Hi. I have several client web sites on my HMS VPS 76.12.107.139.

Yahoo and AOL are rejecting or delaying email from my clients. I know that this is due to stringent antispam measures going into place.

I have set up SPF records and RDNS for all of my clients.

But email still is blocked or rejected.

I've been researching DKIM as a measure to authenticate email messages from my clients' domains.

Has anybody set up DKIM and, if so, can you offer a brief discussion of your process and results?

I'm very grateful for any input.

Windows 2003 Server
SmarterMail 4

Eric

The process is different depending on the MTA you use (exim, qmail, postfix, sendmail,smartermail). Is this a windows vps, or a linux vps?

I've done this on Linux servers with exim, so if it's a linux server, the general gist of it is relevant. The basic process is:
- recompile exim (or mta) to support domainkeys
- install libdomainkeys
- run dknewkey to generate the private key/public key pair:
mkdir -p /etc/exim/dkim
dknewkey /etc/exim/dkim/keyname
- record TXT record generated by running above command
- Insert TXT record into dns
- modify exim to use the domain key, by adding the following under remote_smtp:
dk_private_key = /etc/exim/dkim/keyname
dk_selector = hostname
dk_domain = domainname
- test. You should see something like the following on any mail sent from your server:
DomainKey-Status: good


Without a little more detail it's hard to really give concrete examples, but the general methodology (setup MTA to support domainkeys, create private key/public key pair, insert public key into TXT record) is still the same.

I should have offered more detail.

I use Windows 2003, SmarterMail 4.

>>> the general methodology (setup MTA to support domainkeys, create private key/public key pair, insert public key into TXT record) is still the same.

This is very helpful. Thanks very much.

Eric

Its not very straight forward. Just call HMS support and have them do it for you. Just to be forewarned DKIM is a memory hog. If you are blasting out emails with smartermail. Every email will result in a new DKIM process created to make the key. When you open your process list you will see 20+ of these processes opening and closing. The result is an extra 300 Megs of ram being consumed. If you aren't on a 1 Gig or larger VPS you will hit your ceiling and crash your server.

By the way I too had problems getting through to Yahoo with our maillist. Not sure if they helped or not, since yahoo decided to be really strict with anything coming off my IP.

SmarterMail 5 has built-in support for DomainKeys.

If you don't mind paying the license fees, and the minor learning curve with the new interface then it's definitely worth considering.

DKIM is not free software if used commercially, so why not just upgrade your pre-existing software rather than rely on a third party who may not be around when you really need their support?

Yeah SmarterMail 5 makes it easier for domainkeys...sometimes the 3rd party software was a pain..to put it politely... to get working right...sometimes took a fwe attampts to get it working right...but anyways here is a good forum I suggest reading when you have issues to Yahoo!

http://www.smartertools.com/forums/p/13531/30555.aspx#30555

I'm in the car right now (ugh...who has weddings in Kentucky when they live in Maryland!) and I won't be back in until Tuesday. I can check out your logs and help evaluate why you may be having problems and help give recommendations on what to do to solve them. If you don't want to wait until then you can create me a login/password and PM it to me and I can login and read the logs.

-Ray

Dear Nathan and Ray,

I got DKIM to work with SmarterMail 4. It took some tinkering, and a little patience, but I got it to work. I read the documentation carefully -- it is well written though a little unorganized.

I had to asked HMS support to add the generated RSA key to the DNS record for my client. Now the test DKIM email comes back with a report that it passes authentication.

Thanks very much for your help. You gentlemen have an excellent weekend.

Eric

DomainKeys won't fix the problems with delivery to AOL, and it will help with Yahoo but not solve it. For Yahoo! you will have to change your delivery times to somthing like

15, 15, 15, 15, 15, 15, 15, 15, 30, 30, 30, 30, 30, 30, 30, 30, 60, 60, 60, 60, 120, 120, 120

Which will continue to reattempt delivery for 16 hours. Unless the bounces say on the lines of 'the IP x.x.x.x has been blocked' then they are 'deprioritizing' your IP address. This means they believe there server's are too busy to accept mail from your server at that time, but want you to continue retrying and when they are less busy they will accept the message.

For AOL I would have to look at the logs, but it is usually a problem where clients have forwarders setup to send to user@aol.com. I could verify this through the logs by seeing how much mail you are actually sending to the AOL domain.

Let me know if you need any further assistance.

-Ray

Ray, thanks for this. Yep, I set my SMTP delivery times to the more aggressive:

15, 15, 15, 15, 15, 15, 15, 15, 30, 30, 30, 30, 30, 30, 30, 30, 60, 60, 60, 60, 120, 120, 120

And that did seem to ameliorate some of my clients' troubles.

I might indeed upgrade to SmarterMail 5. I'm going to think about this over the weekend, and do some research.

Thanks again.

Eric

Try the demo out. It has some really nice features

http://www.smartertools.com/Products/SmarterMail/Demo.aspx

I forget how much the upgrade license costs but its a lot cheaper then buying a new license. You will have to find out by logging into smartertools.com's interface. If you goto smartertools.com click purchase then click 'upgrade' it should ask you to login. In there I 'think' it should show the upgrade price.

Let me know if you continue experiencing problems with delivery to AOL / Yahoo (especially AOL because there is usually a problem when AOL blocks you...Yahoo doesn't really have a rhyme or reason at times...)

-Ray