The DKIM signature is not added to E-mails sent from domains declared as aliases in the hmailServer settings

Use this forum if you want to discuss a problem or ask a question related to a hMailServer beta release.
SemperFidelis
New user
New user
Posts: 7
Joined: 2015-03-16 20:40

The DKIM signature is not added to E-mails sent from domains declared as aliases in the hmailServer settings

Postby SemperFidelis » 2015-03-16 20:52

Hi development team,

When a domain name (like "alias.com") is defined as an alias of another one (for instance "maindomain.com"),
and if the DKIM Signing is enabled for "maindomain.com" in hmailServer settings,
then the E-mails sent by the "alias.com" domain users, have no DKIM signature,
while the E-mails sent by the "maindomain.com" domain users, have such a DKIM signature,
according to the tests made with http://www.appmaildev.com/en/dkim/

Of course the same DKIM public keys have been defined in the DNS of the two domains
(I have checked this point in nslookup and I have waited for DNS propagation),
- but this is not the question here because hmailServer should sign the mails according to the _private_ key file
defined in the hmailServer settings for the "maindomain.com" domain,
independently from the fact that the DKIM DNS entries (which store the public key) exist or not.

So, when sending a mail from the "alias.com" domain, we get the reply from appmaildev.com:
================================================================
DKIM result: none (no signature)
================================================================

while for the "maindomain.com" domain, we get the reply:
================================================================
DKIM result: pass
================================================================
Signed by: xxxx@maindomain.com
Expected Body Hash: 8RlxVAukGYjyhb0...

This looks like a hmailServer bug.

Thanks very much for your suggestions and for your help!

Best regards,
SemperFidelis

User avatar
mattg
Moderator
Moderator
Posts: 17596
Joined: 2007-06-14 05:12
Location: 'The Outback' Australia

Re: The DKIM signature is not added to E-mails sent from domains declared as aliases in the hmailServer settings

Postby mattg » 2015-03-16 22:25

Doesn't the D in DKIM stand for 'Domain'?
Why should an Alias also trigger the DKIM signing? I thought that was the point, that only mail FROM a single domain were signed by that key.
Just 'cause I link to a page and say little else doesn't mean I am not being nice.
https://www.hmailserver.com/documentation

SemperFidelis
New user
New user
Posts: 7
Joined: 2015-03-16 20:40

Re: The DKIM signature is not added to E-mails sent from domains declared as aliases in the hmailServer settings

Postby SemperFidelis » 2015-03-17 01:51

Hi Matt,

A domain defined as an alias in hmailServer is, at DNS level, a full domain with independent DNS.
Let's say that you have two domains for instance for a company having two brands:
"yourfirstbrand.com" and "yoursecondbrand.com"
then have the same E-mail box names under the two domains
so you define in hmailServer, "yoursecondbrand.com" as an alias domain of "yourfirstbrand.com",
to avoid duplicating all the mailboxes.

Then you can :
- define in the DNS of your two separate domains, the same public key for DKIM,
- and define in the hmailServer settings, in the DKIM settings tab of "yourfirstbrand.com", the DKIM private key of yourfirstbrand.com.
Indeed I saw no option in hMailServer Administrator to define a separate DKIM private key for an aliased domain i.e. for "yoursecondbrand.com"
if this domain is defined as an alias of "yourfirstbrand.com".

Then, from your E-mail client, you can receive and send a mail as someone@yourfirstbrand.com and as someone@yoursecondbrand.com.
HMailServer will accept and deliver the outgoing mails written by someone@yoursecondbrand.com
but they will not be signed, while the outgoing mails from someone@yourfirstbrand.com will be signed with DKIM.
However yoursecondbrand.com is defined as an alias of yourfirstbrand.com.

BTW I agree that this feature would only be useful for specific purpose.
A workaround is to define two separate domains and to duplicate all the mailboxes.
You may have a better option. Thanks in any case.

Best regards,
SF

User avatar
mattg
Moderator
Moderator
Posts: 17596
Joined: 2007-06-14 05:12
Location: 'The Outback' Australia

Re: The DKIM signature is not added to E-mails sent from domains declared as aliases in the hmailServer settings

Postby mattg » 2015-03-17 02:33

No I don't have a better option
I'd see adding DKIM to a domain name (domain alias) as a feature enhancement request. Please add one, with a poll question so that others may vote and discuss.


