DKIM failure - Githubissues

CodeFetch commented 3 years ago

Prior to placing the issue, please check following: (fill out each checkbox with an X once done)

[X] I understand that not following or deleting the below instructions will result in immediate closure and/or deletion of my issue.
[X] I have understood that this bug report is dedicated for bugs, and not for support-related inquiries.
[X] I have understood that answers are voluntary and community-driven, and not commercial support.
[X] I have verified that my issue has not been already answered in the past. I also checked previous issues.

Summary

I'm running Mailcow on the subdomain mail.ironai.com. When ironai.com's A record is set to the same IP as the Mailcow server the DKIM signature is regarded valid, but when ironai.com is set to a different IP address it somehow fails. My suspicion is that the domain field of the DKIM signature should not be set to the email's domain, but to the mail server's.

I don't understand why the signature is reported wrong though as the body hash matches.

Logs

Will be added later. The log is so bloated that it takes an hour to output it into a file.

Reproduction

Writing emails to several DKIM test websites.

System information

Question	Answer
My operating system	Debian 10
Is Apparmor, SELinux or similar active?	No
Virtualization technlogy (KVM, VMware, Xen, etc - LXC and OpenVZ are not supported	KVM
Server/VM specifications (Memory, CPU Cores)	6 GiB, 8
Docker Version (`docker version`)	Docker version 20.10.6, build 370c289
Docker-Compose Version (`docker-compose version`)	docker-compose version 1.28.5, build c4eb3a1f
Reverse proxy (custom solution)	No

Output of git diff origin/master, any other changes to the code? If so, please post them.
All third-party firewalls and custom iptables rules are unsupported. Please check the Docker docs about how to use Docker with your own ruleset. Nevertheless, iptabels output can help us to help you: iptables -L -vn, ip6tables -L -vn, iptables -L -vn -t nat and ip6tables -L -vn -t nat.
DNS problems? Please run docker exec -it $(docker ps -qf name=acme-mailcow) dig +short stackoverflow.com @172.22.1.254 (set the IP accordingly, if you changed the internal mailcow network) and post the output.

Here's a report:

============================================================================
This is SPF/DKIM/DMARC/RBL report generated by a test tool provided 
    by AdminSystem Software Limited.

Any problem, please contact support@emailarchitect.net
============================================================================
Report-Id: 90786e2e
Sender: <dsdas@ironai.com>
Header-From: <dsdas@ironai.com>
HELO-Domain: mail.ironai.com
Source-IP: 176.9.100.222
SSL/TLS: TLS secured
Validator-Version: 1.10
============================================================================
Original email header:

x-sender: dsdas@ironai.com
x-receiver: test-90786e2e@appmaildev.com
Received: from mail.ironai.com ([176.9.100.222]) by appmaildev.com over TLS secured channel with Microsoft SMTPSVC(8.5.9600.16384);
     Sun, 13 Jun 2021 01:13:42 +0000
Received: from [127.0.0.1] (localhost [127.0.0.1]) by localhost (Mailerdaemon) with ESMTPSA id 9FCDE81025
    for <test-90786e2e@appmaildev.com>; Sun, 13 Jun 2021 03:13:40 +0200 (CEST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=ironai.com; s=dkim;
    t=1623546820; h=from:subject:date:message-id:to:mime-version:content-type:
     content-transfer-encoding; bh=4YeK3Y7dRSLjRtzxdcsUy7wurMnMbgkFaPAyGd/9HLY=;
    b=LUUUkHWPM7yYxqaOWzoP4NdlJ1fVm6HgMMMdolrSw7x3cM25WWYCkHzobXFYDP3XoJmC9R
    areMmIG9B3glNLyTRO3rRmd3O2aRqN4Xs2irSLcPKD3u4ffB7ndh5iwopI/WTDbSzTvhgS
    Zv7kVf0VHX/LBfCgkqxra8Unt77xk8LdLwfSamB7dmAD57cqVBMXqOdjZl8XJ5tjIrITUp
    cFw/oyXcoKLIKmkT+nplGG35iPQztZzylKtcfL2E7dpeIdTFC0cSo6uNjZGWz5U5FA5Fiq
    pXIIkk5VJpJNQgJuZ9PZUBt+9ap4SsSNI/UQrxl5+j4ijkSxM0hVSk0WyRYAEQ==
To: test-90786e2e@appmaildev.com
From: dsdas@ironai.com
Subject: dasdasdasd
Message-ID: <2b2923b4-908a-18b1-d003-a1496c6130cb@ironai.com>
Date: Sun, 13 Jun 2021 03:13:39 +0200
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:78.0) Gecko/20100101
 Thunderbird/78.6.0
MIME-Version: 1.0
Content-Type: text/plain; charset=utf-8; format=flowed
Content-Language: en-US
Content-Transfer-Encoding: 7bit
X-Last-TLS-Session-Version: TLSv1.3
Return-Path: dsdas@ironai.com
X-OriginalArrivalTime: 13 Jun 2021 01:13:43.0093 (UTC) FILETIME=[59E92E50:01D75FF1]

