search

ddavness / power-mailinabox

A Mail-in-a-Box with extra capabilities and more customizability. Not just for power users!
Creative Commons Zero v1.0 Universal
168 stars 32 forks source link

can dkim be made optional when using smtp relay? #64

Closed s4069b closed 1 year ago

s4069b commented 2 years ago

I have installed power-mailinabox using amazon ses as an smtp relay (to improve email deliverability).

I don't believe I need the dkim configuration feature in power-mailinabox, but the 'System-SMTP Relay' page requires dkim details. I put some fake dkim details in the dkim configuration details - because I needed to enter something for poewr-mailinabox to create the smtp relay.

Emails send OK. SPF, DMARC and DKIM all pass. But in the details of the email header there are three dkim checks. The first two are consistent with Amazon SES. While the third is fails (s=mail) and I believe it is due to power-mailinabox not having a real dkim set.

If DKIM were optional when using and SMTP relay (eg a check-box) then we could work around this glitch.

ddavness commented 2 years ago

Hi!

DKIM is a way for whoever is receiving the message to make sure that whoever sent it is actually someone that is authorized to do it on your behalf (in your case, Amazon SES).

Amazon SES seems to be signing the emails with DKIM - the problem is that by not publishing their public DKIM key, whoever is receiving cannot be sure that you actually are using Amazon SES to send the emails (for all they know it could be a spammer).

I'm not familiar on how it works, but by reading the documentation, you should be able to setup DKIM on Amazon SES and it should provide you with two things - the public key and the DKIM selector - that's what you need to copy into the relay setup page.

s4069b commented 2 years ago

thanks for taking the time to look at this and to respond.

I read the Amazon SES documentation and attempted to setup as required. Maybe if I try to express the 'issue' differently.

I have power-miab setup for this domain exchange.mydomain.net with amazon ses as an smtp relay. When I email a gmail user from myself@exchange.mydomain.net the recipient sees this included in the header of the received email:

ARC-Authentication-Results: i=1; mx.google.com;
       dkim=pass header.i=@exchange.mydomain.net header.s=mail header.b=e6ArnJJI;
       dkim=pass header.i=@amazonses.com header.s=o6ptibvfbllhpdhtxr7klizy2riobquz header.b=BC9PwMCu;
       dkim=fail header.i=@exchange.mydomain.net header.s=mail header.b=lPShKeKV;
       spf=pass

It is the third dkim check which I cannot stop being added to outgoing emails. The first two are generated by Amazon SES and the third by the power-miab server. I have setup the same 'selector' on the power dkim server and Amazon SES - but that does not remove the third unwanted record. The power miab server keeps adding it with a unique header.b= record that fails.

A new observation I have made is that this third dkim check does not occur for subsequent domains added to my power-miab server.

I have added a second domain/email to my power-miab server - myself@exchange2.mydomain.net and if I email a gmail user from this secondary email/domain the recipient only sees two dkim checks in the email header

     ARC-Authentication-Results: i=1; mx.google.com;
       dkim=pass header.i=@exchange2.mydomain.net header.s=ulflxcj3m4tyvi4dgjw22q3kc6oev6qx header.b=AN2Ur4E6;
       dkim=pass header.i=@amazonses.com header.s=o6ptibvfbllhpdhtxr7klizy2riobquz header.b=TCvtJAHy;
       spf=pass ...

Notice there are only two dkim checks... and no 'fail'.

ddavness commented 2 years ago

Alright, I understand what's the issue now. I'm assuming you're using Amazon SES' Easy DKIM feature.

Amazon SES' Easy DKIM asks you to upload CNAME records instead of TXT records. That way, they can rotate their DKIM keys all they want with no deliverability downtime for you. When I designed the interface I didn't keep in mind that such a thing could happen.

I'll still make the DKIM part mandatory - but I'll refactor the interface to allow CNAME's and support your use case.

