1

We installed SPF, DKIM, and DMARC records for email security/verifiability.

When sending through the console or a mail client like Outlook or Mac's Mail it processes fully and has all three pass.

When sending through Zend Framework 1.12's SendMail function it fails (php).

Did we miss a configuration at some point to have php emails signed as well? What file do we look into? Or does there have to be a different installation/add-on?

We are using OpenDKIM and Postfix, on Cent OS 6

postfix -n result:

alias_database = hash:/etc/aliases alias_maps = hash:/etc/aliases command_directory = /usr/sbin config_directory = /etc/postfix daemon_directory = /usr/libexec/postfix data_directory = /var/lib/postfix debug_peer_level = 2 html_directory = no inet_interfaces = all inet_protocols = all mail_owner = postfix mailq_path = /usr/bin/mailq.postfix manpage_directory = /usr/share/man milter_default_action = accept milter_protocol = 2 mydestination = $myhostname, localhost.$mydomain, localhost, $mydomain, mail.$mydomain, www.$mydomain, ftp.$mydomain mydomain = example.com myhostname = server1.example.com mynetworks = 127.0.0.0/32 myorigin = $mydomain newaliases_path = /usr/bin/newaliases.postfix non_smtpd_milters = queue_directory = /var/spool/postfix readme_directory = /usr/share/doc/postfix-2.6.6/README_FILES sample_directory = /usr/share/doc/postfix-2.6.6/samples sendmail_path = /usr/sbin/sendmail.postfix setgid_group = postdrop smtpd_milters = inet:localhost:8891 smtpd_recipient_restrictions = permit_mynetworks, permit_sasl_authenticated, reject_unauth_destination smtpd_sasl_auth_enable = yes smtpd_sasl_path = private/auth smtpd_sasl_type = dovecot smtpd_tls_auth_only = yes smtpd_tls_cert_file = /etc/pki/tls/certs/mail.example.com.crt smtpd_tls_key_file = /etc/pki/tls/private/mail.example.com.key smtpd_tls_loglevel = 1 smtpd_tls_security_level = may smtpd_tls_session_cache_timeout = 3600s tls_random_source = dev:/dev/urandom unknown_local_recipient_reject_code = 550 virtual_transport = dovecot

This is the results I get from Port25 email checker. All is the same except DKIM is missing when zend.

Non-Zend Regular Headers: DKIM Signed

Return-Path: <[email protected]> Received: from server1.example.com (123.123.123.123 (my server ip)) by verifier.port25.com id hrh7ri20i3gm for <[email protected]>; Thu, 12 Feb 2015 02:01:13 -0500 (envelope-from <[email protected]>) Authentication-Results: verifier.port25.com; spf=pass [email protected] Authentication-Results: verifier.port25.com; domainkeys=neutral (message not signed) [email protected] Authentication-Results: verifier.port25.com; dkim=pass (matches From: [email protected]) header.d=example.com Authentication-Results: verifier.port25.com; sender-id=pass [email protected] Received: from [111.111.1.111] (cpe-11-11-111-111.socal.res.rr.com [76.94.200.240]) by server1.example.com (Postfix) with ESMTPSA id 33F233800A9 for <[email protected].>; Wed, 11 Feb 2015 23:01:11 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=example.com; s=default; t=1423724471; bh=qMnrIAg7afoneBTtI0hU9OrDkqChYZOD1f4AUvZtdGw=; h=From:Subject:Date:To; b=g4lXm/vQ54wq/B0fCAf/U3Hj3hi2N2jojst+5lURCfykwhvzjqCm/Z5VGz3rcu MoZCfxEkCI4OyQqW2kch93h93h93j3kbuCg3Pehl2WlgoLJy2S8CMR68ygNU52+P88 IG/vq2YShK6ctLUxRq4O79IYzKcInRiXuWOtuV3A= From: Darius <[email protected]> Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Subject: Give me a test result. Thank you. Message-Id: <[email protected]> Date: Wed, 11 Feb 2015 23:01:00 -0800 To: [email protected]. Mime-Version: 1.0 (Mac OS X Mail 8.2 \(2070.6\)) X-Mailer: Apple Mail (2.2070.6)

And this is the Zend Version of Headers Results: NOT DKIM Signed

Return-Path: <[email protected]> Received: from server1.example.com (xxx.xxx.xxx.xxx (my server ip)) by verifier.port25.com id hr9du620i3gl for <[email protected]>; Tue, 10 Feb 2015 14:28:35 -0500 (envelope-from <[email protected]>) Authentication-Results: verifier.port25.com; spf=pass [email protected] Authentication-Results: verifier.port25.com; domainkeys=neutral (message not signed) [email protected] Authentication-Results: verifier.port25.com; dkim=neutral (message not signed) Authentication-Results: verifier.port25.com; sender-id=pass [email protected] Received: by server1.example.com (Postfix, from userid 500) id 08E073800AA; Tue, 10 Feb 2015 11:28:25 -0800 (PST) To: [email protected] Subject: mydomain Test X-PHP-Originating-Script: 5004:Sendmail.php From: mydomain Test <[email protected]> Date: Tue, 10 Feb 2015 11:28:24 -0800 Content-Type: multipart/alternative; boundary="=_af78e87ff18206603cb724d073777150" MIME-Version: 1.0 Message-Id: <[email protected]>
Improve this question
1
  • 1
    Just for note, the OP said this the original question (before edited): I apologize I reposted this after deleting the previous (I posted my full name and IP address in other one by accident, and freaked). Commented Feb 12, 2015 at 7:36

1 Answer 1

Reset to default
4

When sending through the console or a mail client like Outlook or Mac's Mail it processes fully and has all three pass.

This behavior was expected because you place this configuration in main.cf

smtpd_milters = inet:localhost:8891

When sending through Zend Framework 1.12's SendMail function it fails (php).

This behavior was expected too because you place this configuration in main.cf

non_smtpd_milters =

Explanation

By default, OpenDKIM was combined with postfix through milter. Enabling/Disabling milter application was controlled by smtpd_milters and non_smtpd_milters parameters. For application who send email through smtpd, the correspondence parameter is smtpd_milters, for sendmail, the parameter is non_smtpd_milters

Solution

Replace non_smtpd_milters = with

non_smtpd_milters = inet:localhost:8891
Improve this answer
2
  • Works perfectly now! Thank you! Is there anything I should be concerned about by setting non_smtpd_milters to that? Dangers, etc.? Commented Feb 12, 2015 at 8:15
  • Yes, for example this Plesk case Commented Feb 12, 2015 at 8:17

You must log in to answer this question.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.