Questions tagged [dkim]
DomainKeys Identified Mail is a scheme for signing and verifying email messages to confirm that that the source hasn't been forged, and is typically implemented by MTAs. The source MTA adds a header to the message body containing a signature, and the destination MTA verifies this signature against a key retrieved from DNS.
616
questions
0
votes
1
answer
22
views
How OpenDKIM decides which emails to sign?
In OpenDKIM, what domain does it consider to use when comparing to internal hosts? Do it consider the domain of Return-Path (i.e. envelope MAIL FROM's domain) or header From or HELO's domain.
- 21
0
votes
0
answers
26
views
What is behaviour of opendkim while verifying an email with multiple dkim signatures?
I am trying to implement DKIM verification using Opendkim and postfix. The doubt I am struck by is what will happen if the email has more than one DKIM signature and one of them fails (as like failed ...
- 21
1
vote
0
answers
71
views
What are typically the headers which I should oversign?
I am trying to setup MTA using Postfix and using opendkim for dkim signing. When I went through opemdkim documentation it have a field which is named 'OversignHeaders' document describes it as: "...
- 21
0
votes
1
answer
68
views
What does "--[no]subdomains" option in opendkim-genkey mean?
Based on the documentation --nosubdomains "Disallows subdomain signing by this key". But didn't we need to create separate DKIM records for subdomains regardless?
Please correct me if I am ...
- 21
-1
votes
1
answer
106
views
Create a pair of keys suitable for DKIM setup using ssh-keygen
Question
What is the right way to create a pair of keys suitable for DKIM setup using ssh-keygen?
Given the corresponding solution with openssl:
# creates a private key
openssl genrsa -out sample.key ...
- 117
1
vote
1
answer
66
views
DKIM aligned but not authenticated for mailboxes moved to Exchange Online in a hybrid configuration
For mailboxes migrated to our tenant, they have this in the received message header of external recipients after migration:
arc=fail (body hash mismatch);
SPF/DKIM/DMARC all pass using the records ...
- 21
0
votes
2
answers
69
views
Should we add SPF records of popular email providers?
DMARC is reporting that a small fraction of our emails originate from google, microsoft, and some other providers.
DMARC is also reporting that a good chunk of those emails fail both SPF and DKIM, and ...
- 99
0
votes
0
answers
57
views
DMARC and Postfix delivery reports
I successfully set up DMARC, DKIM and SPF for my mailserver's domain, but delivery reports created by Postfix fail the DKIM/SPF tests.
The headers of regular messages (sent via my mailserver) look ...
- 257
0
votes
1
answer
112
views
DKIM signing – duplicate header signing in DKIM-Signature
My e-mail messages are DKIM signed but I noticed that the DKIM-Signature header contains duplicated header indicators like:
h=from:from:subject:subject:date:date:message-id:message-id:to:to: […]
and ...
- 101
0
votes
2
answers
74
views
A Non-MX mail server + Google Workspace, is this viable?
I have a domain (example.com) configured for sending and receiving mail using Google Workspace. I need to launch additionally a separate (own) mail server. Switching completely to the new server is ...
- 2,195
0
votes
1
answer
140
views
Should HELO, MAILFROM and From use the same domain?
I configured a mail server a couple of times before and I believe back then I thought
that the answer is "yes."
But I'm about to configure another one, and it seems that I was wrong. Let's ...
- 2,195
1
vote
0
answers
185
views
DKIM Signature Body Hash Verified to Office 365
I am checking the email header in https://mxtoolbox.com and getting the error DKIM Signature Body Hash Verified. Problem only occurs when sending emails to other Office 365 accounts. The same email ...
- 299
2
votes
1
answer
110
views
How to make postfix sign non-delivery notifications with DKIM?
I have set up my "postfix" server to sign outgoing messages with DKIM and verified that it works correctly for SMTP users using authentication. However, "non-delivery notifications"...
- 23
0
votes
0
answers
35
views
Getting Spoofed - DMARC , DKIM and SPF are properly setup (AFIK)
I have been testing my DMARC policy for some weeks and I ran into this issue. Background:
SPF - setup and working
DKIM - set up and working (AFIK)
DMARC - set up and working - looking for alignments ...
- 1
0
votes
2
answers
109
views
What is the behavior of a DNS resolver if one authoritative name server does not have particular record but another one does
Say I have sent a query for TXT record for m1._domainkey.amazon.com
nslookup -q=txt m1._domainkey.amazon.com
Say the authoritative nameservers for amazon.com are
amazon.com nameserver = ns1.amzndns....
- 19
0
votes
0
answers
105
views
Config Wizard error in Rspamd on dkim step in Debian Bullseye
Using fresh Debian 11.7 installation I’m trying to setup RSpamd using configwizard, but in the last step of building the private key I got the following error:
Do you want to create privkey /var/lib/...
