The DKIM signature is not added to E-mails sent from domains declared as aliases in the hmailServer settings
-
- New user
- Posts: 8
- Joined: 2015-03-16 20:40
The DKIM signature is not added to E-mails sent from domains declared as aliases in the hmailServer settings
Hi development team,
When a domain name (like "alias.com") is defined as an alias of another one (for instance "maindomain.com"),
and if the DKIM Signing is enabled for "maindomain.com" in hmailServer settings,
then the E-mails sent by the "alias.com" domain users, have no DKIM signature,
while the E-mails sent by the "maindomain.com" domain users, have such a DKIM signature,
according to the tests made with http://www.appmaildev.com/en/dkim/
Of course the same DKIM public keys have been defined in the DNS of the two domains
(I have checked this point in nslookup and I have waited for DNS propagation),
- but this is not the question here because hmailServer should sign the mails according to the _private_ key file
defined in the hmailServer settings for the "maindomain.com" domain,
independently from the fact that the DKIM DNS entries (which store the public key) exist or not.
So, when sending a mail from the "alias.com" domain, we get the reply from appmaildev.com:
================================================================
DKIM result: none (no signature)
================================================================
while for the "maindomain.com" domain, we get the reply:
================================================================
DKIM result: pass
================================================================
Signed by: xxxx@maindomain.com
Expected Body Hash: 8RlxVAukGYjyhb0...
This looks like a hmailServer bug.
Thanks very much for your suggestions and for your help!
Best regards,
SemperFidelis
When a domain name (like "alias.com") is defined as an alias of another one (for instance "maindomain.com"),
and if the DKIM Signing is enabled for "maindomain.com" in hmailServer settings,
then the E-mails sent by the "alias.com" domain users, have no DKIM signature,
while the E-mails sent by the "maindomain.com" domain users, have such a DKIM signature,
according to the tests made with http://www.appmaildev.com/en/dkim/
Of course the same DKIM public keys have been defined in the DNS of the two domains
(I have checked this point in nslookup and I have waited for DNS propagation),
- but this is not the question here because hmailServer should sign the mails according to the _private_ key file
defined in the hmailServer settings for the "maindomain.com" domain,
independently from the fact that the DKIM DNS entries (which store the public key) exist or not.
So, when sending a mail from the "alias.com" domain, we get the reply from appmaildev.com:
================================================================
DKIM result: none (no signature)
================================================================
while for the "maindomain.com" domain, we get the reply:
================================================================
DKIM result: pass
================================================================
Signed by: xxxx@maindomain.com
Expected Body Hash: 8RlxVAukGYjyhb0...
This looks like a hmailServer bug.
Thanks very much for your suggestions and for your help!
Best regards,
SemperFidelis
Re: The DKIM signature is not added to E-mails sent from domains declared as aliases in the hmailServer settings
Doesn't the D in DKIM stand for 'Domain'?
Why should an Alias also trigger the DKIM signing? I thought that was the point, that only mail FROM a single domain were signed by that key.
Why should an Alias also trigger the DKIM signing? I thought that was the point, that only mail FROM a single domain were signed by that key.
Just 'cause I link to a page and say little else doesn't mean I am not being nice.
https://www.hmailserver.com/documentation
https://www.hmailserver.com/documentation
-
- New user
- Posts: 8
- Joined: 2015-03-16 20:40
Re: The DKIM signature is not added to E-mails sent from domains declared as aliases in the hmailServer settings
Hi Matt,
A domain defined as an alias in hmailServer is, at DNS level, a full domain with independent DNS.
Let's say that you have two domains for instance for a company having two brands:
"yourfirstbrand.com" and "yoursecondbrand.com"
then have the same E-mail box names under the two domains
so you define in hmailServer, "yoursecondbrand.com" as an alias domain of "yourfirstbrand.com",
to avoid duplicating all the mailboxes.