============================================================================
SPF: Pass
============================================================================

SPF-Record: v=spf1 mx a -all
Sender-IP: 176.9.100.222
Sender-Domain-Helo-Domain: ironai.com

Query TEXT record from DNS server for: ironai.com
[TXT]: v=spf1 mx a -all
Parsing SPF record: v=spf1 mx a -all

Mechanisms: v=spf1

Mechanisms: mx
Testing mechanism mx
Query MX record from DNS server for: ironai.com
[MX]: mx.bibbl.com
Testing mechanism A:mx.bibbl.com/128
Query A record from DNS server for: mx.bibbl.com
[A]: 176.9.100.222
Testing CIDR: source=176.9.100.222;  176.9.100.222/128
mx hit, Qualifier: +

============================================================================
DKIM: fail
============================================================================

DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=ironai.com; s=dkim;
    t=1623546820; h=from:subject:date:message-id:to:mime-version:content-type:
     content-transfer-encoding; bh=4YeK3Y7dRSLjRtzxdcsUy7wurMnMbgkFaPAyGd/9HLY=;
    b=LUUUkHWPM7yYxqaOWzoP4NdlJ1fVm6HgMMMdolrSw7x3cM25WWYCkHzobXFYDP3XoJmC9R
    areMmIG9B3glNLyTRO3rRmd3O2aRqN4Xs2irSLcPKD3u4ffB7ndh5iwopI/WTDbSzTvhgS
    Zv7kVf0VHX/LBfCgkqxra8Unt77xk8LdLwfSamB7dmAD57cqVBMXqOdjZl8XJ5tjIrITUp
    cFw/oyXcoKLIKmkT+nplGG35iPQztZzylKtcfL2E7dpeIdTFC0cSo6uNjZGWz5U5FA5Fiq
    pXIIkk5VJpJNQgJuZ9PZUBt+9ap4SsSNI/UQrxl5+j4ijkSxM0hVSk0WyRYAEQ==
Signed-by: dsdas@ironai.com
Expected-Body-Hash: 4YeK3Y7dRSLjRtzxdcsUy7wurMnMbgkFaPAyGd/9HLY=
Public-Key: v=DKIM1;k=rsa;t=s;s=email;p=MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsYrJcsC48aNjsOXRtztI6CSGGKFaeHifPcaP84g5jZm+ZWNvQ0qyLzKO4Ay9Y//0JTlm5vXr0KI40s4B7cuyAif98sPld0nVJfhK+v3nYvY/9Q0RGTBnA+SzGNlR2d9ZzN6M19umdF1NjffQ5ljAtE96VvG36TGkBIzGIDST+2SirPcFHzc2XfuU8piiMJGGmetaJicPL5Kc4ucv3qRff8sZnvB5XeRRz5MUafR3AFOi/aGgSxZ17QInSOBNUCiop/uLL2vsfbx/dB62ccLF2BUoQNAKPlZPCUcl2r5K9bAS8pnXOyeq+lRKCM9wDK+t9apstBjJSyilq6cFp6RB6wIDAQAB;

DKIM-Result: fail (bad signature)

============================================================================
DMARC: pass
============================================================================

_dmarc.ironai.com: v=DMARC1; p=none
Received-SPF: pass (appmaildev.com: domain of dsdas@ironai.com designates 176.9.100.222 as permitted sender) client-ip=176.9.100.222
Authentication-Results: appmaildev.com;
    dkim=fail header.d=ironai.com;
    spf=pass (appmaildev.com: domain of dsdas@ironai.com designates 176.9.100.222 as permitted sender) client-ip=176.9.100.222;
    dmarc=pass (adkim=r aspf=r p=none) header.from=ironai.com;

============================================================================
DomainKey: none
============================================================================

DomainKey-Result: none (no signature)
If DKIM result is passed, you can ignore DomainKey result: none
Notice: DomainKey is obsoleted standard, the new standard is DKIM.

