Page 1 of 1

The DKIM signature is not added to E-mails sent from domains declared as aliases in the hmailServer settings

Posted: 2015-03-16 20:52
by SemperFidelis
Hi development team,

When a domain name (like "alias.com") is defined as an alias of another one (for instance "maindomain.com"),
and if the DKIM Signing is enabled for "maindomain.com" in hmailServer settings,
then the E-mails sent by the "alias.com" domain users, have no DKIM signature,
while the E-mails sent by the "maindomain.com" domain users, have such a DKIM signature,
according to the tests made with http://www.appmaildev.com/en/dkim/

Of course the same DKIM public keys have been defined in the DNS of the two domains
(I have checked this point in nslookup and I have waited for DNS propagation),
- but this is not the question here because hmailServer should sign the mails according to the _private_ key file
defined in the hmailServer settings for the "maindomain.com" domain,
independently from the fact that the DKIM DNS entries (which store the public key) exist or not.

So, when sending a mail from the "alias.com" domain, we get the reply from appmaildev.com:
================================================================
DKIM result: none (no signature)
================================================================

while for the "maindomain.com" domain, we get the reply:
================================================================
DKIM result: pass
================================================================
Signed by: xxxx@maindomain.com
Expected Body Hash: 8RlxVAukGYjyhb0...

This looks like a hmailServer bug.

Thanks very much for your suggestions and for your help!

Best regards,
SemperFidelis

Re: The DKIM signature is not added to E-mails sent from domains declared as aliases in the hmailServer settings

Posted: 2015-03-16 22:25
by mattg
Doesn't the D in DKIM stand for 'Domain'?
Why should an Alias also trigger the DKIM signing? I thought that was the point, that only mail FROM a single domain were signed by that key.

Re: The DKIM signature is not added to E-mails sent from domains declared as aliases in the hmailServer settings

Posted: 2015-03-17 01:51
by SemperFidelis
Hi Matt,

A domain defined as an alias in hmailServer is, at DNS level, a full domain with independent DNS.
Let's say that you have two domains for instance for a company having two brands:
"yourfirstbrand.com" and "yoursecondbrand.com"
then have the same E-mail box names under the two domains
so you define in hmailServer, "yoursecondbrand.com" as an alias domain of "yourfirstbrand.com",
to avoid duplicating all the mailboxes.

Then you can :
- define in the DNS of your two separate domains, the same public key for DKIM,
- and define in the hmailServer settings, in the DKIM settings tab of "yourfirstbrand.com", the DKIM private key of yourfirstbrand.com.
Indeed I saw no option in hMailServer Administrator to define a separate DKIM private key for an aliased domain i.e. for "yoursecondbrand.com"
if this domain is defined as an alias of "yourfirstbrand.com".

Then, from your E-mail client, you can receive and send a mail as someone@yourfirstbrand.com and as someone@yoursecondbrand.com.
HMailServer will accept and deliver the outgoing mails written by someone@yoursecondbrand.com
but they will not be signed, while the outgoing mails from someone@yourfirstbrand.com will be signed with DKIM.
However yoursecondbrand.com is defined as an alias of yourfirstbrand.com.

BTW I agree that this feature would only be useful for specific purpose.
A workaround is to define two separate domains and to duplicate all the mailboxes.
You may have a better option. Thanks in any case.

Best regards,
SF

Re: The DKIM signature is not added to E-mails sent from domains declared as aliases in the hmailServer settings

Posted: 2015-03-17 02:33
by mattg
No I don't have a better option
I'd see adding DKIM to a domain name (domain alias) as a feature enhancement request. Please add one, with a poll question so that others may vote and discuss.


FWIW, on a personal level I prefer at least one email address per domain.

I have a number of businesses that I run.
I prefer an email address for each one, and I specifically tell my staff /clients that any emails should be about a single topic.

This allows me to compartmentalise what I do.

I file email when actioned and keep the inbox for each address with minimal emails in them (in a perfect world, in practice not always the case)

Last I checked, I have some 15 email addresses that I answer and check regularly, not counting dozens more that I don't regularly check, because of automated processes...

Re: The DKIM signature is not added to E-mails sent from domains declared as aliases in the hmailServer settings

Posted: 2015-03-17 11:46
by jimimaseye
mattg wrote:I file email when actioned and keep the inbox for each address with minimal emails in them (in a perfect world, in practice not always the case)
Yeah, me too. Each account in our business is like this:

Code: Select all

INBOX
  |-DEALT
      |-DEALT2014
           |- DEALT2013
(Same with SENT)

Every email that comes in, read, and responded to gets moved to the current DEALT folder leaving INBOX with a handful in it.

(Sadly Im not so efficient on my own personal yahoo mail account. :oops: )

Re: The DKIM signature is not added to E-mails sent from domains declared as aliases in the hmailServer settings

Posted: 2016-11-12 09:38
by pakradm
Hello,
Sorry for bring up old topic.

As DKIM Signing is not possible for domain aliases, some emails sent through domain aliases becomes spam in many email providers like gmail & yahoo.