Then you can :
- define in the DNS of your two separate domains, the same public key for DKIM,
- and define in the hmailServer settings, in the DKIM settings tab of "yourfirstbrand.com", the DKIM private key of yourfirstbrand.com.
Indeed I saw no option in hMailServer Administrator to define a separate DKIM private key for an aliased domain i.e. for "yoursecondbrand.com"
if this domain is defined as an alias of "yourfirstbrand.com".
Then, from your E-mail client, you can receive and send a mail as someone@yourfirstbrand.com and as someone@yoursecondbrand.com.
HMailServer will accept and deliver the outgoing mails written by someone@yoursecondbrand.com
but they will not be signed, while the outgoing mails from someone@yourfirstbrand.com will be signed with DKIM.
However yoursecondbrand.com is defined as an alias of yourfirstbrand.com.
BTW I agree that this feature would only be useful for specific purpose.
A workaround is to define two separate domains and to duplicate all the mailboxes.
You may have a better option. Thanks in any case.
Best regards,
SF
A domain defined as an alias in hmailServer is, at DNS level, a full domain with independent DNS.
Let's say that you have two domains for instance for a company having two brands:
"yourfirstbrand.com" and "yoursecondbrand.com"
then have the same E-mail box names under the two domains
so you define in hmailServer, "yoursecondbrand.com" as an alias domain of "yourfirstbrand.com",
to avoid duplicating all the mailboxes.
Then you can :
- define in the DNS of your two separate domains, the same public key for DKIM,
- and define in the hmailServer settings, in the DKIM settings tab of "yourfirstbrand.com", the DKIM private key of yourfirstbrand.com.
Indeed I saw no option in hMailServer Administrator to define a separate DKIM private key for an aliased domain i.e. for "yoursecondbrand.com"
if this domain is defined as an alias of "yourfirstbrand.com".
Then, from your E-mail client, you can receive and send a mail as someone@yourfirstbrand.com and as someone@yoursecondbrand.com.
HMailServer will accept and deliver the outgoing mails written by someone@yoursecondbrand.com
but they will not be signed, while the outgoing mails from someone@yourfirstbrand.com will be signed with DKIM.
However yoursecondbrand.com is defined as an alias of yourfirstbrand.com.
BTW I agree that this feature would only be useful for specific purpose.
A workaround is to define two separate domains and to duplicate all the mailboxes.
You may have a better option. Thanks in any case.
Best regards,
SF
Re: The DKIM signature is not added to E-mails sent from domains declared as aliases in the hmailServer settings
No I don't have a better option
I'd see adding DKIM to a domain name (domain alias) as a feature enhancement request. Please add one, with a poll question so that others may vote and discuss.
FWIW, on a personal level I prefer at least one email address per domain.
I have a number of businesses that I run.
I prefer an email address for each one, and I specifically tell my staff /clients that any emails should be about a single topic.
This allows me to compartmentalise what I do.
I file email when actioned and keep the inbox for each address with minimal emails in them (in a perfect world, in practice not always the case)
Last I checked, I have some 15 email addresses that I answer and check regularly, not counting dozens more that I don't regularly check, because of automated processes...
I'd see adding DKIM to a domain name (domain alias) as a feature enhancement request. Please add one, with a poll question so that others may vote and discuss.
FWIW, on a personal level I prefer at least one email address per domain.
I have a number of businesses that I run.
I prefer an email address for each one, and I specifically tell my staff /clients that any emails should be about a single topic.
This allows me to compartmentalise what I do.
I file email when actioned and keep the inbox for each address with minimal emails in them (in a perfect world, in practice not always the case)
Last I checked, I have some 15 email addresses that I answer and check regularly, not counting dozens more that I don't regularly check, because of automated processes...