Amazon SES has a feature that does work with Power Mail-in-a-Box as is (BYODKIM, more info here: https://docs.aws.amazon.com/ses/latest/dg/send-email-authentication-dkim-bring-your-own.html), but it's a bit technical so I can't expect everyone to go that route.

s4069b commented 2 years ago

Thanks for looking closer. I initially did use Easy DKIM, but when I noticed the third dkim/fail in outgoing messages I setup BYODKIM in Amazon SES and used those values in the SMTP really in power-miab. I thought that would be a work-around. But that did not work either. Power miab seems to want to create its own header=b for outgoing messages on the primary domain. However, with a secondary domain in power-miab I do not see a third dkim.

ddavness commented 2 years ago

Hmmmmm, I'll need to dig deeper on this. So one of the two is happening here:

Could you export a sample mail reproducing this issue in .eml format and send it here? Feel free to redact any private information.

s4069b commented 2 years ago

sure. here's an email from the primary domain with personal details changed

`Delivered-To: user@gmail.com
Received: by 2002:adf:d0c3:0:0:0:0:0 with SMTP id z3csp1380150wrh;
        Sun, 17 Jul 2022 17:46:09 -0700 (PDT)
X-Google-Smtp-Source: AGRyM1uZg4SVhgRt8LS6iBj1vGp1ZOJgE7JXK4acpKXNWlXIB0enxZCDrsiPsUAj5fU75V8xwR1Q
X-Received: by 2002:a05:6a00:244f:b0:528:be6f:3935 with SMTP id d15-20020a056a00244f00b00528be6f3935mr26200629pfj.4.1658105168978;
        Sun, 17 Jul 2022 17:46:08 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; t=1658105168; cv=none;
        d=google.com; s=arc-20160816;
        b=JqkLWqcBgTuatQYHM+ullnKv+cTsKU2cQXRgmVcBCchLoo60FX/6pgXPNVAaWhTL9J
         shSHFve/XYeUFVF/HP+EqHbc342YxwfrKPn3qPWqQJE7MUlidsrp4ulZRIDDFylkxNAi
         zbQ+DGlfEQFKRzhg6t25IjzYyDQ2rDD2tDDeguhMNp4fr6uaiBcSUHEogoBGEaMOe/ZR
         tTa/LVZZE7RgiYuEpNaw0LLS5dwBj2UwALSJlmSCiLspikjZl0S29C5y+v8rmN/BaLST
         93yGgGuStjWJFr6IvXqNn/TywmIa+wEGUThutOpPbFPqx5AfwCkWAvDmqsPB4rKr16ir
         rCUg==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816;
        h=feedback-id:message-id:subject:to:from:date:mime-version
         :dkim-signature:dkim-signature:dkim-signature;
        bh=jGs6Pj5u4w2FFvnN6KBTSJk0eZW25khljpGiDfprIb4=;
        b=mImNoSAHl6BxanwcHudo0vrOUHG+RF3/kY4QWvvJl4jX68NtKCovBut9/Rzv2MIKgT
         dIlTkVthn/B90CI5ZtxaW6w54j46P7qE5BC/XRWLnT0zE/spKoUkOX3v7A4/P3BLZH0D
         ceO6FEF8XH109Vmp6YJXWJUhf3mzet1DgmAdjlN0m7BSDaplzArH4fJTE0iNu0tIV2jM
         cmrhKHhh6gytWaTeFOj+GxOd6ABxYHGgfVqZMQygC5IlfaeOhl03v/ZDAMzkz3FYL/3E
         3TjwvwQQWmYcTJmVn8UzuTlX1t61x8YaF4uSHH2Huv75CIa2VVmp7N9r7v+O3eVIIR2F
         Y8Sg==
ARC-Authentication-Results: i=1; mx.google.com;
       dkim=pass header.i=@exchange.domain.net header.s=mail header.b=aLMdAMOa;
       dkim=pass header.i=@amazonses.com header.s=o6ptibvfbllhpdhtxr7klizy2riobquz header.b=KVQbPoG8;
       dkim=fail header.i=@exchange.domain.net header.s=mail header.b=NGs6Bnlo;
       spf=pass (google.com: domain of 010801820ec4fd02-1480d23e-59a0-409c-919c-96eb5e1cbe92-000000@ses.exchange.domain.net designates 69.169.232.17 as permitted sender) smtp.mailfrom=010801820ec4fd02-1480d23e-59a0-409c-919c-96eb5e1cbe92-000000@ses.exchange.domain.net;
       dmarc=pass (p=QUARANTINE sp=QUARANTINE dis=NONE) header.from=exchange.domain.net
Return-Path: <010801820ec4fd02-1480d23e-59a0-409c-919c-96eb5e1cbe92-000000@ses.exchange.domain.net>
