How to generate a BATV Key/DKIM signing for use in Outgoing?

Problems/questions regarding the MailCleaner configuration

Moderators: FlorianB, Pascal, bourgeois, mentor

viniciusferrao
Posts: 24
Joined: Tue Jun 24, 2014 6:08 pm
How did you hear about Mailcleaner: Serverfault

How to generate a BATV Key/DKIM signing for use in Outgoing?

Postby viniciusferrao » Thu Jun 26, 2014 4:14 am

Hello guys,

I would like to setup BATV and DKIM, but I'm not sure how to do that using MailCleaner.

I'm aware that I should route all my traffic to the MailCleaner server to allow MailCleaner to modify the messages adding the BATV info and DKIM signatures.

The question starts here: how to generate a BATV Key to put in the Configuration -> Domain -> Outgoing Relay and what I should select in DKIM Signing? It's clear to me to choose "This Domain", but I don't know what to put in Selector and Private Key fields. Another question is: should I use an existing private key from SSL certificates used in SMTP/Submission?

Don't know if it's important but I'm running Exchange 2013 in the final destination with send and receive connectors pointed only to the MailCleaner server. So all sent or received from the Exchange server must pass through the MailCleaner server.

Thanks in advance,
del
Posts: 497
Joined: Mon Mar 11, 2013 7:42 am
How did you hear about Mailcleaner: google
Location: Germany

Re: How to generate a BATV Key/DKIM signing for use in Outgo

Postby del » Thu Jun 26, 2014 7:47 am

Do NOT use your SSL key!
You should read some sites explaining BATV and DKIM:
http://en.wikipedia.org/wiki/DomainKeys_Identified_Mail
http://www.dkim.org/info/dkim-faq.html
http://en.wikipedia.org/wiki/Bounce_Add ... Validation

Either you let MailCleaner generate the DKIM key for you or you use openssl:
https://my.spamexperts.com/kb/33/Genera ... icate.html
viniciusferrao
Posts: 24
Joined: Tue Jun 24, 2014 6:08 pm
How did you hear about Mailcleaner: Serverfault

Re: How to generate a BATV Key/DKIM signing for use in Outgo

Postby viniciusferrao » Thu Jun 26, 2014 7:53 am

del wrote:Do NOT use your SSL key!
You should read some sites explaining BATV and DKIM:
http://en.wikipedia.org/wiki/DomainKeys_Identified_Mail
http://www.dkim.org/info/dkim-faq.html
http://en.wikipedia.org/wiki/Bounce_Add ... Validation

Either you let MailCleaner generate the DKIM key for you or you use openssl:
https://my.spamexperts.com/kb/33/Genera ... icate.html


Thank you del.

I've already read some of those links, the last one was really useful, I will try to setup DKIM right now. But one thing isn't clear for me: how do I generate the BATV Key. It appears to be simple but I'm missing the point.
del
Posts: 497
Joined: Mon Mar 11, 2013 7:42 am
How did you hear about Mailcleaner: google
Location: Germany

Re: How to generate a BATV Key/DKIM signing for use in Outgo

Postby del » Thu Jun 26, 2014 8:03 am

BATV does not use any key pairs, so a simple string is enough.
You can for example use openssl to generate a 'random' string:

Code: Select all

openssl rand -base64 64
viniciusferrao
Posts: 24
Joined: Tue Jun 24, 2014 6:08 pm
How did you hear about Mailcleaner: Serverfault

Re: How to generate a BATV Key/DKIM signing for use in Outgo

Postby viniciusferrao » Thu Jun 26, 2014 8:07 am

del wrote:BATV does not use any key pairs, so a simple string is enough.
You can for example use openssl to generate a 'random' string:

Code: Select all

openssl rand -base64 64


That's what I mean :)

It's just a simple base64 string with 64 characters long?
del
Posts: 497
Joined: Mon Mar 11, 2013 7:42 am
How did you hear about Mailcleaner: google
Location: Germany

Re: How to generate a BATV Key/DKIM signing for use in Outgo

Postby del » Thu Jun 26, 2014 8:11 am

64 byte ;)
https://www.openssl.org/docs/apps/rand.html

//EDIT: But you can use any length. BATV works with a single char key too but I do not recommend that ;)
viniciusferrao
Posts: 24
Joined: Tue Jun 24, 2014 6:08 pm
How did you hear about Mailcleaner: Serverfault

Re: How to generate a BATV Key/DKIM signing for use in Outgo

Postby viniciusferrao » Thu Jun 26, 2014 8:18 am

del wrote:64 byte ;)
https://www.openssl.org/docs/apps/rand.html

//EDIT: But you can use any length. BATV works with a single char key too but I do not recommend that ;)


Hmmm now it's clear for me! Thank you very much del.