- 101
1
vote
1
answer
100
views
Exim false negative on DKIM verification
My mailserver using exim4 has an ACL to check DKIM signatures. It accepts everything but it logs failures and writes a header with the results.
I'm sending mail from another server which I believe is ...
- 3,039
0
votes
1
answer
888
views
How to correctly split a DKIM txt dns entry?
many questions here on spliting DKIM txt records, but my dns provider only allows 255 chars for each key. no fancy way to enter multiple values like the other platforms mentioned all the other ...
- 52
0
votes
1
answer
219
views
EXIM4: Signing Emails with DKIM
I really am banging my head against the wall with this one. I have tried for serveral days to get dkim signing to work on outbound emails from a server running on Debian 12, exim4 version 4.96, but to ...
- 3
1
vote
3
answers
70
views
What is the difference between a query for a TXT record and a query for a TXT record against a particular name server?
For the purpose of implementing an email server, I want to be able to look up a domain's DKIM record.
What is the difference between these two sets of DNS queries? Which should I choose to implement ...
- 19
0
votes
1
answer
229
views
Do spaces in DKIM records matter?
I'm trying to get BIND show my DKIM exactly like it was generated but it seems like the " sign is messing up the results for dig.
If I don't insert the public key within "" then dig ...
- 33
0
votes
1
answer
503
views
Postfix - can't send emails to gmail addresses via terminal
I have the following errors when trying to send emails to gmail addresses via my terminal:
sudo tail /var/log/mail.log
Jul 19 13:19:44 ubuntu-4gb-fsn1-1 postfix/cleanup[5780]: B4B8C5F4A3: message-id=&...
- 101
0
votes
1
answer
45
views
OpenDkim - PHPMailer - Failure OpenDkim
my dkim configuration was working just fine. Im working with an email marketing app, pretty simple, normally i used to send the campaign with a Sender ID that is my domain company, and for the From ...
0
votes
1
answer
59
views
Mail server running on a subdomain - how could email acceptance by other servers be influenced by dns records for different ips?
I started to run a self-hosted mail server which I want to be reachable via a subdomain only. I have an A record for mail.sub.domain.tld and an MX record for sub.domain.tld /edit: which points to mail....
- 23
0
votes
1
answer
218
views
DKIM Postfix message not signed for outgoing mail
I've been working on setting up SPF, DKIM, and DMARC for the past couple weeks.
All is now successfully working, except that I cannot get my outgoing mail to be DKIM signed.
Debian 11 is the OS, ...
- 101
0
votes
2
answers
818
views
How to setup DMARC for both AWS SES and Office 365
I'm trying to get DMARC working for the emails I send via Office 365 as well as Amazon SES. It's working for Office 365 because I setup the SPF and DKIM records in my DNS but it's failing for the ...
- 153
0
votes
0
answers
118
views
Error Configuring DKIM on Bind BIND 9.9.4-RedHat-9.9.4-61.el7_5.1 (Extended Support Version)
I'm trying to configure a DKIM record on my DNS Server running BIND 9.9.4-RedHat-9.9.4-61.el7_5.1 (Extended Support Version), but I'm getting the following error:
10:36:40 ns1 named[14663]: db.domain....
1
vote
2
answers
1k
views
Why does DMARC fail for forwarded emails from this particular domain when it passes for all other domains?
I run a virtual mail server that forwards emails to my domain to a Gmail address, and I use PostSRSd to rewrite the addresses. For example, if someone sends an email to [email protected], my mail ...
- 343
0
votes
1
answer
225
views
DKIM on GoDaddy shared hosting [closed]
I'd like to setup a DKIM record on GoDaddy shared hosting with cPanel (I don't want to move the DNS server). Normally cPanel makes creating DKIM records trivial, but in cPanel on GoDaddy shared plan ...
- 11
-4
votes
1
answer
185
views
OVH DKIM Record Not Found
I set up a DKIM Record on my OVH VPS recently.
The ultimate record generated is as follows (public key overwritten):
v=DKIM1;g=*;h=sha256;k=rsa;s=email;p=...
- 101
0
votes
0
answers
54
views
Sendmail Partial Delivery On Some Emails
I have three mail users. Each successfully send and receive mail.
There is a single repeated problem email, a Web Form Notification sent from an Amazon server which is sent to all three mail users. ...
- 179
0
votes
1
answer
866
views
DKIM fails when users forward Hotmail to Gmail
I use AWS SES for sending mail and CloudFlare for DNS. I set up DKIM following this tutorial. It works well.
When a user provides a hotmail.com address and forwards it to Gmail, I receive an email ...
- 249
0
votes
1
answer
73
views
DKIM and how it relates to DMARC reports
I've been tasked with setting up DKIM, SPF and DMARC for a business. I come from more of a development background, so as a result, I've been a bit confused on how to interpret the DMARC reports I'm ...
