OK: I have enabled DKIM support for my Mailserver and froxlor is generating keys for each domain where I enabled it under the mail-settings

OK: using the entry in the DNS record I can manually check (e.g. with https://www.dmarcanalyzer.com/) with the given identifier and the DKIM entry is read as valid

NOK: https://www.dmarcanalyzer.com/ f.e. reports, that: Using an underscore in the DKIM selector is not supported. Some providers might suggest this, however it can lead to problems when receivers don't support this.

NOK: I do not see the DKIM key record inside the email message and check tools (e.g. https://www.mail-tester.com/) say: DKIM is not provided.

 

I am not using the froxlor DNS, enabled it only to verify my DNS records I put into netcup -> maybe there's the problem?

 

Any ideas what I am doing wrong?

 

Thank you all

so which service are you using that signes the emails? this does not happen automatically by enabling dkim in froxlor

6 minutes ago, Tom Spielvogel said:

Using an underscore in the DKIM selector is not supported. Some providers might suggest this, however it can lead to problems when receivers don't support this.

regarding this, are you using the latest release of froxlor? if i remember correctly, this has been fixed ages ago

EDIT: fixed almost a year ago, see https://github.com/Froxlor/Froxlor/commit/1eed3d1166ef8d00b75e199f301cf93e4cb79953

I am genuinely impressed on how fast you always respond.

I understand I have to use dkim-filter as this is the only supported. I was under the impression it would be automatically enabled. I will check.

and yes, I am using an older version, but since it was a nightmare to update last time (maybe you remember you had to fix stuff on my live server - btw. your user is still there) I was hesitant. 😔

Just now, Tom Spielvogel said:

I understand I have to use dkim-filter as this is the only supported

No you don't have to. At this time, there are sadly no configuration templates for any dkim service. But with the given setting-opportunities, it should be fairly easy to get this running with opendkim or even rspamd, see the original issue from the underscore in selectors, there are some hints: https://github.com/Froxlor/Froxlor/issues/619

1 minute ago, Tom Spielvogel said:

and yes, I am using an older version, but since it was a nightmare to update last time (maybe you remember you had to fix stuff on my live server - btw. your user is still there) I was hesitant. 😔

usually, an update does not have much of an impact (especially updating minor versions)

ok i was referring to this

I know...it's really old, sorry, as very few people use the Nameserver feature there is also not much work going into dkim (as it kinda depends on generating dns-entries). There are ideas to improve that and separate this from the Nameserver but it'll take time - as always

Ok, so I have tried using opendkim executing everything from this example https://github.com/Froxlor/Froxlor/issues/619

I have added the DKIM config in the /etc/postfix/master.cf

However upon sending a mail I get an error from postfix saying it cannot execute /usr/sbin/postconf! --> is there a more detailed error description somewhere than in /var/log/mail.err?

I use the key-files generated by froxlor (not manually re-generating them with opendkim) - would this be an issue?

 

BTW: I have updated froxlor to the latest version in the meantime 🙂 - no issues this time (except maybe having to update PHP to a version my distribution didn't support ootb)

ok. resolved. master.cf is really not the place to put the configuration. It has to go in main.cf

also, i added all domains that are configured as email-domains in froxlor to the TrustedHosts file, which I assume should be the case

Now it works.

Thanks for the hints and your help - as always!

Stay stafe