Saturday 13 January 2024

Fiat service - latest information

Fiat service - latest information

Glyn Watkins have offered me a full refund; I'll send them the non-working key.

Fiat say that this resolves the issue.  "Not quite", I told them, "I've wasted a lot of time and effort to get precisely nowhere, and it appears to be a Fiat problem. I'd like compensation."

They offered me a £100 voucher, which I accepted; it'll go towards the new spare key which I'll get from Thames Motor ... I hope. 

When the voucher doesn't arrive , I'll spend more time chasing that.

Monday 8 January 2024

Dkim, Spf and Dmarc

Dkim, Spf and Dmarc

Beginning in February 2024, Gmail and Yahoo will begin implementing new requirements of large senders to combat spam and abuse through email.

1. You have to be sending from a domain that you won (so, not etc).

 2. You have to set up Dkim, Spf and Dmarc

Dkim is  Domainkeys Identified Mail. When you send an ekail, a Dkim record is included. This lets the receiving mailer check that it really did come from your server.

Spf is Sender Policy Framework.

When you send an email message, the receiving system will check to see if there is an SPF record published.

  • If there is a valid SPF record AND your sending IP is on the list, you PASS.
  • If the IP is NOT on the list, you FAIL the SPF check and could either be rejected or placed in the spam folder.

Spf isn't as good as Dkim

Dmarc is Domain-based Message Authentication, reporting and conformance.

It helps domains deal with domain spoofing and phishing attacks by preventing unauthorized use of the domain in the Friendly-From address of email messages.

So, how do you do that? I'm doing it for a linux mail server. I'm not a "large sender", but I'm doing it anyway. First, let's install some software.

yum install -y opendkim
yum install -y opendkim-tools

Then edit the configuration file:

pico  /etc/opendkim.conf

For what to do, see

The key lines to add/modify are:

Mode   sv
KeyTable       /etc/opendkim/KeyTable
SigningTable   refile:/etc/opendkim/SigningTable
ExternalIgnoreList     refile:/etc/opendkim/TrustedHosts
InternalHosts  refile:/etc/opendkim/TrustedHosts

Now create a subdirectory (put your domain name where I put

mkdir /etc/opendkim/keys/

opendkim-genkey -D /etc/opendkim/keys/ -d -s default

chown -R opendkim:opendkim /etc/opendkim

systemctl start opendkim; systemctl enable opendkim

And edit (in /etc/mail) to add

INPUT_MAIL_FILTER(`opendkim', `S=inet:8891@localhost')


systemctl restart sendmail

cd /etc/opendkim/keys/
You'll see a file  default.txt. Gaze on that. Then go to /var/named/db.example


default._domainkey  IN  TXT ( "v=DKIM1; k=rsa; " "p=MIGfMA0.................IDAQAB" )

Restart the DNS server by doing: systemctl restart named

And the dkim can be tested using

domain = selector = default

Next, spf. You need to tell it the range of IP addresses. Add to /var/named/db.example

If you have mailers that don't do rDNS (reverse DNS) then use IN TXT "v=spf1 ip4: ~all"

Finally, Dmarc IN TXT "v=DMARC1; p=none; adkim=r; aspf=r; rua=mailto:email-address-for-reports"

P=none means take no action, just report it to the email address email-address-for-reports

Other options are: quarantine and reject.

So now we have three lines added to example.db

default._domainkey  IN  TXT ( "v=DKIM1; k=rsa; " "p=MIGfMA0.................IDAQAB" ) IN TXT "v=spf1 ip4: ~all" IN TXT "v=DMARC1; p=none; adkim=r; aspf=r; rua=mailto:email-address-for-reports"

Restart the DNS server by doing: systemctl restart named

Test using




Fiat service - more lack of

Fiat service - more lack of

Following the advice of Barry at Glyn Hopkin, on January 5th I took my non-working spare key to another dealer, because as of December 31, Glyn H is no longer a Fiat dealer.

So I went to Thames Motor. Looking at their forecourt, they're a very big Fiat dealer! They took my keys, and after about an hour, they said they couldn't program the key. They said that either the key wasn't working, or it was the wrong sort of key.

So I called Fiat, and told them where we were, and I called Glyn Hopkin and gave them the same information.

Fiat said they'd look into this. Barry wasn't at Glyn, but his helper asked me to put the whole story in writing and send that, which I have.

So now it's been over two months, and all I have is a piece of plastic that, apparently, can't be made into a key.

I don't see how Glyn can help me further, because they are no longer a Fiat dealer. I don't see how Thames can help, they already tried to program the key I got from Glyn.

Let's see what Fiat says, they said they'd reply by 9 January.

A spare key is a small matter; I wonder how these people would deal with something more important? As of now, if a friend asked me whether they should buy a Fiat, I would advise not.