We installed SPF, DKIM, and DMARC records for email security/verifiability.
When sending through the console or a mail client like Outlook or Mac's Mail it processes fully and has all three pass.
When sending through Zend Framework 1.12's SendMail function it fails (php).
Did we miss a configuration at some point to have php emails signed as well? What file do we look into? Or does there have to be a different installation/add-on?
We are using OpenDKIM and Postfix, on Cent OS 6
postfix -n result:
alias_database = hash:/etc/aliases
alias_maps = hash:/etc/aliases
command_directory = /usr/sbin
config_directory = /etc/postfix
daemon_directory = /usr/libexec/postfix
data_directory = /var/lib/postfix
debug_peer_level = 2
html_directory = no
inet_interfaces = all
inet_protocols = all
mail_owner = postfix
mailq_path = /usr/bin/mailq.postfix
manpage_directory = /usr/share/man
milter_default_action = accept
milter_protocol = 2
mydestination = $myhostname, localhost.$mydomain, localhost, $mydomain, mail.$mydomain, www.$mydomain, ftp.$mydomain
mydomain = example.com
myhostname = server1.example.com
mynetworks = 127.0.0.0/32
myorigin = $mydomain
newaliases_path = /usr/bin/newaliases.postfix
non_smtpd_milters =
queue_directory = /var/spool/postfix
readme_directory = /usr/share/doc/postfix-2.6.6/README_FILES
sample_directory = /usr/share/doc/postfix-2.6.6/samples
sendmail_path = /usr/sbin/sendmail.postfix
setgid_group = postdrop
smtpd_milters = inet:localhost:8891
smtpd_recipient_restrictions = permit_mynetworks, permit_sasl_authenticated, reject_unauth_destination
smtpd_sasl_auth_enable = yes
smtpd_sasl_path = private/auth
smtpd_sasl_type = dovecot
smtpd_tls_auth_only = yes
smtpd_tls_cert_file = /etc/pki/tls/certs/mail.example.com.crt
smtpd_tls_key_file = /etc/pki/tls/private/mail.example.com.key
smtpd_tls_loglevel = 1
smtpd_tls_security_level = may
smtpd_tls_session_cache_timeout = 3600s
tls_random_source = dev:/dev/urandom
unknown_local_recipient_reject_code = 550
virtual_transport = dovecot
This is the results I get from Port25 email checker. All is the same except DKIM is missing when zend.
Non-Zend Regular Headers: DKIM Signed
Return-Path: <darius@example.com>
Received: from server1.example.com (123.123.123.123 (my server ip)) by verifier.port25.com id hrh7ri20i3gm for <check-auth@verifier.port25.com>; Thu, 12 Feb 2015 02:01:13 -0500 (envelope-from <darius@example.com>)
Authentication-Results: verifier.port25.com; spf=pass smtp.mailfrom=darius@example.com
Authentication-Results: verifier.port25.com; domainkeys=neutral (message not signed) header.From=darius@example.com
Authentication-Results: verifier.port25.com; dkim=pass (matches From: darius@example.com) header.d=example.com
Authentication-Results: verifier.port25.com; sender-id=pass header.From=darius@example.com
Received: from [111.111.1.111] (cpe-11-11-111-111.socal.res.rr.com [76.94.200.240])
by server1.example.com (Postfix) with ESMTPSA id 33F233800A9
for <check-auth@verifier.port25.com.>; Wed, 11 Feb 2015 23:01:11 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=example.com;
s=default; t=1423724471;
bh=qMnrIAg7afoneBTtI0hU9OrDkqChYZOD1f4AUvZtdGw=;
h=From:Subject:Date:To;
b=g4lXm/vQ54wq/B0fCAf/U3Hj3hi2N2jojst+5lURCfykwhvzjqCm/Z5VGz3rcu
MoZCfxEkCI4OyQqW2kch93h93h93j3kbuCg3Pehl2WlgoLJy2S8CMR68ygNU52+P88
IG/vq2YShK6ctLUxRq4O79IYzKcInRiXuWOtuV3A=
From: Darius <darius@example.com>
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit
Subject: Give me a test result. Thank you.
Message-Id: <68D428E0-84CD-46EC-B326-2FC15BE565AE@example.com>
Date: Wed, 11 Feb 2015 23:01:00 -0800
To: check-auth@verifier.port25.com.
Mime-Version: 1.0 (Mac OS X Mail 8.2 \(2070.6\))
X-Mailer: Apple Mail (2.2070.6)
And this is the Zend Version of Headers Results: NOT DKIM Signed
Return-Path: <apache@example.com>
Received: from server1.example.com (xxx.xxx.xxx.xxx (my server ip)) by verifier.port25.com id hr9du620i3gl for <check-auth-darius=example.com@verifier.port25.com>; Tue, 10 Feb 2015 14:28:35 -0500 (envelope-from <apache@example.com>)
Authentication-Results: verifier.port25.com; spf=pass smtp.mailfrom=apache@example.com
Authentication-Results: verifier.port25.com; domainkeys=neutral (message not signed) header.From=noreply@example.com
Authentication-Results: verifier.port25.com; dkim=neutral (message not signed)
Authentication-Results: verifier.port25.com; sender-id=pass header.From=noreply@example.com
Received: by server1.example.com (Postfix, from userid 500)
id 08E073800AA; Tue, 10 Feb 2015 11:28:25 -0800 (PST)
To: check-auth-darius=example.com@verifier.port25.com
Subject: mydomain Test
X-PHP-Originating-Script: 5004:Sendmail.php
From: mydomain Test <noreply@example.com>
Date: Tue, 10 Feb 2015 11:28:24 -0800
Content-Type: multipart/alternative;
boundary="=_af78e87ff18206603cb724d073777150"
MIME-Version: 1.0
Message-Id: <20150210192825.08E073800AA@server1.example.com>
Best Answer
This behavior was expected because you place this configuration in
main.cf
This behavior was expected too because you place this configuration in
main.cf
Explanation
By default, OpenDKIM was combined with postfix through milter. Enabling/Disabling milter application was controlled by
smtpd_milters
andnon_smtpd_milters
parameters. For application who send email through smtpd, the correspondence parameter issmtpd_milters
, for sendmail, the parameter isnon_smtpd_milters
Solution
Replace
non_smtpd_milters =
with