Received: from b232-17.smtp-out.ap-southeast-2.amazonses.com (b232-17.smtp-out.ap-southeast-2.amazonses.com. [69.169.232.17])
        by mx.google.com with ESMTPS id j12-20020a170903028c00b0016cbc101c10si9091323plr.329.2022.07.17.17.46.07
        for <user@gmail.com>
        (version=TLS1_2 cipher=ECDHE-ECDSA-AES128-GCM-SHA256 bits=128/128);
        Sun, 17 Jul 2022 17:46:08 -0700 (PDT)
Received-SPF: pass (google.com: domain of 010801820ec4fd02-1480d23e-59a0-409c-919c-96eb5e1cbe92-000000@ses.exchange.domain.net designates 69.169.232.17 as permitted sender) client-ip=69.169.232.17;
Authentication-Results: mx.google.com;
       dkim=pass header.i=@exchange.domain.net header.s=mail header.b=aLMdAMOa;
       dkim=pass header.i=@amazonses.com header.s=o6ptibvfbllhpdhtxr7klizy2riobquz header.b=KVQbPoG8;
       dkim=fail header.i=@exchange.domain.net header.s=mail header.b=NGs6Bnlo;
       spf=pass (google.com: domain of 010801820ec4fd02-1480d23e-59a0-409c-919c-96eb5e1cbe92-000000@ses.exchange.domain.net designates 69.169.232.17 as permitted sender) smtp.mailfrom=010801820ec4fd02-1480d23e-59a0-409c-919c-96eb5e1cbe92-000000@ses.exchange.domain.net;
       dmarc=pass (p=QUARANTINE sp=QUARANTINE dis=NONE) header.from=exchange.domain.net
DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/simple; s=mail;
    d=exchange.domain.net; t=1658105167;
    h=MIME-Version:Date:From:To:Subject:Message-ID:Content-Type;
    bh=jGs6Pj5u4w2FFvnN6KBTSJk0eZW25khljpGiDfprIb4=;
    b=aLMdAMOam0jJVS4qUHFFRrGMFhqy4srfFzQecxzW9fS6uc3vmCC7vLhMkmUnFmyc
    YsuDw4YReo+0QMW3gh2faPHfHPpWDwNSx1XxMxVxLUPE/WwQJ9rYYIZzccw8zpeO1Cn
    D5wQ/e+D3f4lloZF1S7EwN3KMMgtKCsaMOFmixpF0iJnt9dcYTNnEJIEbTI191MxS3U
    DkunvmPzr6Ft56mqsIvthqiCk9PKpeI0hC7opAa3aiYzKRaRVpe9+7mcQbEMi29AcTr
    N89WNIyIvfliqmxq0HWepSg5b/TQaLpBlxkyyt06o1QN1oC9B790XwNLbdf4k/B22Xo
    /kzxqlXnNA==
DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/simple;
    s=o6ptibvfbllhpdhtxr7klizy2riobquz; d=amazonses.com; t=1658105167;
    h=MIME-Version:Date:From:To:Subject:Message-ID:Content-Type:Feedback-ID;
    bh=jGs6Pj5u4w2FFvnN6KBTSJk0eZW25khljpGiDfprIb4=;
    b=KVQbPoG85XVOw2ysfo/mTrbPsuoJJ0hTyOC/Rt+pTynzIMh4MPFES9EXFAHyH8YN
    WLUrxdwbCqdfEJ5zyZiaIVayilajeJAb3Ebu98cBvRZm0/dgSJowPN7QLm9c89/i714
    gEtdH/TURI3KETYOaBj5lMn95UaHg9PGSs+PdwPQ=
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple;
    d=exchange.domain.net; s=mail; t=1658105166;
    bh=jGs6Pj5u4w2FFvnN6KBTSJk0eZW25khljpGiDfprIb4=;
    h=Date:From:To:Subject:From;
    b=NGs6BnloXayx0RfpfFx6oThcjCfPqS4PGV021dppYb+ScOlT7JRzX7tWJfACcwdyK
     2dgWYc+BFNx0NQHp5mSNMJETFAaINCcpBm39yN+TrjQo1uMEDGtiK7oJf5ME0cm1/Y
     rHmhztuShd1IaMUrpzjcMR9MBlegkNxAew8g7dTYNJxcSMs4NEMF8a7cWKzKyqSFQf
     l89fkB0f7yKQX+BQ331fy/uBHIrUpRtGnKbsqkQqrnJy1QQH37Pfb21gsZhtYv+WRL
     mhxwXtZMlv4A9MMNnAyZXQxKKWauldFpGwhPZjPyiX0vNe7/guSwaUOkXYVZQS+Osq
     eOS4k4dVTAIVg==
MIME-Version: 1.0
Date: Mon, 18 Jul 2022 00:46:07 +0000
From: name@exchange.domain.net
To: user@gmail.com
Subject: test from primary domain
Message-ID: <010801820ec4fd02-1480d23e-59a0-409c-919c-96eb5e1cbe92-000000@ap-southeast-2.amazonses.com>
X-Sender: name@exchange.domain.net
Content-Type: multipart/alternative;
 boundary="=_e0ea6ce10de02aaeea5e81198c8ff903"
Feedback-ID: 1.ap-southeast-2.w0B3yqJoCfyWkK28KRcI7Ge9CW7axa55rH8AB2MCMrU=:AmazonSES
X-SES-Outgoing: 2022.07.18-69.169.232.17

