I have an issue which suggests hMailServer is incorrectly using the MAIL FROM address's domain to add a DKIM signature.
I have hMailServer set up as a smart host in front of our Exchange 2003 server specifically to perform DKIM signing of our outgoing mails. We have multiple domains hosted by our Exchange server, and use Ivasoft's ChooseFrom + SmartReply products to allow users to send emails out using any of their secondary addresses (e.g. [email protected]
) as their 'From' address in addition to their primary address [email protected]
. What happens, then, is that Exchange places the correct [email protected]
address in the message header 'From' field, but Exchange uses [email protected]
in the SMTP envelope MAIL FROM command.
I have set up all of our domains in hMailServer, and enabled/configured DKIM for each of them. the appropriate DNS TXT RRs are also set up for each domain.
What hMailServer then does is to use the domain from the SMTP envelope (i.e., primary.com) for DKIM signing rather than the domain from the From header (i.e. secondary.com), so there is a mismatch between the From address and DKIM signing domain.
By my understanding of DKIM, hmailServer *should* be using the domain of the 'From' address, and this is the real point of DKIM, is it not? As unauthorised senders don't have access to the private key of the 'From' address's domain, they can't properly sign their emails. If they are able to sign their emails with any old domain's DKIM keys, it kind of invalidates the whole thing.
Now, my understanding of DKIM may be wrong here, but otherwise it seems that hMailServer isn't adding the right signatures.