============================================================================
PTR: ExistsRecord
============================================================================

Sender-IP: 176.9.100.222
Query 222.100.9.176.in-addr.arpa
Host: mx.bibbl.com

============================================================================
RBL: NotListed
============================================================================

bl.spamcop.net:Not Listed (OK) - http://bl.spamcop.net 
cbl.abuseat.org:Not Listed (OK) - http://cbl.abuseat.org 
b.barracudacentral.org:Not Listed (OK) - http://www.barracudacentral.org/rbl/removal-request 
dnsbl.sorbs.net:Not Listed (OK) - http://www.sorbs.net 
http.dnsbl.sorbs.net:Not Listed (OK) - http://www.sorbs.net 
dul.dnsbl.sorbs.net:Not Listed (OK) - http://www.sorbs.net 
misc.dnsbl.sorbs.net:Not Listed (OK) - http://www.sorbs.net 
smtp.dnsbl.sorbs.net:Not Listed (OK) - http://www.sorbs.net 
socks.dnsbl.sorbs.net:Not Listed (OK) - http://www.sorbs.net 
spam.dnsbl.sorbs.net:Not Listed (OK) - http://www.sorbs.net 
web.dnsbl.sorbs.net:Not Listed (OK) - http://www.sorbs.net 
zombie.dnsbl.sorbs.net:Not Listed (OK) - http://www.sorbs.net 
pbl.spamhaus.org:Not Listed (OK) - http://www.spamhaus.org/pbl/ 
sbl.spamhaus.org:Not Listed (OK) - http://www.spamhaus.org/sbl/ 
xbl.spamhaus.org:Not Listed (OK) - http://www.spamhaus.org/xbl/ 
zen.spamhaus.org:Not Listed (OK) - http://www.spamhaus.org/zen/ 
ubl.unsubscore.com:Not Listed (OK) - http://www.lashback.com/blacklist/ 
rbl.spamlab.com:Not Listed (OK) - http://tools.appriver.com/index.aspx?tool=rbl 
dyna.spamrats.com:Not Listed (OK) - http://www.spamrats.com 
noptr.spamrats.com:Not Listed (OK) - http://www.spamrats.com 
spam.spamrats.com:Not Listed (OK) - http://www.spamrats.com 
cbl.anti-spam.org.cn:Not Listed (OK) - http://www.anti-spam.org.cn/?Locale=en_US 
cdl.anti-spam.org.cn:Not Listed (OK) - http://www.anti-spam.org.cn/?Locale=en_US 
dnsbl.inps.de:Not Listed (OK) - http://dnsbl.inps.de/index.cgi?lang=en 
drone.abuse.ch:Not Listed (OK) - http://dnsbl.abuse.ch 
httpbl.abuse.ch:Not Listed (OK) - http://dnsbl.abuse.ch 
korea.services.net:Not Listed (OK) - http://korea.services.net 
short.rbl.jp:Not Listed (OK) - http://www.rbl.jp 
virus.rbl.jp:Not Listed (OK) - http://www.rbl.jp 
spamrbl.imp.ch:Not Listed (OK) - http://antispam.imp.ch 
wormrbl.imp.ch:Not Listed (OK) - http://antispam.imp.ch 
virbl.bit.nl:Not Listed (OK) - http://virbl.bit.nl  
rbl.suresupport.com:Not Listed (OK) - http://suresupport.com/postmaster 
dsn.rfc-ignorant.org:Not Listed (OK) - http://www.rfc-ignorant.org/policy-dsn.php 
spamguard.leadmon.net:Not Listed (OK) - http://www.leadmon.net/SpamGuard/ 
dnsbl.tornevall.org:Not Listed (OK) - http://opm.tornevall.org 
netblock.pedantic.org:Not Listed (OK) - http://pedantic.org 
multi.surbl.org:Not Listed (OK) - http://www.surbl.org 
ix.dnsbl.manitu.net:Not Listed (OK) - http://www.dnsbl.manitu.net 
tor.dan.me.uk:Not Listed (OK) - http://www.dan.me.uk/dnsbl 
rbl.efnetrbl.org:Not Listed (OK) - http://rbl.efnetrbl.org 
dnsbl.dronebl.org:Not Listed (OK) - http://www.dronebl.org 
access.redhawk.org:Not Listed (OK) - http://www.redhawk.org/index.php?option=com_wrapper&Itemid=33 
db.wpbl.info:Not Listed (OK) - http://www.wpbl.info 
rbl.interserver.net:Not Listed (OK) - http://rbl.interserver.net 
query.senderbase.org:Not Listed (OK) - http://www.senderbase.org/about 
bogons.cymru.com:Not Listed (OK) - http://www.team-cymru.org/Services/Bogons/ 
csi.cloudmark.com:Not Listed (OK) - http://www.cloudmark.com/en/products/cloudmark-sender-intelligence/index 