Is it possible to add this feature as optional in next release?
I'm searched & found that a feature request topic is also created.

viewtopic.php?t=29029

Regards

Re: The DKIM signature is not added to E-mails sent from domains declared as aliases in the hmailServer settings

Posted: 2016-11-12 10:23
by mattg
pakradm wrote:Is it possible to add this feature as optional in next release?
Probably not

But the more people that vote for that feature request, the more likely that it will happen.
Have you tried using the same DKIM signature for all domains?

Re: The DKIM signature is not added to E-mails sent from domains declared as aliases in the hmailServer settings

Posted: 2016-11-21 12:05
by pakradm
Have you tried using the same DKIM signature for all domains?
Hello again,

It's not possible to define different private key for domain aliases.
I'm applied same public key in domain & domain's aliases dns, but emails sent through domain aliases don't sign with DKIM.

Regards

Re: The DKIM signature is not added to E-mails sent from domains declared as aliases in the hmailServer settings

Posted: 2016-11-22 10:10
by tunis
I have four domain on my server and three off them redirects to one domain with different DKIM on all of them.
Domain A has B,C and D as alias.
When a sent from a account in domain A with alias in domain B it gets signed with domain B DKIM.
When a sent from a account in domain A with alias in domain C it gets signed with domain C DKIM.
When a sent from a account in domain A with alias in domain D it gets signed with domain D DKIM.
When a sent from a account in domain A it gets signed with domain A DKIM.

I think you must have a domain setup in hmailServer for the alias for DKIM signing.

Re: The DKIM signature is not added to E-mails sent from domains declared as aliases in the hmailServer settings

Posted: 2016-11-22 11:14
by mattg
How have you got aliases set up?

I'm guessing you are using account level aliases, rather than domain 'names' as the OP suggested they do

Re: The DKIM signature is not added to E-mails sent from domains declared as aliases in the hmailServer settings

Posted: 2016-11-22 13:01
by tunis
mattg wrote:How have you got aliases set up?
In domain B I added alias (user@b.com) redirect to domain A (user@a.com)

Sending mail with user@a.com account as alias user@b.com and the mail are signed with domain b.com DKIM.
mattg wrote:I'm guessing you are using account level aliases, rather than domain 'names' as the OP suggested they do
Yes I see that now. I have only some alias and not for all, so I never used 'names'.

Re: The DKIM signature is not added to E-mails sent from domains declared as aliases in the hmailServer settings

Posted: 2016-11-22 13:24
by mattg
tunis wrote:Sending mail with user@a.com account as alias user@b.com and the mail are signed with domain b.com DKIM..
How do you do this bit?

Re: The DKIM signature is not added to E-mails sent from domains declared as aliases in the hmailServer settings

Posted: 2016-11-22 18:01
by tunis
mattg wrote:How do you do this bit?
I have setup one account in thunderbird (user@a.com) as normal.
Under settings you have a button "Manage Identites..."
There I add an identity and enter only Name and email (user@b.com). (Outgoing as default)

Write a new mail and chose alias and it work.

It works in roundcube to.
Setup identities under settings.


Message form account user@a.com.

Code: Select all

dkim-signature: v=1; a=rsa-sha256; d=a.com; s=dkim15;
	c=relaxed/relaxed; q=dns/txt; h=From:Subject:Date:Message-ID:To:MIME-Version:Content-Type:Content-Transfer-Encoding;
	bh=g3zLYH4xKxcPrHOD18z9YfpQcnk/GaJedfustWU5uGs=;
	b=EoCtpt9RIpPVeFUa+/kGxERb1ZR1OGrXV2dptsTRKLnI9oBUrNj35i4Z6cMFzi9pJI3ZjLaFya3nQKCN5dg+EXJV8IW1PEmxPIMZ/OasiU/d81Y05d4ZEmeZ3G5ZQRowFgV+v2WuOK6qIpYseqCpoavC6QkzntmuC3evHOnkGeM=
Message form account user@a.com with identity user@b.com.

Code: Select all

dkim-signature: v=1; a=rsa-sha256; d=b.com; s=dkim11;
	c=relaxed/relaxed; q=dns/txt; h=From:Subject:Date:Message-ID:To:MIME-Version:Content-Type:Content-Transfer-Encoding;
	bh=g3zLYH4xKxcPrHOD18z9YfpQcnk/GaJedfustWU5uGs=;
	b=U7jv/6gzrLowCC8zNUGmbxhPCdjeNLwc7RnmUieTQmcSlN6OTCLUuKPoB44XB/LPCldJ+jz4gs5PIUD9bevPU9pQHoJ3XK9KZvlUCjwHfhYSlZR7wMjILYLN0pNwyZeQv7uF5tLM+Ch4K32UV3oh4hgizWJBcshIfp1+d35Nmfc=
PS. I tested write a mail with thunderbird and chose "Customize From Address" and this will not work, you get dkim from a.com
I think hmailserver sign dkim to message return-path domain.

Re: The DKIM signature is not added to E-mails sent from domains declared as aliases in the hmailServer settings

Posted: 2018-12-05 02:31
by RBoy
A little cross posting here. If you're interested in this feature to allow DKIM signature for alias domains please vote here :)
http://www.hmailserver.com/forum/viewto ... 9&p=181446