--=_e0ea6ce10de02aaeea5e81198c8ff903
Content-Transfer-Encoding: 7bit
Content-Type: text/plain; charset=US-ASCII;
 format=flowed

This is an email sent from the primary domain.

It will have three dkim signatures.
--=_e0ea6ce10de02aaeea5e81198c8ff903
Content-Transfer-Encoding: quoted-printable
Content-Type: text/html; charset=UTF-8

<html><head><meta http-equiv=3D"Content-Type" content=3D"text/html; charset=
=3DUTF-8" /></head><body style=3D'font-size: 10pt; font-family: Verdana,Gen=
eva,sans-serif'>
<p>This is an email sent from the primary domain.&nbsp;</p>
<p>It will have three dkim signatures.&nbsp;</p>

</body></html>

--=_e0ea6ce10de02aaeea5e81198c8ff903--
`

and one from a secondary domain.

`Delivered-To: user@gmail.com
Received: by 2002:adf:d0c3:0:0:0:0:0 with SMTP id z3csp1380388wrh;
        Sun, 17 Jul 2022 17:47:09 -0700 (PDT)
X-Google-Smtp-Source: AGRyM1uw7gbH/IAB2MSL6bg1ZrLiBAzjcEp3J2XOV/+egIarUhQgXp2nbdS8hMOlkje3eIDDggDW
X-Received: by 2002:a17:90b:3c0c:b0:1ef:e647:ff48 with SMTP id pb12-20020a17090b3c0c00b001efe647ff48mr35316834pjb.173.1658105229436;
        Sun, 17 Jul 2022 17:47:09 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; t=1658105229; cv=none;
        d=google.com; s=arc-20160816;
        b=dvn1hFgrsiTbWJrhoe4hok8O5GM3QW6daM9/w8LlRZVcD8y1P9bPeRrXjXyrdMm8ue
         Ct87iuNSbAmD555oTJI3g8mPo5Odr9QxfobYzQ1ZLqCSB70335NZfCdgwD/U3WIVH3ph
         /81N/i/Tq63fPjwtWO8UhpDIfFBy6tHBZexkeuN7VKqSc8BEwbv59WF/TUo9dlVe6UT7
         exlgHuTLAxCcqnJ9e9w5KdJ/w2+sBMSxrT9cjHVJ4dimV9rH1xZ7pS1Xq+n0NXZhuCxf
         KIfOdg8wLUQjvxV5UJ05aTbLJkbRzELXTkrF57lviVFuxffrUHW0vcx1YbCgQyIQ7rBj
         HXeQ==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816;
        h=feedback-id:message-id:subject:to:from:date:mime-version
         :dkim-signature:dkim-signature;
        bh=5t/M39Ay3Gn3DnxYYq6D/LC2U9iwWEhds+kKR5gzJpA=;
        b=pPVUBUJ6x2fhOkGMfAp30bQW6OaL9zKsuXL7yidZ3C8nVYbOYsRDrYn6JQ+x9mNYDB
         kSWxrAR7PMRBPxerkfkWPZVZi3lJCB+22KYs3saiKVHlrZI7yveOIyhZrFw/QW0IuTka
         3eEjfxEzU/C4Cy3EoxWlVEZAVG0qIiUFOjFx+MMyGOclIXWVw5Eigr5XKEW7+kqlmwMA
         ldync8Xr4YAR047f5/7OpfnTLo8F74ePGdbJYMHpexlnQzWqrzrR6nA8RcvR04TWmeNx
         xDabT/yhEFIkZq8xfr9Ko1zvvhQZF43qL7lOLupDOMZUg02th8FBVEt1mlAXPSwSKTVQ
         OoQg==
ARC-Authentication-Results: i=1; mx.google.com;
       dkim=pass header.i=@mail.domain.net header.s=ulflxcj3m4tyvi4dgjw22q3kc6oev6qx header.b="NQ/9Ci1G";
       dkim=pass header.i=@amazonses.com header.s=o6ptibvfbllhpdhtxr7klizy2riobquz header.b=JCSNjxMi;
       spf=pass (google.com: domain of 010801820ec5e9ac-c8690afc-3453-4c4e-9ebf-0d8c98ef5bb0-000000@ses.mail.domain.net designates 69.169.232.17 as permitted sender) smtp.mailfrom=010801820ec5e9ac-c8690afc-3453-4c4e-9ebf-0d8c98ef5bb0-000000@ses.mail.domain.net;
       dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=mail.domain.net
Return-Path: <010801820ec5e9ac-c8690afc-3453-4c4e-9ebf-0d8c98ef5bb0-000000@ses.mail.domain.net>