============================================================================
Original message source
============================================================================
x-sender: dsdas@ironai.com
x-receiver: test-90786e2e@appmaildev.com
Received: from mail.ironai.com ([176.9.100.222]) by appmaildev.com over TLS secured channel with Microsoft SMTPSVC(8.5.9600.16384);
     Sun, 13 Jun 2021 01:13:42 +0000
Received: from [127.0.0.1] (localhost [127.0.0.1]) by localhost (Mailerdaemon) with ESMTPSA id 9FCDE81025
    for <test-90786e2e@appmaildev.com>; Sun, 13 Jun 2021 03:13:40 +0200 (CEST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=ironai.com; s=dkim;
    t=1623546820; h=from:subject:date:message-id:to:mime-version:content-type:
     content-transfer-encoding; bh=4YeK3Y7dRSLjRtzxdcsUy7wurMnMbgkFaPAyGd/9HLY=;
    b=LUUUkHWPM7yYxqaOWzoP4NdlJ1fVm6HgMMMdolrSw7x3cM25WWYCkHzobXFYDP3XoJmC9R
    areMmIG9B3glNLyTRO3rRmd3O2aRqN4Xs2irSLcPKD3u4ffB7ndh5iwopI/WTDbSzTvhgS
    Zv7kVf0VHX/LBfCgkqxra8Unt77xk8LdLwfSamB7dmAD57cqVBMXqOdjZl8XJ5tjIrITUp
    cFw/oyXcoKLIKmkT+nplGG35iPQztZzylKtcfL2E7dpeIdTFC0cSo6uNjZGWz5U5FA5Fiq
    pXIIkk5VJpJNQgJuZ9PZUBt+9ap4SsSNI/UQrxl5+j4ijkSxM0hVSk0WyRYAEQ==
To: test-90786e2e@appmaildev.com
From: dsdas@ironai.com
Subject: dasdasdasd
Message-ID: <2b2923b4-908a-18b1-d003-a1496c6130cb@ironai.com>
Date: Sun, 13 Jun 2021 03:13:39 +0200
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:78.0) Gecko/20100101
 Thunderbird/78.6.0
MIME-Version: 1.0
Content-Type: text/plain; charset=utf-8; format=flowed
Content-Language: en-US
Content-Transfer-Encoding: 7bit
X-Last-TLS-Session-Version: TLSv1.3
Return-Path: dsdas@ironai.com
X-OriginalArrivalTime: 13 Jun 2021 01:13:43.0093 (UTC) FILETIME=[59E92E50:01D75FF1]

******* EMAIL MESSAGE *********
============================================================================

ghost commented 3 years ago

Not a bug, use the forum for community support! Also issue template removed, that will be closed.

CodeFetch commented 3 years ago

@mthld How do you know this is not a bug and why should I bother the forum people then if you know the reason?

CodeFetch commented 3 years ago

@mthld I've given it another try with dkimvalidator.com. It says: Details: OpenSSL error: data too large for modulus Sounds like a bug to me if Mailcow produces signatures causing such errors.