Just 'cause I link to a page and say little else doesn't mean I am not being nice.
https://www.hmailserver.com/documentation
https://www.hmailserver.com/documentation
- jimimaseye
- Moderator
- Posts: 10053
- Joined: 2011-09-08 17:48
Re: The DKIM signature is not added to E-mails sent from domains declared as aliases in the hmailServer settings
Yeah, me too. Each account in our business is like this:mattg wrote:I file email when actioned and keep the inbox for each address with minimal emails in them (in a perfect world, in practice not always the case)
Code: Select all
INBOX
|-DEALT
|-DEALT2014
|- DEALT2013
Every email that comes in, read, and responded to gets moved to the current DEALT folder leaving INBOX with a handful in it.
(Sadly Im not so efficient on my own personal yahoo mail account. )
5.7 on test.
SpamassassinForWindows 3.4.0 spamd service
AV: Clamwin + Clamd service + sanesecurity defs : https://www.hmailserver.com/forum/viewtopic.php?f=21&t=26829
SpamassassinForWindows 3.4.0 spamd service
AV: Clamwin + Clamd service + sanesecurity defs : https://www.hmailserver.com/forum/viewtopic.php?f=21&t=26829
Re: The DKIM signature is not added to E-mails sent from domains declared as aliases in the hmailServer settings
Hello,
Sorry for bring up old topic.
As DKIM Signing is not possible for domain aliases, some emails sent through domain aliases becomes spam in many email providers like gmail & yahoo.
Is it possible to add this feature as optional in next release?
I'm searched & found that a feature request topic is also created.
viewtopic.php?t=29029
Regards
Sorry for bring up old topic.
As DKIM Signing is not possible for domain aliases, some emails sent through domain aliases becomes spam in many email providers like gmail & yahoo.
Is it possible to add this feature as optional in next release?
I'm searched & found that a feature request topic is also created.
viewtopic.php?t=29029
Regards
Re: The DKIM signature is not added to E-mails sent from domains declared as aliases in the hmailServer settings
Probably notpakradm wrote:Is it possible to add this feature as optional in next release?
But the more people that vote for that feature request, the more likely that it will happen.
Have you tried using the same DKIM signature for all domains?
Just 'cause I link to a page and say little else doesn't mean I am not being nice.
https://www.hmailserver.com/documentation
https://www.hmailserver.com/documentation
Re: The DKIM signature is not added to E-mails sent from domains declared as aliases in the hmailServer settings
Hello again,Have you tried using the same DKIM signature for all domains?
It's not possible to define different private key for domain aliases.
I'm applied same public key in domain & domain's aliases dns, but emails sent through domain aliases don't sign with DKIM.
Regards
Re: The DKIM signature is not added to E-mails sent from domains declared as aliases in the hmailServer settings
I have four domain on my server and three off them redirects to one domain with different DKIM on all of them.
Domain A has B,C and D as alias.
When a sent from a account in domain A with alias in domain B it gets signed with domain B DKIM.
When a sent from a account in domain A with alias in domain C it gets signed with domain C DKIM.
When a sent from a account in domain A with alias in domain D it gets signed with domain D DKIM.
When a sent from a account in domain A it gets signed with domain A DKIM.
I think you must have a domain setup in hmailServer for the alias for DKIM signing.
Domain A has B,C and D as alias.
When a sent from a account in domain A with alias in domain B it gets signed with domain B DKIM.
When a sent from a account in domain A with alias in domain C it gets signed with domain C DKIM.
When a sent from a account in domain A with alias in domain D it gets signed with domain D DKIM.
When a sent from a account in domain A it gets signed with domain A DKIM.
I think you must have a domain setup in hmailServer for the alias for DKIM signing.
HMS 5.6.8 B2534.28 on Windows Server 2019 Core VM.
HMS 5.6.9 B2641.67 on Windows Server 2016 Core VM.
HMS 5.6.9 B2641.67 on Windows Server 2016 Core VM.
Re: The DKIM signature is not added to E-mails sent from domains declared as aliases in the hmailServer settings
How have you got aliases set up?
