Is there option to sign (dkim) relayed emails?

[proea]

Is there option to sign (dkim) relayed emails?

[proea]

@andryyy

The problem is that relayed emails do not have dkim signatures, while ordinary mail sending has a signature

(domain is configured, dkim signature is generated)

[andryyy]

Why doesn't your relayhost sign your msgs?

[proea]

@andryyy mailcow is the relayhost

| web-node01 | | web-node02 | ------> | mailcow | ----- > ... | web-node0X |

mailcow is now in relay mode for web-nodes. but emails weren't signed

[proea]

messages that are sent using postfix sender_dependent_relayhost_maps and smtp_sasl_password_maps also not signed

postfix host -> mailcow -> ..

postfix host: sender: test@domain.com recipient: recipient@otherdomain.com

_sender_dependent_relayhostmaps: @domain.com [mailcowip]:587

_smtp_sasl_authenable: yes

_smtp_sasl_passwordmaps: [mailcowip]:587 test@domain.com:password

the received message has no signature

[chindocaine]

I have the same problem. I have mailcow running one one server and some web applications on another server. I created a mailbox in mailcow and configured postfix on the other server to use mailcow as a relay host, using this mailbox for authentication. It works, emails are sent and relayed by mailcow, but they don't have the DKIM signature. When I send mails from Sogo or Outlook (directly through mailcow) they get signed. Is there any solution to this yet?

[andryyy]

You should use it authenticated and make sure the sender (envelope from) is actually a domain in mailcow.

As long as it authenticates, mailcow will sign the messages.

Please post your Postfix logs of mailcow when you relay a message. Maybe Rspamd logs of the same time.

[chindocaine]

Wow, thanks for the quick reply. What can I say, I tried it again, and now the DKIM signature is there. I have no idea what I did differently a week ago and why it didn't work then. But thanks anyway!

[stale[bot]]

This issue has been automatically marked as stale because it has not had recent activity. It will be closed if no further activity occurs. Thank you for your contributions.

[leifnel]

May I be daft and reopen this?

I have the same setup as @proea

| web-node | ------> | mailcow | ----- > ...

The webnode is sending with envelope-address bounce+@example.org and from-address @sup.example.org, from the server web.example.org

I have setup dkim for both example.org and sup.example.org It works if I send mail from test@sup.example.org from SOGo on the server, but mails from the webnode does not get signed.

The servers are behind firewall, and internally use 10.0.5.x addresses; the mailserver and webserver also have public addresses.

I can not get authentication to work; where in the gui to put credentials?

I'm connecting from nullmailer, trying different stuff like 10.0.5.201 smtp --port=25 --starttls --insecure --auth-login --user=someuser --pass=somepass

But I get

mail postfix/smtpd[1135]: Anonymous TLS connection established from unknown[10.0.5.203]: TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)
mail postfix/smtpd[1135]: warning: unknown[10.0.5.203]: SASL LOGIN authentication failed: UGFzc3dvcmQ6
mail postfix/smtpd[1135]: disconnect from unknown[10.0.5.203] ehlo=2 starttls=1 auth=0/1 quit=1 commands=4/5

[Adorfer]

having this resolved would help a lot for people with hosts behind firewalls/inside private networks.

(Mail via delivery-Protocol with full auth is not always an option if your applicance 'in local network' is some $itty old embedded device offering 'email notification' in case of event. some just ask for an smtp on port 25.)