FWIW, on a personal level I prefer at least one email address per domain.

I have a number of businesses that I run.
I prefer an email address for each one, and I specifically tell my staff /clients that any emails should be about a single topic.

This allows me to compartmentalise what I do.

I file email when actioned and keep the inbox for each address with minimal emails in them (in a perfect world, in practice not always the case)

Last I checked, I have some 15 email addresses that I answer and check regularly, not counting dozens more that I don't regularly check, because of automated processes...
Just 'cause I link to a page and say little else doesn't mean I am not being nice.
https://www.hmailserver.com/documentation

User avatar
jimimaseye
Moderator
Moderator
Posts: 6402
Joined: 2011-09-08 17:48

Re: The DKIM signature is not added to E-mails sent from domains declared as aliases in the hmailServer settings

Postby jimimaseye » 2015-03-17 11:46

mattg wrote:I file email when actioned and keep the inbox for each address with minimal emails in them (in a perfect world, in practice not always the case)

Yeah, me too. Each account in our business is like this:

Code: Select all

INBOX
  |-DEALT
      |-DEALT2014
           |- DEALT2013

(Same with SENT)

Every email that comes in, read, and responded to gets moved to the current DEALT folder leaving INBOX with a handful in it.

(Sadly Im not so efficient on my own personal yahoo mail account. :oops: )
HMS 5.6.6 B2383 on Win Server 2008 R2 Foundation, + 5.6.7-B2415 on test.
SpamassassinForWindows 3.4.0 spamd service
AV: Clamwin + Clamd service + sanesecurity defs : https://www.hmailserver.com/forum/viewtopic.php?f=21&t=26829

pakradm
New user
New user
Posts: 2
Joined: 2016-11-12 09:30

Re: The DKIM signature is not added to E-mails sent from domains declared as aliases in the hmailServer settings

Postby pakradm » 2016-11-12 09:38

Hello,
Sorry for bring up old topic.

As DKIM Signing is not possible for domain aliases, some emails sent through domain aliases becomes spam in many email providers like gmail & yahoo.

Is it possible to add this feature as optional in next release?
I'm searched & found that a feature request topic is also created.

viewtopic.php?t=29029

Regards

User avatar
mattg
Moderator
Moderator
Posts: 17596
Joined: 2007-06-14 05:12
Location: 'The Outback' Australia

Re: The DKIM signature is not added to E-mails sent from domains declared as aliases in the hmailServer settings

Postby mattg » 2016-11-12 10:23

pakradm wrote:Is it possible to add this feature as optional in next release?

Probably not

But the more people that vote for that feature request, the more likely that it will happen.
Have you tried using the same DKIM signature for all domains?
Just 'cause I link to a page and say little else doesn't mean I am not being nice.
https://www.hmailserver.com/documentation

pakradm
New user
New user
Posts: 2
Joined: 2016-11-12 09:30

Re: The DKIM signature is not added to E-mails sent from domains declared as aliases in the hmailServer settings

Postby pakradm » 2016-11-21 12:05

Have you tried using the same DKIM signature for all domains?

Hello again,

It's not possible to define different private key for domain aliases.
I'm applied same public key in domain & domain's aliases dns, but emails sent through domain aliases don't sign with DKIM.

Regards

tunis
Normal user
Normal user
Posts: 159
Joined: 2015-01-05 20:22
Location: Sweden

Re: The DKIM signature is not added to E-mails sent from domains declared as aliases in the hmailServer settings

Postby tunis » 2016-11-22 10:10

I have four domain on my server and three off them redirects to one domain with different DKIM on all of them.
Domain A has B,C and D as alias.
When a sent from a account in domain A with alias in domain B it gets signed with domain B DKIM.
When a sent from a account in domain A with alias in domain C it gets signed with domain C DKIM.
When a sent from a account in domain A with alias in domain D it gets signed with domain D DKIM.
When a sent from a account in domain A it gets signed with domain A DKIM.

I think you must have a domain setup in hmailServer for the alias for DKIM signing.
HMS 5.6.6 B2383.7 on Windows Server 2016 Core VM.
HMS 5.6.7 B2407.9 on Windows Server 2012 R2 Core VM.

User avatar
mattg
Moderator
Moderator
Posts: 17596
Joined: 2007-06-14 05:12
Location: 'The Outback' Australia

Re: The DKIM signature is not added to E-mails sent from domains declared as aliases in the hmailServer settings

Postby mattg » 2016-11-22 11:14

How have you got aliases set up?