I've already another problem, BATV appears to broke my LDAP callout for address verification, I was afraid of this... During earlier research today of BATV I've came across this thread: viewtopic.php?f=14&t=1836 and saw a potential problem.

Then things happened as expected:
Jun 26 04:08:32 ironforge postfix/smtp[11962]: 5BE5B5FBA2: to=<prvs=02542e2386=myemail@example.com>, relay=mailcleaner.example.com[192.168.0.14]:25, delay=0.21, delays=0/0/0.01/0.2, dsn=5.0.0, status=bounced (host mailcleaner.example[192.168.0.14] said: 550 User unknown (in reply to RCPT TO command))
del
Posts: 497
Joined: Mon Mar 11, 2013 7:42 am
How did you hear about Mailcleaner: google
Location: Germany

Re: How to generate a BATV Key/DKIM signing for use in Outgo

Postby del » Thu Jun 26, 2014 8:30 am

Hm...
I have no idea how to fix that, sorry
viniciusferrao
Posts: 24
Joined: Tue Jun 24, 2014 6:08 pm
How did you hear about Mailcleaner: Serverfault

Re: How to generate a BATV Key/DKIM signing for use in Outgo

Postby viniciusferrao » Thu Jun 26, 2014 8:33 am

del wrote:Hm...
I have no idea how to fix that, sorry


No problem. I think this can be a BUG, since it was easily replicated from the reference thread I've posted here. Perhaps this is a question to @olivier.
viniciusferrao
Posts: 24
Joined: Tue Jun 24, 2014 6:08 pm
How did you hear about Mailcleaner: Serverfault

Re: How to generate a BATV Key/DKIM signing for use in Outgo

Postby viniciusferrao » Sat Jun 28, 2014 7:36 am

Del, thanks one more time.

I was able to setup BATV and DKIM. Only missing DMARC now. And I've posted a message on Bugs subforum to describe the LDAP BUG with BATV.
cglmicro
Posts: 252
Joined: Thu Mar 07, 2013 2:12 am
How did you hear about Mailcleaner: google

Re: How to generate a BATV Key/DKIM signing for use in Outgoing?

Postby cglmicro » Fri Mar 31, 2017 6:12 pm

Sorry to wake up this old thread, but I'm having some issue configuring DKIM with my Mailcleaner for outbound.

In my MailCleaner I have set it :
jdb_2017-03-31_1303.png
jdb_2017-03-31_1303.png (37.04 KiB) Viewed 1141 times


And in my CPANEL > DNS I've added:
jdb_2017-03-31_1307.png
jdb_2017-03-31_1307.png (6.79 KiB) Viewed 1141 times


But in my MailCleaner tracing it shows INVALID PUBLIC KEY RECORD:

Code: Select all

Incoming MTA stage:    2017-03-31 11:10:16 1ctyBs-0002ul-I6 DKIM: d=jeudebourse.com s=default c=relaxed/relaxed a=rsa-sha256 [invalid - public key record (currently?) unavailable]
...
2017-03-31 11:10:18 1ctyBs-0002ul-I6 Completed


Why ?
cglmicro
Posts: 252
Joined: Thu Mar 07, 2013 2:12 am
How did you hear about Mailcleaner: google

Re: How to generate a BATV Key/DKIM signing for use in Outgoing?

Postby cglmicro » Thu Apr 06, 2017 1:04 am

My problem is solved: I remove DKIM signing from MC and I added it in the webmail server that relay through MC. Thanks anyway.
Matter
Posts: 1
Joined: Fri Apr 07, 2017 8:40 am
How did you hear about Mailcleaner: Google

Re: How to generate a BATV Key/DKIM signing for use in Outgoing?

Postby Matter » Tue Apr 18, 2017 8:38 am

cglmicro wrote:Sorry to wake up this old thread, but I'm having some issue configuring DKIM with my Mailcleaner for outbound.


I'm glad you did, cglmicro, and I'm glad I stumbled upon this threat because I may very well be having the same issue. Fingers crossed.

Return to “Configuration”

Who is online

Users browsing this forum: No registered users and 1 guest