I'm guessing you are using account level aliases, rather than domain 'names' as the OP suggested they do
I'm guessing you are using account level aliases, rather than domain 'names' as the OP suggested they do
Just 'cause I link to a page and say little else doesn't mean I am not being nice.
https://www.hmailserver.com/documentation
https://www.hmailserver.com/documentation
Re: The DKIM signature is not added to E-mails sent from domains declared as aliases in the hmailServer settings
In domain B I added alias (user@b.com) redirect to domain A (user@a.com)mattg wrote:How have you got aliases set up?
Sending mail with user@a.com account as alias user@b.com and the mail are signed with domain b.com DKIM.
Yes I see that now. I have only some alias and not for all, so I never used 'names'.mattg wrote:I'm guessing you are using account level aliases, rather than domain 'names' as the OP suggested they do
HMS 5.6.8 B2534.28 on Windows Server 2019 Core VM.
HMS 5.6.9 B2641.67 on Windows Server 2016 Core VM.
HMS 5.6.9 B2641.67 on Windows Server 2016 Core VM.
Re: The DKIM signature is not added to E-mails sent from domains declared as aliases in the hmailServer settings
How do you do this bit?tunis wrote:Sending mail with user@a.com account as alias user@b.com and the mail are signed with domain b.com DKIM..
Just 'cause I link to a page and say little else doesn't mean I am not being nice.
https://www.hmailserver.com/documentation
https://www.hmailserver.com/documentation
Re: The DKIM signature is not added to E-mails sent from domains declared as aliases in the hmailServer settings
I have setup one account in thunderbird (user@a.com) as normal.mattg wrote:How do you do this bit?
Under settings you have a button "Manage Identites..."
There I add an identity and enter only Name and email (user@b.com). (Outgoing as default)
Write a new mail and chose alias and it work.
It works in roundcube to.
Setup identities under settings.
Message form account user@a.com.
Code: Select all
dkim-signature: v=1; a=rsa-sha256; d=a.com; s=dkim15;
c=relaxed/relaxed; q=dns/txt; h=From:Subject:Date:Message-ID:To:MIME-Version:Content-Type:Content-Transfer-Encoding;
bh=g3zLYH4xKxcPrHOD18z9YfpQcnk/GaJedfustWU5uGs=;
b=EoCtpt9RIpPVeFUa+/kGxERb1ZR1OGrXV2dptsTRKLnI9oBUrNj35i4Z6cMFzi9pJI3ZjLaFya3nQKCN5dg+EXJV8IW1PEmxPIMZ/OasiU/d81Y05d4ZEmeZ3G5ZQRowFgV+v2WuOK6qIpYseqCpoavC6QkzntmuC3evHOnkGeM=
Code: Select all
dkim-signature: v=1; a=rsa-sha256; d=b.com; s=dkim11;
c=relaxed/relaxed; q=dns/txt; h=From:Subject:Date:Message-ID:To:MIME-Version:Content-Type:Content-Transfer-Encoding;
bh=g3zLYH4xKxcPrHOD18z9YfpQcnk/GaJedfustWU5uGs=;
b=U7jv/6gzrLowCC8zNUGmbxhPCdjeNLwc7RnmUieTQmcSlN6OTCLUuKPoB44XB/LPCldJ+jz4gs5PIUD9bevPU9pQHoJ3XK9KZvlUCjwHfhYSlZR7wMjILYLN0pNwyZeQv7uF5tLM+Ch4K32UV3oh4hgizWJBcshIfp1+d35Nmfc=
I think hmailserver sign dkim to message return-path domain.
HMS 5.6.8 B2534.28 on Windows Server 2019 Core VM.
HMS 5.6.9 B2641.67 on Windows Server 2016 Core VM.
HMS 5.6.9 B2641.67 on Windows Server 2016 Core VM.
Re: The DKIM signature is not added to E-mails sent from domains declared as aliases in the hmailServer settings
A little cross posting here. If you're interested in this feature to allow DKIM signature for alias domains please vote here
http://www.hmailserver.com/forum/viewto ... 9&p=181446
http://www.hmailserver.com/forum/viewto ... 9&p=181446