I'm guessing you are using account level aliases, rather than domain 'names' as the OP suggested they do
Just 'cause I link to a page and say little else doesn't mean I am not being nice.
https://www.hmailserver.com/documentation

tunis
Normal user
Normal user
Posts: 159
Joined: 2015-01-05 20:22
Location: Sweden

Re: The DKIM signature is not added to E-mails sent from domains declared as aliases in the hmailServer settings

Postby tunis » 2016-11-22 13:01

mattg wrote:How have you got aliases set up?


In domain B I added alias (user@b.com) redirect to domain A (user@a.com)

Sending mail with user@a.com account as alias user@b.com and the mail are signed with domain b.com DKIM.

mattg wrote:I'm guessing you are using account level aliases, rather than domain 'names' as the OP suggested they do


Yes I see that now. I have only some alias and not for all, so I never used 'names'.
HMS 5.6.6 B2383.7 on Windows Server 2016 Core VM.
HMS 5.6.7 B2407.9 on Windows Server 2012 R2 Core VM.

User avatar
mattg
Moderator
Moderator
Posts: 17596
Joined: 2007-06-14 05:12
Location: 'The Outback' Australia

Re: The DKIM signature is not added to E-mails sent from domains declared as aliases in the hmailServer settings

Postby mattg » 2016-11-22 13:24

tunis wrote:Sending mail with user@a.com account as alias user@b.com and the mail are signed with domain b.com DKIM..

How do you do this bit?
Just 'cause I link to a page and say little else doesn't mean I am not being nice.
https://www.hmailserver.com/documentation

tunis
Normal user
Normal user
Posts: 159
Joined: 2015-01-05 20:22
Location: Sweden

Re: The DKIM signature is not added to E-mails sent from domains declared as aliases in the hmailServer settings

Postby tunis » 2016-11-22 18:01

mattg wrote:How do you do this bit?


I have setup one account in thunderbird (user@a.com) as normal.
Under settings you have a button "Manage Identites..."
There I add an identity and enter only Name and email (user@b.com). (Outgoing as default)

Write a new mail and chose alias and it work.

It works in roundcube to.
Setup identities under settings.


Message form account user@a.com.

Code: Select all

dkim-signature: v=1; a=rsa-sha256; d=a.com; s=dkim15;
   c=relaxed/relaxed; q=dns/txt; h=From:Subject:Date:Message-ID:To:MIME-Version:Content-Type:Content-Transfer-Encoding;
   bh=g3zLYH4xKxcPrHOD18z9YfpQcnk/GaJedfustWU5uGs=;
   b=EoCtpt9RIpPVeFUa+/kGxERb1ZR1OGrXV2dptsTRKLnI9oBUrNj35i4Z6cMFzi9pJI3ZjLaFya3nQKCN5dg+EXJV8IW1PEmxPIMZ/OasiU/d81Y05d4ZEmeZ3G5ZQRowFgV+v2WuOK6qIpYseqCpoavC6QkzntmuC3evHOnkGeM=


Message form account user@a.com with identity user@b.com.

Code: Select all

dkim-signature: v=1; a=rsa-sha256; d=b.com; s=dkim11;
   c=relaxed/relaxed; q=dns/txt; h=From:Subject:Date:Message-ID:To:MIME-Version:Content-Type:Content-Transfer-Encoding;
   bh=g3zLYH4xKxcPrHOD18z9YfpQcnk/GaJedfustWU5uGs=;
   b=U7jv/6gzrLowCC8zNUGmbxhPCdjeNLwc7RnmUieTQmcSlN6OTCLUuKPoB44XB/LPCldJ+jz4gs5PIUD9bevPU9pQHoJ3XK9KZvlUCjwHfhYSlZR7wMjILYLN0pNwyZeQv7uF5tLM+Ch4K32UV3oh4hgizWJBcshIfp1+d35Nmfc=


PS. I tested write a mail with thunderbird and chose "Customize From Address" and this will not work, you get dkim from a.com
I think hmailserver sign dkim to message return-path domain.
HMS 5.6.6 B2383.7 on Windows Server 2016 Core VM.
HMS 5.6.7 B2407.9 on Windows Server 2012 R2 Core VM.


Return to “Development & alpha discussions”



Who is online

Users browsing this forum: No registered users and 3 guests