DKIM Information:

DKIM Signature

Message contains this DKIM Signature:
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=ironai.com; s=dkim;
    t=1623578030; h=from:subject:date:message-id:to:mime-version:content-type:
     content-transfer-encoding; bh=g5z6HZxf3eLcT7ayvIrgw/KNB1+5Oe1d86xdMxtpe/o=;
    b=vpOkzvj59H3A6423A9m5SNcgQW+iBHdBMnroNwvkJm1Hf6sDvtDR1f0Zfeczvkega/HR34
    xS6lcpM2IAN3yEoz/SH6QAJb6jaAByKTasLPOhKAqfjUvHazIswdbdH2PPvk3jwZdtw4fU
    H2sCfOyr08bgOerMvDzLG1eh/p+HXzyg5/86868PJV06oYI9YDykNfIB4UvQ9QGizzy5Iz
    NpF5t618gdpe5DI854kyvksh1zwyG9eueBLVB0Cwd4O7ef2+kwODHyI9J0fdgEyga2I1Ia
    e8hiddFV69w88PJ16GVR1C48gL34KCpnJxjh56KpB0VfbhLIkat0TAIs8q7Eqg==

Signature Information:
v= Version:         1
a= Algorithm:       rsa-sha256
c= Method:          relaxed/relaxed
d= Domain:          ironai.com
s= Selector:        dkim
q= Protocol:        
bh=                 g5z6HZxf3eLcT7ayvIrgw/KNB1+5Oe1d86xdMxtpe/o=
h= Signed Headers:  from:subject:date:message-id:to:mime-version:content-type:
     content-transfer-encoding
b= Data:            vpOkzvj59H3A6423A9m5SNcgQW+iBHdBMnroNwvkJm1Hf6sDvtDR1f0Zfeczvkega/HR34
    xS6lcpM2IAN3yEoz/SH6QAJb6jaAByKTasLPOhKAqfjUvHazIswdbdH2PPvk3jwZdtw4fU
    H2sCfOyr08bgOerMvDzLG1eh/p+HXzyg5/86868PJV06oYI9YDykNfIB4UvQ9QGizzy5Iz
    NpF5t618gdpe5DI854kyvksh1zwyG9eueBLVB0Cwd4O7ef2+kwODHyI9J0fdgEyga2I1Ia
    e8hiddFV69w88PJ16GVR1C48gL34KCpnJxjh56KpB0VfbhLIkat0TAIs8q7Eqg==
Public Key DNS Lookup

Building DNS Query for dkim._domainkey.ironai.com
Retrieved this publickey from DNS: v=DKIM1;k=rsa;t=s;s=email;p=MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsYrJcsC48aNjsOXRtztI6CSGGKFaeHifPcaP84g5jZm+ZWNvQ0qyLzKO4Ay9Y//0JTlm5vXr0KI40s4B7cuyAif98sPld0nVJfhK+v3nYvY/9Q0RGTBnA+SzGNlR2d9ZzN6M19umdF1NjffQ5ljAtE96VvG36TGkBIzGIDST+2SirPcFHzc2XfuU8piiMJGGmetaJicPL5Kc4ucv3qRff8sZnvB5XeRRz5MUafR3AFOi/aGgSxZ17QInSOBNUCiop/uLL2vsfbx/dB62ccLF2BUoQNAKPlZPCUcl2r5K9bAS8pnXOyeq+lRKCM9wDK+t9apstBjJSyilq6cFp6RB6wIDAQAB
Validating Signature

result = fail
Details: OpenSSL error: data too large for modulus

andryyy commented 3 years ago

Have you read the issue template? :)

Am 13.06.2021 um 11:50 schrieb Vincent Wiemann @.***>:

@mthld How do you know this is not a bug and why should I bother the forum people then if you know the reason?

— You are receiving this because you are subscribed to this thread. Reply to this email directly, view it on GitHub, or unsubscribe.

CodeFetch commented 3 years ago

@andryyy Yes, I have and I've mentioned all relevant information. I don't know which version of Mailcow it is. It is the Dockerized version and on the admin panel only lists the versions of components. My setup is standard on a barebone Debian 10 100% according to your tutorial. DNS entries and keys have been double-checked. Nothing I found relevant to mention here as this seems to be a signing issue.

