Open catthecreator opened 2 weeks ago
Hi!
Authentication-Results
header and look for dkim=pass
. Try sending an email to your gmail or any other account and look for if any text that has something like signed by
.1 - public server 2 - via Wildduck API 3 - Welcome.zip 4 - I'm sending it to google 5 - checked
I am replacing the domain name so that it cannot be found in the search
my dns dkim record:
Wildduck api dkim:
GET http://apihost:8080/dkim/66d1bbb05c9d6f1d8060d74e
{
"id": "66d1bbb05c9d6f1d8060d74e",
"domain": "mysecretdomain.com",
"selector": "owl",
"description": "Just description 2",
"fingerprint": "88:f0:ff:28:ad:7b:65:90:1c:62:2d:ca:78:56:06:3e:74:08:dd:4f:f4:d0:2c:ef:8e:af:71:aa:c9:51:3e:d9",
"publicKey": "-----BEGIN PUBLIC KEY-----\nMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA5MBNmTjjqdCGQ5PC7CTI\nolpUuvIX25dVwZ9l7RRVilImcWAsIeTuDha1VBZgAzD00iQCiCzigg2oTK3gFPfk\n0FsaSi/NtFWoR9Z9KloPPB5qYppIVKDsWfNFMGUcbuwrw4u71YfidXTouXtdf4HU\nZtVV/cx9PxtgO8f3LIWlI32f44ertm5/DAZ+B55fYbLNcQyYbsHBHcS/XT6Nf7zZ\n2TYCxK39QcKjSlhNhczAdQy+lZXlCSBTE+x7PIEghX2nKTCYY4ozIAR/H2wMrxbx\n67EI8cTBAlZVyoZN6C1pHT2XNGtI7Xo0L3zTb1NknaATOsrfpX7H2J1nq3LgTBwX\nfwIDAQAB\n-----END PUBLIC KEY-----\n",
"dnsTxt": {
"name": "owl._domainkey.mysecretdomain.com",
"value": "v=DKIM1;t=s;p=MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA5MBNmTjjqdCGQ5PC7CTIolpUuvIX25dVwZ9l7RRVilImcWAsIeTuDha1VBZgAzD00iQCiCzigg2oTK3gFPfk0FsaSi/NtFWoR9Z9KloPPB5qYppIVKDsWfNFMGUcbuwrw4u71YfidXTouXtdf4HUZtVV/cx9PxtgO8f3LIWlI32f44ertm5/DAZ+B55fYbLNcQyYbsHBHcS/XT6Nf7zZ2TYCxK39QcKjSlhNhczAdQy+lZXlCSBTE+x7PIEghX2nKTCYY4ozIAR/H2wMrxbx67EI8cTBAlZVyoZN6C1pHT2XNGtI7Xo0L3zTb1NknaATOsrfpX7H2J1nq3LgTBwXfwIDAQAB"
},
"created": "2024-08-30T16:51:30.711Z",
"success": true
}
I sent the message like this:
POST http://apihost:8080/users/66cf5c04d9402600076a79ad/submit
{
"to": [{
"name": "Catthecreator",
"address": "mysecretmailbox@gmail.com"
}],
"from": {
"address": "tester@mysecretdomain.com"
},
"replyTo": {
"address": "tester@mysecretdomain.com"
},
"subject": "Welcome",
"text": "Test message from api"
}
But why does your DKIM DNS key contain another "
? Is that supposed to be how it looks in your dns provider or is that a typo? On the image you sent, there is ... "sHBHcS ...
.
I just set up a basic wildduck server, added dkim. Sent an email to gmail and the DKIM is working. So I would first check if the dns entry is actually correct and those quotes are not included in the value but just how your provider displays the value,
The provider says this is normal behavior, it's just that the txt record is limited to 255 characters
I asked chatgpt and searched the internet - this is really a normal practice
https://support.cpanel.net/hc/en-us/articles/4402114117911-Why-are-DKIM-TXT-records-split
I generally do not understand what the dns record has to do with it, there is no dkim signature in the body of the letter. It will not come to checking dns records, because there is nothing to check
Or am I wrong?
Yeah it's just a split record. A lot of people don't know about them, as most dns providers show them as a single string in their panel. But it's how dns works and it's fine.
Do you have DKIM enabled in zone-mta plugin? Under zone-mta/plugins/wildduck.yaml
.
signTransportDomain = true
it was disabled. enable and restarted containers, The situation has not changed
["modules/zonemta-wildduck"]
enabled=["receiver", "sender"]
# to which SMTP interfaces this plugin applies to. Use "*" for all interfaces
interfaces=["feeder"]
# optional hostname to be used in headers
# defaults to os.hostname()
hostname="mysecretdomain.com"
# How long to keep auth records in log
authlogExpireDays=30
# default smtp recipients for 24h (can be overriden per user)
maxRecipients=2000
disableUploads=false # if true then messages are not uploaded to Sent Mail folder
uploadAll=false # if false then messages from Outlook are not uploaded to Sent Mail folder
# SRS settings for forwarded emails
# ---------------------------------
["modules/zonemta-wildduck".srs]
# Handle rewriting of forwarded emails. If false then SRS is not used
# Only affect messages that have interface set to "forwarder"
enabled=true
# SRS secret value. Must be the same as in the MX side
secret="supersecretpass"
# SRS domain, must resolve back to MX
rewriteDomain="mysecretdomain.com"
# DKIM Settings
# -------------
["modules/zonemta-wildduck".dkim]
# If true then also adds a signature for the outbound domain
signTransportDomain=true
# If set then decrypt encrypted DKIM keys using this password
#secret="a secret cat"
# Cipher to use to decrypt encrypted DKIM keys
#cipher="aes192"
["modules/zonemta-wildduck".gelf]
enabled=false
component="mta"
["modules/zonemta-wildduck".gelf.options]
graylogPort=12201
graylogHostname='127.0.0.1'
connection='lan'
Is zonemta set to use the same db as wildduck? I think it's probable that the plugin is not finding your dkim keys in the db for some reason.
(by the way, signTransportDomain is not needed for your usecase of signing the from address domain. You'd use that to also sign with mta.example.com. So you can leave it false. Signing the from domain should happen automatically if it finds a matching key in the db.)
Is zonemta set to use the same db as wildduck? I think it's probable that the plugin is not finding your dkim keys in the db for some reason.
I am using the standard configuration from the repository
https://github.com/nodemailer/wildduck-dockerized
The only thing I changed is I changed the version here to nodemailer/wildduck:1.45.0
my /wildduck-dockerized/config/zone-mta/zonemta.toml : https://github.com/nodemailer/wildduck-dockerized/blob/master/default-config/zone-mta/zonemta.toml
I'm using the container version of wild duck
I created a dkim for the domain using the api method https://docs.wildduck.email/api/#operation/postdkim
I have activated the sign Transport Domain parameter in /config/wildduck/dkim.toml I am sending an email from the same domain for which the signature was generated When sending an email, it is not signed by DKIM
What did I miss?