Received: from b232-17.smtp-out.ap-southeast-2.amazonses.com (b232-17.smtp-out.ap-southeast-2.amazonses.com. [69.169.232.17])
        by mx.google.com with ESMTPS id u18-20020a63f652000000b00415c21b18e6si12932122pgj.553.2022.07.17.17.47.08
        for <user@gmail.com>
        (version=TLS1_2 cipher=ECDHE-ECDSA-AES128-GCM-SHA256 bits=128/128);
        Sun, 17 Jul 2022 17:47:09 -0700 (PDT)
Received-SPF: pass (google.com: domain of 010801820ec5e9ac-c8690afc-3453-4c4e-9ebf-0d8c98ef5bb0-000000@ses.mail.domain.net designates 69.169.232.17 as permitted sender) client-ip=69.169.232.17;
Authentication-Results: mx.google.com;
       dkim=pass header.i=@mail.domain.net header.s=ulflxcj3m4tyvi4dgjw22q3kc6oev6qx header.b="NQ/9Ci1G";
       dkim=pass header.i=@amazonses.com header.s=o6ptibvfbllhpdhtxr7klizy2riobquz header.b=JCSNjxMi;
       spf=pass (google.com: domain of 010801820ec5e9ac-c8690afc-3453-4c4e-9ebf-0d8c98ef5bb0-000000@ses.mail.domain.net designates 69.169.232.17 as permitted sender) smtp.mailfrom=010801820ec5e9ac-c8690afc-3453-4c4e-9ebf-0d8c98ef5bb0-000000@ses.mail.domain.net;
       dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=mail.domain.net
DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/simple;
    s=ulflxcj3m4tyvi4dgjw22q3kc6oev6qx; d=mail.domain.net;
    t=1658105227;
    h=MIME-Version:Date:From:To:Subject:Message-ID:Content-Type;
    bh=5t/M39Ay3Gn3DnxYYq6D/LC2U9iwWEhds+kKR5gzJpA=;
    b=NQ/9Ci1Gabv3lgWL+c2chn9SY5FLX4TDKqcUGLRxx3XLdKTMPw3b7Z6NJR1MUx3M
    ZiKuM0k3GUZdPdQpchtYAA9dDOMNq31O4PpQFYPh5RL8exBffWtuY3sViqNnt+CEVHK
    gU++2q2HN3hitd/0aJMxrI+72YGu5lhGBp/BT/yA01fNDHOI8Z+2dGW99bRsvDMEWxp
    /HGlBJn7hQzK4+OUtBmBnzfXP9fpGd4izprzVGdHKyQIMD2xP6kOIOlRdfqplhruGEn
    EveO7TN9EuhPzkFzedH+oQkxNz4Q3p35im0kxDBfN0RyPsf15HL0o0zCVnJTfrUwaFU
    dsAzXZgBkQ==
DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/simple;
    s=o6ptibvfbllhpdhtxr7klizy2riobquz; d=amazonses.com; t=1658105227;
    h=MIME-Version:Date:From:To:Subject:Message-ID:Content-Type:Feedback-ID;
    bh=5t/M39Ay3Gn3DnxYYq6D/LC2U9iwWEhds+kKR5gzJpA=;
    b=JCSNjxMiijXDhSezm6khIi/Zg4ILxSYkBA2aAOwA1KrZnHBMjtK4gyQwrChlpSbo
    lSH+D7B+K5GhrYCoWbbC1552hxUzq8BKL3b770gm+2/wtSysTdEsYStt+1fcqft5qLh
    IJTs334uNTYmCW7nAkFnAY34jbIKHAv/r0E7jygE=
Authentication-Results: mx.exchange.domain.net; dkim=none;
    dkim-atps=neutral
MIME-Version: 1.0
Date: Mon, 18 Jul 2022 00:47:07 +0000
From: Steve Blencowe <name@mail.domain.net>
To: Steve Blencowe <user@gmail.com>
Subject: this is an email from a secondary domain
Message-ID: <010801820ec5e9ac-c8690afc-3453-4c4e-9ebf-0d8c98ef5bb0-000000@ap-southeast-2.amazonses.com>
X-Sender: name@mail.domain.net
Content-Type: multipart/alternative;
 boundary="=_b0cd6692a2ff8169fc0ac944fd10c03d"
Feedback-ID: 1.ap-southeast-2.w0B3yqJoCfyWkK28KRcI7Ge9CW7axa55rH8AB2MCMrU=:AmazonSES
X-SES-Outgoing: 2022.07.18-69.169.232.17