 acme-mailcow (mailcow/acme:1.78) (Started on 05/10/2021, 1:58:08 PM), Restart  
dockerapi-mailcow (mailcow/dockerapi:1.38) (Started on 05/10/2021, 1:58:08 PM), Restart  
dovecot-mailcow (mailcow/dovecot:1.141) (Started on 05/26/2021, 1:59:52 PM), Restart  
ejabberd-mailcow (mailcow/ejabberd:1.4) (Started on 05/10/2021, 1:58:06 PM), Restart  
ipv6nat-mailcow (robbertkl/ipv6nat) (Started on 06/13/2021, 3:11:51 AM), Restart  
memcached-mailcow (memcached:alpine) (Started on 05/10/2021, 1:58:07 PM), Restart  
mysql-mailcow (mariadb:10.4) (Started on 05/10/2021, 1:58:09 PM), Restart  
netfilter-mailcow (mailcow/netfilter:1.39) (Started on 05/10/2021, 1:58:02 PM), Restart  
nginx-mailcow (nginx:mainline-alpine) (Started on 05/10/2021, 1:58:07 PM), Restart  
olefy-mailcow (mailcow/olefy:1.6) (Started on 05/10/2021, 1:58:06 PM), Restart  
php-fpm-mailcow (mailcow/phpfpm:1.73) (Started on 05/10/2021, 1:58:08 PM), Restart  
postfix-mailcow (mailcow/postfix:1.59) (Started on 05/26/2021, 2:00:01 PM), Restart  
redis-mailcow (redis:5-alpine) (Started on 05/10/2021, 1:58:09 PM), Restart  
rspamd-mailcow (mailcow/rspamd:1.76) (Started on 06/02/2021, 1:30:13 AM), Restart  
sogo-mailcow (mailcow/sogo:1.95) (Started on 06/13/2021, 3:10:36 AM), Restart  
unbound-mailcow (mailcow/unbound:1.13) (Started on 05/10/2021, 1:58:08 PM), Restart  
watchdog-mailcow (mailcow/watchdog:1.90) (Started on 05/10/2021, 1:58:06 PM), Restart

andryyy commented 3 years ago

There are also checkboxes etc.

We created the issue template for a reason, it sucks a lot when the rules are ignored. :(

Am 13.06.2021 um 12:20 schrieb Vincent Wiemann @.***>:

andryyy Yes, I have and I've mentioned all relevant information. I don't know which version of Mailcow it is. It is the Dockerized version and on the admin panel only lists the versions of components.

CodeFetch commented 3 years ago

I've added the template.

wblondel commented 3 years ago

This error "OpenSSL error: data too large for modulus" usually happens when you give a key bigger than what the distant server expects.

In your DNS zone, this 2048-bit DKIM key is configured:

v=DKIM1;k=rsa;t=s;s=email;p=MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsYrJcsC48aNjsOXRtztI6CSGGKFaeHifPcaP84g5jZm+ZWNvQ0qyLzKO4Ay9Y//0JTlm5vXr0KI40s4B7cuyAif98sPld0nVJfhK+v3nYvY/9Q0RGTBnA+SzGNlR2d9ZzN6M19umdF1NjffQ5ljAtE96VvG36TGkBIzGIDST+2SirPcFHzc2XfuU8piiMJGGmetaJicPL5Kc4ucv3qRff8sZnvB5XeRRz5MUafR3AFOi/aGgSxZ17QInSOBNUCiop/uLL2vsfbx/dB62ccLF2BUoQNAKPlZPCUcl2r5K9bAS8pnXOyeq+lRKCM9wDK+t9apstBjJSyilq6cFp6RB6wIDAQAB

Make sure it is the same one than the one shown here: https://{your mailcow host}/admin#tab-config-dkim

If they are the same, we will have to dig deeper :smile:

CodeFetch commented 3 years ago

@wblondel It is the same. What I'm wondering about is this line: DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=ironai.com; s=dkim; I think it should be mx.bibbl.com (or better say where mailcow is running) as the SPF text entry in ironai.comv=spf1 mx a -all allows the mx server to sign messages. mailcow just takes the domain name as it assumes that people have the A entry of all their mail domains set to the mailcow server... But I don't want that as I have web services running etc and a relay is no option.

wblondel commented 3 years ago

What is the configured hostname of your Mailcow instance? mx.bibbl.com or mail.ironai.com ?

Right now, the MX of ironai.com is mail.ironai.com, which points to 176.9.100.222. However the PTR of this IP is mx.bibbl.com.

If mx.bibbl.com is indeed the configured hostname on your Mailcow server, first thing I would do is to remove the mail.ironai.com A record and put mx.bibbl.com as the domain MX.

I don't know if that will solve the problem you described, but at least it will remove one problem and help solving this one :smile:

github-actions[bot] commented 3 years ago

This issue has been automatically marked as stale because it has not had recent activity. It will be closed if no further activity occurs.

mailcow / mailcow-dockerized

DKIM failure #4144

Summary

Logs

Reproduction

System information