Ability to sign with DKIM domain aliases too
Ability to sign with DKIM domain aliases too
Self-explanatory.
Additional settings and ability to specify DKIM settings for domain-alias too.
Additional settings and ability to specify DKIM settings for domain-alias too.
Re: Ability to sign with DKIM domain aliases too
feel free to nominate a question that users can vote on, and some suggested answers
https://www.hmailserver.com/feature_voting_extended
https://www.hmailserver.com/feature_voting_extended
Just 'cause I link to a page and say little else doesn't mean I am not being nice.
https://www.hmailserver.com/documentation
https://www.hmailserver.com/documentation
Re: Ability to sign with DKIM domain aliases too
I vote for this feature also. Been bumping my head to understand why it wasn't signing emails with an alias domain
Re: Ability to sign with DKIM domain aliases too
To me for this to work, would require two separate signatures, one for the Domain, and another for the Domain Alias...
I can't see that this would be easily achieved
I can't see that this would be easily achieved
Just 'cause I link to a page and say little else doesn't mean I am not being nice.
https://www.hmailserver.com/documentation
https://www.hmailserver.com/documentation
Re: Ability to sign with DKIM domain aliases too
I don't think you need separate signature. When Google mail does DKIM signing on behalf of other domains it uses it's own key.
Re: Ability to sign with DKIM domain aliases too
I've just checked a few mail messages
Outlook hosted domains have DKIM in the format
example.outlook.com or example.microsoft.com
gMail hosted domains have two DKIM signatures
DKIM-Signature = example.yyyymmmdd.gappssmtp.com
AND
X-Google-DKIM-Signature which is their own signing
It seems to me that they customise the DKIM signature for each sender.
Always relaxed though.
Outlook hosted domains have DKIM in the format
example.outlook.com or example.microsoft.com
gMail hosted domains have two DKIM signatures
DKIM-Signature = example.yyyymmmdd.gappssmtp.com
AND
X-Google-DKIM-Signature which is their own signing
It seems to me that they customise the DKIM signature for each sender.
Always relaxed though.
Just 'cause I link to a page and say little else doesn't mean I am not being nice.
https://www.hmailserver.com/documentation
https://www.hmailserver.com/documentation
Re: Ability to sign with DKIM domain aliases too
Feel free to correct me if I'm wrong, but with a relaxed implementation it should be acceptable to use the same DKIM signature for different domains from what I've understood about it and with the appropriate DMARC setup it should still work, it may not be "aligned" but it'll be accepted. Is that correct?
Re: Ability to sign with DKIM domain aliases too
I honestly don't know enough about it
If what you say is true, then what does DKIM signing actually achieve?
If what you say is true, then what does DKIM signing actually achieve?
Just 'cause I link to a page and say little else doesn't mean I am not being nice.
https://www.hmailserver.com/documentation
https://www.hmailserver.com/documentation
Re: Ability to sign with DKIM domain aliases too
CIDR to RegEx: d-fault.nl/cidrtoregex
DNS Lookup: d-fault.nl/dnstools
DKIM Generator: d-fault.nl/dkimgenerator
DNSBL Lookup: d-fault.nl/dnsbllookup
GEOIP Lookup: d-fault.nl/geoiplookup
DNS Lookup: d-fault.nl/dnstools
DKIM Generator: d-fault.nl/dkimgenerator
DNSBL Lookup: d-fault.nl/dnsbllookup
GEOIP Lookup: d-fault.nl/geoiplookup
-
- Senior user
- Posts: 837
- Joined: 2016-12-08 02:21
Re: Ability to sign with DKIM domain aliases too
I see two ways for this to work, and possibly a UI construct to select between the two:
1. Domain Aliases are signed using the Domain private key and with the domain d= tag in the header coded with the Domain identity, not the Alias identity. The Domain configuration Selector is used. No additional DNS entry for the Alias public key needed.
2. Domain Aliases are signed using the Domain private key and with the domain d= tag in the header coded with the Alias identity, not the Domain identity. An additional DNS entry for the Alias public key needed in the Alias namespace, using the same Selector as the Domain configuration.
In both cases the same key pair is used, the difference is where the public key is retrieved from.
UI additions are a Radio button set:
* Do not sign Aliases
* Sign Aliases using Domain identity
* Sign Aliases using Alias identity
1. Domain Aliases are signed using the Domain private key and with the domain d= tag in the header coded with the Domain identity, not the Alias identity. The Domain configuration Selector is used. No additional DNS entry for the Alias public key needed.
2. Domain Aliases are signed using the Domain private key and with the domain d= tag in the header coded with the Alias identity, not the Domain identity. An additional DNS entry for the Alias public key needed in the Alias namespace, using the same Selector as the Domain configuration.
In both cases the same key pair is used, the difference is where the public key is retrieved from.
UI additions are a Radio button set:
* Do not sign Aliases
* Sign Aliases using Domain identity
* Sign Aliases using Alias identity
Re: Ability to sign with DKIM domain aliases too
Strange things are happening in conjunction with a DMARC header that should not allow (adkim=s) the -d=domain parameter in DKIM header to be different from the message.From address domain
https://github.com/hmailserver/hmailser ... -881756321
https://github.com/hmailserver/hmailser ... -881756321
CIDR to RegEx: d-fault.nl/cidrtoregex
DNS Lookup: d-fault.nl/dnstools
DKIM Generator: d-fault.nl/dkimgenerator
DNSBL Lookup: d-fault.nl/dnsbllookup
GEOIP Lookup: d-fault.nl/geoiplookup
DNS Lookup: d-fault.nl/dnstools
DKIM Generator: d-fault.nl/dkimgenerator
DNSBL Lookup: d-fault.nl/dnsbllookup
GEOIP Lookup: d-fault.nl/geoiplookup