Category: Internet

Helpful postfix Hints

On the servers I manage I use the postfix MTA (mail transfer agent). I occasionally find things about it that are not documented. I am adding this post to track those things so I can find them when need them. I hope some others can benefit from my notes.


DKIM

After setting up CWP (Control Web Panel) I found that users could not send email. It was being rejected due to a duplicate DKIM header. Literally the same, exact DKIM header appearing twice in the headers. CWP uses postfix with opendkim. Postfix was calling opendkim twice, both before and after the Amavis anti-virus scan. The fix was a modification to master.cf to skip the milters call (where opendkim lives) after the Amavis call.

127.0.0.1:10025 inet n - y - - smtpd
-o smtpd_milters=

Add the -o smtpd_milters= entry in the 127.0.0.1:10025 inet n - y - - smtpd block of the master.cf configuration file and the duplicate DKIM headers go away.

I found this solution via this StackExchange post: https://serverfault.com/questions/475416/is-there-a-reason-why-dkim-signs-every-mail-twice


Beware iDNS (and others)

Everything on the Internet has a numeric address, much like your phone number. The system that converts names (like pk1048.com) to numbers is called DNS or the Domain Name System and it is much like your phone’s address book. In order to use a name on the Internet you need to register that name.

In the early days of the Internet there was only one name registrar, Network Solutions, and all names cost $35/year. Today there are many, many name registrars, of which Network Solutions is still one; others include GoDaddy and the one I use DynaDot. They all provide essentially the same service. They are all free to charge whatever they like. Prices seem to average about $8 to $10 / year per name. You need to renew your registration every so often and you can pre-pay for multiple years at a time.

This is where iDNS comes in. Since the records of who has registered what names and when the registrations expire are all public, anyone can lookup when one of my Internet names is expiring and who I am. Since I have over 10 names registered, I regularly receive US Mail (spam) from a company named iDNS “reminding” me to renew my domain name. Of course the fine print at the bottom says that by filling out this form I will be transferring and renewing my domain name, at a rate of $45/year. I just toss these in the recycle pile.

Today I had a client I work with tell me that he got a renewal notice in the mail for one of his domain names. That made sense as it is going to expire in about a month. Then he showed it to me. It was from iDNS (his name is registered with Network Solutions) with a rate quote of $45/year. I told him to shred it.

So if you have registered Internet domain names, read any renewal notice you get carefully. iDNS is not the only registrar spending real money sending US Mail to try to get you to switch your names to them, at higher rates than anyone else I have seen.

What Does PK1048 Mean

Geeks love inside jokes. Most (if not all) Unix commands actually have a meaning and are not just an assortment of random letters. So why did I choose PK1048 for my domain and blog? Well, back in the earlier days of the Internet (I do not claim to have been around for the real early days of the Internet in the 1960’s and 1970’s) you needed a way to manage domain names. These are the names we use to refer to things on the Internet, like coke.com, since all the Internet knows is the numeric address of the systems. The Domain Name System (DNS) maps names to numbers (and other useful information) as well as numbers to names. In the mid-1990’s there was one entity tasked with managing all the domains for the .com and .org Top Level Domains (TLDs). That entity was Network Solutions. If you registered a domain you needed to configure and run DNS servers for it. You also had to let Network Solutions know the numeric address(es) for your DNS servers. To manage that information you needed a unique ID at Network Solutions. That ID was called your NIC-handle and my NIC-handle was pk1048 (because I was the 1,048th person to register a NIC-handle with the initials “pk”).

So “pk1048” was my NIC-handle and permitted me to manage domain registration records and DNS server records for a bunch of domains in the late 1990’s. I still manage registrations and DNS servers, but with many registrars and countless TLDs you don’t have a single NIC-handle you authenticate with anymore.