--=_b0cd6692a2ff8169fc0ac944fd10c03d
Content-Transfer-Encoding: 7bit
Content-Type: text/plain; charset=US-ASCII;
 format=flowed

and It will only be signed once.

--
--=_b0cd6692a2ff8169fc0ac944fd10c03d
Content-Transfer-Encoding: quoted-printable
Content-Type: text/html; charset=UTF-8

<html><head><meta http-equiv=3D"Content-Type" content=3D"text/html; charset=
=3DUTF-8" /></head><body style=3D'font-size: 10pt; font-family: Verdana,Gen=
eva,sans-serif'>
<p>and It will only be signed once.</p>
<div id=3D"signature">-- <br />
<p><br /></p>
</div>
</body></html>

--=_b0cd6692a2ff8169fc0ac944fd10c03d--
`
ddavness commented 2 years ago

Awesome - could you also post the public DKIM key published by the box? Aka the TXT record of mail._domainkey.exchange.example.com?

s4069b commented 2 years ago

"v=DKIM1; h=sha256; k=rsa; s=email; p=MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxfwpCGS49KUjbpx8h3smUn5120e5gouCE0mYc7stZyJCa5tejDgnF0YndW/lotL9J7SlKn0Hu8KvAZ+uH8u54BqIN9GQxTpQkSXboFNojRiX96HOPyUwUpv4exrpO7oX0ccB4IupDny9pcjX2TL9M3WXCs9WpMiHadCXzWwt1fbbOJ" "pyhxmUf1Shrt9rwawxvJ4p8AzwcP4azPyLeR3SxetmngmuRcPg88hH2JjoVt0baKwOOfoD+Co3EJeEvlS+21xolV3yTQNysvM4hVSuiWHk4dmbqWZ5JrYd/8bq2Ti4Ki1HRrbS770bhKxsZVr4+5IQWr8Ct2C3RgSm+EfFlQIDAQAB"

alento-group commented 1 year ago

It is my experience that MiaB DKIM signs messages when they are sent. I have created AnyMXRelay and I do not sign messages as they are already signed by the mail server.

My suggestion for an easy fix to this issue is to place a check-box on the GUI to allow for no DKIM key to be added when adding a SMTP relay.

stevetoza commented 1 year ago

I'd agree with @alento-group to have a tick box to make this optional as I have the AnyMXRelay service and need power miab to sign the emails

ddavness commented 1 year ago

Fine, seems that apparently different SMTP relays handle DKIM differently from eachother. Some are fine with the origin server doing it, others (such as those I've tested with) would rather (or at least offer the user to) sign the mail themselves.

Instead of a toggle, I'll just make the system not publish an external DKIM key if you don't put it (instead of complaining).