Jump to content
Froxlor Forum
  • 0

DKIM record for Domains


Tom Spielvogel

Question

OK: I have enabled DKIM support for my Mailserver and froxlor is generating keys for each domain where I enabled it under the mail-settings

OK: using the entry in the DNS record I can manually check (e.g. with https://www.dmarcanalyzer.com/) with the given identifier and the DKIM entry is read as valid

NOK: https://www.dmarcanalyzer.com/ f.e. reports, that: Using an underscore in the DKIM selector is not supported. Some providers might suggest this, however it can lead to problems when receivers don't support this.

NOK: I do not see the DKIM key record inside the email message and check tools (e.g. https://www.mail-tester.com/) say: DKIM is not provided.

 

I am not using the froxlor DNS, enabled it only to verify my DNS records I put into netcup -> maybe there's the problem?

 

Any ideas what I am doing wrong?

 

Thank you all

Link to comment
Share on other sites

10 answers to this question

Recommended Posts

  • 1
Just now, Tom Spielvogel said:

I understand I have to use dkim-filter as this is the only supported

No you don't have to. At this time, there are sadly no configuration templates for any dkim service. But with the given setting-opportunities, it should be fairly easy to get this running with opendkim or even rspamd, see the original issue from the underscore in selectors, there are some hints: https://github.com/Froxlor/Froxlor/issues/619

Link to comment
Share on other sites

  • 0
6 minutes ago, Tom Spielvogel said:

Using an underscore in the DKIM selector is not supported. Some providers might suggest this, however it can lead to problems when receivers don't support this.

regarding this, are you using the latest release of froxlor? if i remember correctly, this has been fixed ages ago

EDIT: fixed almost a year ago, see https://github.com/Froxlor/Froxlor/commit/1eed3d1166ef8d00b75e199f301cf93e4cb79953

Link to comment
Share on other sites

  • 0
1 minute ago, Tom Spielvogel said:

and yes, I am using an older version, but since it was a nightmare to update last time (maybe you remember you had to fix stuff on my live server - btw. your user is still there) I was hesitant. 😔

usually, an update does not have much of an impact (especially updating minor versions)

Link to comment
Share on other sites

  • 0

I know...it's really old, sorry, as very few people use the Nameserver feature there is also not much work going into dkim (as it kinda depends on generating dns-entries). There are ideas to improve that and separate this from the Nameserver but it'll take time - as always

Link to comment
Share on other sites

  • 0

Ok, so I have tried using opendkim executing everything from this example https://github.com/Froxlor/Froxlor/issues/619

I have added the DKIM config in the /etc/postfix/master.cf

However upon sending a mail I get an error from postfix saying it cannot execute /usr/sbin/postconf! --> is there a more detailed error description somewhere than in /var/log/mail.err?

I use the key-files generated by froxlor (not manually re-generating them with opendkim) - would this be an issue?

 

BTW: I have updated froxlor to the latest version in the meantime 🙂 - no issues this time (except maybe having to update PHP to a version my distribution didn't support ootb)

Link to comment
Share on other sites

  • 0

ok. resolved. master.cf is really not the place to put the configuration. It has to go in main.cf

also, i added all domains that are configured as email-domains in froxlor to the TrustedHosts file, which I assume should be the case

Now it works.

Thanks for the hints and your help - as always!

Stay stafe

Link to comment
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now


×
×
  • Create New...