; Mon, 17 Nov 2008 17:23:18 +0000
[17/Nov/2008 18:23:12][3668] {smtpc} Sending EHLO
[17/Nov/2008 18:23:12][3668] {smtpc} Sent MAIL command
[17/Nov/2008 18:23:12][3668] {smtpc} Got reply: 250 <me<_a.t_>mydomain.com>, Sender ok
[17/Nov/2008 18:23:12][3668] {smtpc} Sent RCPT TO: <phil<_a.t_>nippi.net>
[17/Nov/2008 18:23:12][3668] {smtpc} Got reply: 250 <phil<_a.t_>nippi.net>, Recipient ok
[17/Nov/2008 18:23:12][3668] {smtpc} Sent DATA command
[17/Nov/2008 18:23:12][3668] {smtpc} Got reply: 354 Enter mail, end with <CRLF>.<CRLF>
[17/Nov/2008 18:23:12][3668] {smtpc} Sending message body...
[17/Nov/2008 18:23:25][3668] {smtpc} Data sent, got reply: 250 Ok, message saved
[17/Nov/2008 18:23:25][3668] {smtpc} QUIT sent, got reply: 221 See ya in cyberspace

It must be something on your end that causes the error. Any firewalls, mailgateways that you are using?

[Updated on: Mon, 17 November 2008 18:28]


Dexion AG - The Blackberry Specialists in Switzerland
https://dexionag.ch
  •  
cbsys

Messages: 13
Karma: 0
Send a private message to this user
well it happens to us all the time. We are using 6.6.0 patch 1

No firewalls gateways etc, just the ADSL router
  •  
cbsys

Messages: 13
Karma: 0
Send a private message to this user
here's my debug-

[17/Nov/2008 20:46:37][6612] {smtpc} Connecting to mail.ukmailscan.net, delivering mail from <andy<_a.t_>cbsys.net>
[17/Nov/2008 20:46:37][6612] {smtpc} Connected to mail.ukmailscan.net
[17/Nov/2008 20:46:37][6612] {smtpc} Received greeting: 220 ukmailscan.net ESMTP SecurityGateway 1.1.0; Mon, 17 Nov 2008 20:48:54 +0000
[17/Nov/2008 20:46:37][6612] {smtpc} Sending EHLO
[17/Nov/2008 20:46:37][6612] {smtpc} Sent MAIL command
[17/Nov/2008 20:46:37][6612] {smtpc} Got reply: 250 <andy<_a.t_>cbsys.net>, Sender ok
[17/Nov/2008 20:46:37][6612] {smtpc} Sent RCPT TO: <phil<_a.t_>nippi.net>
[17/Nov/2008 20:46:38][6612] {smtpc} Got reply: 250 <phil<_a.t_>nippi.net>, Recipient ok
[17/Nov/2008 20:46:38][6612] {smtpc} Sent DATA command
[17/Nov/2008 20:46:38][6612] {smtpc} Got reply: 354 Enter mail, end with <CRLF>.<CRLF>
[17/Nov/2008 20:46:38][6612] {smtpc} Sending message body...
[17/Nov/2008 20:46:38][6612] {smtpc} Data sent, got reply: 550 Sorry, this message fails DomainKeys
[17/Nov/2008 20:46:38][6612] {smtpc} Data not accepted: 550 Sorry, this message fails DomainKeys
[17/Nov/2008 20:46:38][6612] {smtpc} Connection closed by remote host prematurely.
  •  
Pavel Dobry (Kerio)

Messages: 5245
Karma: 251
Send a private message to this user
Maybe the DomainKeys requirement is applied only to some messages which failed in antispam evaluation. I can imagine that DomainKeys could be used as a whitelist if the message is marked as spam by other rules or the sender is on DNS blacklist.
freakinvibe

Messages: 1552
Karma: 62
Send a private message to this user
I found the problem. Your DNS records for cbsys.net indicate that you sign all e-mail with domain keys. You have to delete the

_domainkey.cbsys.net

record in your DNS. See DKIM test results below:

------
Testing cbsys.net
New test
Policy TXT=o=-

This policy record appears valid.

Tag Value Explanation
o - Domain signs *ALL* email

Dexion AG - The Blackberry Specialists in Switzerland
https://dexionag.ch
Previous Topic: Some users can't see public calendar
Next Topic: post recovery synchierarchy issue on one mailbox
Goto Forum:
  


Disclaimer:
Kerio discussion forums are intended for open communication between forum members and may contain information and material posted by members which may be useful in learning about Kerio products. The discussion forums are not intended to provide technical support for any specific product. Any information implied or expressed in the discussion forums is that of the posting member. Kerio is in no way responsible for the information posted in the forums, or its accuracy. Kerio employees may participate in the discussions, but their postings do not represent an offical position of the company on any issues raised or discussed. Kerio reserves the right to monitor and maintain the forums to promote free and accurate exchange of information.

Current Time: Mon Nov 20 04:44:27 CET 2017

Total time taken to generate the page: 0.00595 seconds
.:: Contact :: Home ::.
Powered by: FUDforum 3.0.4.