Jump to content
Froxlor Forum

Question

Posted

OK: I have enabled DKIM support for my Mailserver and froxlor is generating keys for each domain where I enabled it under the mail-settings

OK: using the entry in the DNS record I can manually check (e.g. with https://www.dmarcanalyzer.com/) with the given identifier and the DKIM entry is read as valid

NOK: https://www.dmarcanalyzer.com/ f.e. reports, that: Using an underscore in the DKIM selector is not supported. Some providers might suggest this, however it can lead to problems when receivers don't support this.

NOK: I do not see the DKIM key record inside the email message and check tools (e.g. https://www.mail-tester.com/) say: DKIM is not provided.

 

I am not using the froxlor DNS, enabled it only to verify my DNS records I put into netcup -> maybe there's the problem?

 

Any ideas what I am doing wrong?

 

Thank you all

10 answers to this question

Recommended Posts

  • 1
Posted
Just now, Tom Spielvogel said:

I understand I have to use dkim-filter as this is the only supported

No you don't have to. At this time, there are sadly no configuration templates for any dkim service. But with the given setting-opportunities, it should be fairly easy to get this running with opendkim or even rspamd, see the original issue from the underscore in selectors, there are some hints: https://github.com/Froxlor/Froxlor/issues/619

  • 0
Posted
6 minutes ago, Tom Spielvogel said:

Using an underscore in the DKIM selector is not supported. Some providers might suggest this, however it can lead to problems when receivers don't support this.

regarding this, are you using the latest release of froxlor? if i remember correctly, this has been fixed ages ago

EDIT: fixed almost a year ago, see https://github.com/Froxlor/Froxlor/commit/1eed3d1166ef8d00b75e199f301cf93e4cb79953

  • 0
Posted

I am genuinely impressed on how fast you always respond.

I understand I have to use dkim-filter as this is the only supported. I was under the impression it would be automatically enabled. I will check.

  • 0
Posted

and yes, I am using an older version, but since it was a nightmare to update last time (maybe you remember you had to fix stuff on my live server - btw. your user is still there) I was hesitant. 😔

  • 0
Posted
1 minute ago, Tom Spielvogel said:

and yes, I am using an older version, but since it was a nightmare to update last time (maybe you remember you had to fix stuff on my live server - btw. your user is still there) I was hesitant. 😔

usually, an update does not have much of an impact (especially updating minor versions)

  • 0
Posted

I know...it's really old, sorry, as very few people use the Nameserver feature there is also not much work going into dkim (as it kinda depends on generating dns-entries). There are ideas to improve that and separate this from the Nameserver but it'll take time - as always

  • 0
Posted

Ok, so I have tried using opendkim executing everything from this example https://github.com/Froxlor/Froxlor/issues/619

I have added the DKIM config in the /etc/postfix/master.cf

However upon sending a mail I get an error from postfix saying it cannot execute /usr/sbin/postconf! --> is there a more detailed error description somewhere than in /var/log/mail.err?

I use the key-files generated by froxlor (not manually re-generating them with opendkim) - would this be an issue?

 

BTW: I have updated froxlor to the latest version in the meantime 🙂 - no issues this time (except maybe having to update PHP to a version my distribution didn't support ootb)

  • 0
Posted

ok. resolved. master.cf is really not the place to put the configuration. It has to go in main.cf

also, i added all domains that are configured as email-domains in froxlor to the TrustedHosts file, which I assume should be the case

Now it works.

Thanks for the hints and your help - as always!

Stay stafe

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now


×
×
  • Create New...