- 101
0
votes
1
answer
364
views
opendkim-testkey: key not secure (file permissions are good and TrustAnchorFile config setting is set)
If I run sudo opendkim-testkey -d mydomain.com -s selector -vvv, I get
opendkim-testkey: using default configfile /etc/opendkim.conf
opendkim-testkey: checking key 'selector._domainkey.mydomain.com'
...
-1
votes
1
answer
252
views
DNS Records - CNAME
Quite newbie, so sorry any unconnected data. I am creating a DKIM and SPF records to emulate DMARC as a workaround. An external vendor of us, want to send emails under our domain using a subdomain.
I ...
- 105
0
votes
0
answers
95
views
Configurating DKIM and SPF, key not secured
On a Ubuntu 20.04 VPS, installing opendkim via
sudo apt install opendkim opendkim-tools proceeds as expected, following the steps provided here.
However, upon testing, while e-mails get sent in ...
- 217
0
votes
0
answers
283
views
postfix configuration to prevent bounces when relaying to 3rd party (e.g. src -> my@work -> my@gmail)
i have an active mail relay that is using aliases as a main tool,
at some point we started to get bounces for some emails.
Source: somerandomsenderdomain.com
Destination: myemaildomain.com
...
0
votes
3
answers
136
views
How to generate separate autoreply warning from postfix to senders not using DKIM?
Antispam/phish efforts with DKIM and SPF are weak if they're not widely enforced. I can't turn on strict no-DKIM rejection or emails will be lost, but there should be some penalty for domains not in ...
- 230
0
votes
0
answers
763
views
DKIM and sending email on behalf of many domains - explain it to me like I'm a dummy
We run a server that provides a service for a few hundred customers, and there's a feature that allows them to generate some automated emails which go out to various colleagues and external partners. ...
1
vote
1
answer
312
views
How do i receive DMARC reports with external domains that i have no permission to control
I want to receive reports with gmail or outlook or anything else that i have no permission to add (mydomain.com)._report._dmarc.(gmail|outlook).com as a record. What i can do?
Example just like:
v=...
- 33
0
votes
1
answer
496
views
DKIM E-Mail verification - prevent receivers from accepting unsigned emails?
I have set up SPF, DKIM and DMARC in my domain (to the best that I can figure out), but I still can send spoofed emails - without a DKIM signature - and they are accepted (at least when I test with ...
- 2,760
3
votes
2
answers
1k
views
Generate DKIM for Gmail Free Account
I am using Gmail SMTP with wordpress to send mail with my custom domain ([email protected]). Emails are successfully sent but always land in spam folder in every webmail provider (Eg, Gmail, Rediffmail,...
- 169
0
votes
0
answers
808
views
How to correctly configure OpenDKIM with Postfix on Debian 11?
The desired settings are to create a multi domain mail server.
This is my main domain example.com and this is my subdomain: mail.example.com
Taking the rDNS as the following verifications:
hostname -f
...
- 101
1
vote
1
answer
228
views
I setup DMARC p=reject on server but now I can't send via gmail to gmail (using server email From address)
Did I shoot myself in the foot ?
I mainly use gmail to send and receive emails. Support etc. My default 'send email as' profile is not the gmail address itself but an address on my server (also the ...
- 113
2
votes
0
answers
635
views
Set SPF to send email using Gmail
(Disclaimer: I totally suck at being a sysadmin)
I am sending email for a domain using Gmail. The domain is partyboatcharters.com.au (I hope I am allowed to put domains here). Gmail is configured to ...
- 797
0
votes
2
answers
104
views
Should e-mails signed with another domain's DKIM key be treated as spam?
Every now and then I browse my spam folder (for science!). Recently (after adding DKIM Verifier plugin to my MUA) I noticed that some e-mails have valid DKIM signature, but the Verifier points out ...
- 198
1
vote
2
answers
241
views
Should we enhance DMARC to allow aligned DKIM enforcement?
Currently, DMARC only requires aligned DKIM or SPF.
However spoofing SPF is relatively simple for an experienced hacker:
You should only control a single IP address in the often large SPF range of e-...
- 111
1
vote
2
answers
177
views
I don't understand DMARC reports regarding my policy
My DMARC settings seems to not work as expected.
First, a few things to note:
The domain is mydomain.com (not the real one obviously) ;
The domain and mail provider is gandi.net ;
I use Amazon SES to ...
- 115
1
vote
3
answers
479
views
How destination mail server can know the DKIM selector
It is possible to set a "subdomain" in DKIM DNS record name.
This "subdomain" is called a selector. It allows to have multiple DKIM keys for the same domain.
There is something I ...
- 339
0
votes
1
answer
469
views
Email goes to spam even with valid SPF, DKIM and DMARC records, dynamic rDNS on AWS instance
I have an instance on AWS and fighting with sending emails through cPanel.
All records are OK (checked on MX toolbox): SPF, DKIM, DMARC at the cPanel level and the WHM level (hostname). Even rDNS is ...
- 101