How to reject emails without DKIM enabled?

Use this forum if you have installed hMailServer and want to ask a question related to a production release of hMailServer. Before posting, please read the troubleshooting guide. A large part of all reported issues are already described in detail here.
Post Reply
cksuen
New user
New user
Posts: 2
Joined: 2022-08-11 17:45

How to reject emails without DKIM enabled?

Post by cksuen » 2022-08-11 18:04

I set it like this, but it didn't work, emails without DKIM still into my inbox.
2022-08-11 23.51.50.png
2022-08-11 23.51.42.png

User avatar
jimimaseye
Moderator
Moderator
Posts: 9584
Joined: 2011-09-08 17:48

Re: How to reject emails without DKIM enabled?

Post by jimimaseye » 2022-08-11 18:23

run this and post the results: https://www.hmailserver.com/forum/viewt ... 20&t=30914

[Entered by mobile. Excuse my spelling.]
5.7 on test.
SpamassassinForWindows 3.4.0 spamd service
AV: Clamwin + Clamd service + sanesecurity defs : https://www.hmailserver.com/forum/viewtopic.php?f=21&t=26829

User avatar
RvdH
Senior user
Senior user
Posts: 2312
Joined: 2008-06-27 14:42
Location: The Netherlands

Re: How to reject emails without DKIM enabled?

Post by RvdH » 2022-08-11 19:17

Correct, that check validates the correctness of a dkim record, if any...without a dkim header there is nothing to validate
CIDR to RegEx: d-fault.nl/cidrtoregex
DNS Lookup: d-fault.nl/dnstools
DKIM Generator: d-fault.nl/dkimgenerator
DNSBL Lookup: d-fault.nl/dnsbllookup
GEOIP Lookup: d-fault.nl/geoiplookup

User avatar
RvdH
Senior user
Senior user
Posts: 2312
Joined: 2008-06-27 14:42
Location: The Netherlands

Re: How to reject emails without DKIM enabled?

Post by RvdH » 2022-08-11 23:40

If your goal is to reject any/all message without DKIM-Signature header, i think you could through vbscript

Code: Select all

Sub OnAcceptMessage(oClient, oMessage)
    
    If oMessage.HeaderValue("DKIM-Signature") = "" Then
        Result.Value = 1
    End If
    
End Sub
CIDR to RegEx: d-fault.nl/cidrtoregex
DNS Lookup: d-fault.nl/dnstools
DKIM Generator: d-fault.nl/dkimgenerator
DNSBL Lookup: d-fault.nl/dnsbllookup
GEOIP Lookup: d-fault.nl/geoiplookup

cksuen
New user
New user
Posts: 2
Joined: 2022-08-11 17:45

Re: How to reject emails without DKIM enabled?

Post by cksuen » 2022-08-12 21:31

This VBS can block emails without dkim configured, but I can't send any emails, the email client shows sent:554 Rejected

User avatar
RvdH
Senior user
Senior user
Posts: 2312
Joined: 2008-06-27 14:42
Location: The Netherlands

Re: How to reject emails without DKIM enabled?

Post by RvdH » 2022-08-12 23:11

Never said it was a good idea :lol:

If you, or your clients all authenticate to send you could do something like this, second variant needs a special 5.6.x build or 5.7.x

Code: Select all

Sub OnAcceptMessage(oClient, oMessage)
    
    If oMessage.HeaderValue("DKIM-Signature") = "" And oClient.Username = "" Then
        Result.Value = 1
    End If
    
End Sub

Sub OnAcceptMessage(oClient, oMessage)
    
    If oMessage.HeaderValue("DKIM-Signature") = "" And Not oClient.Authenticated Then
        Result.Value = 1
    End If
    
End Sub
CIDR to RegEx: d-fault.nl/cidrtoregex
DNS Lookup: d-fault.nl/dnstools
DKIM Generator: d-fault.nl/dkimgenerator
DNSBL Lookup: d-fault.nl/dnsbllookup
GEOIP Lookup: d-fault.nl/geoiplookup

User avatar
RvdH
Senior user
Senior user
Posts: 2312
Joined: 2008-06-27 14:42
Location: The Netherlands

Re: How to reject emails without DKIM enabled?

Post by RvdH » 2022-08-12 23:52

Or exclude ip (range)

Code: Select all

Sub OnAcceptMessage(oClient, oMessage)

    If (oClient.IPAddress = "127.0.0.1") Then Exit Sub '** Localhost
    If (Left(oClient.IPAddress, 8) = "192.168.") Then Exit Sub '** Local LAN clients IPv4

    If oMessage.HeaderValue("DKIM-Signature") = "" And oClient.Username = "" Then
        Result.Value = 1
    End If
    
End Sub

Sub OnAcceptMessage(oClient, oMessage)

    If (oClient.IPAddress = "127.0.0.1") Then Exit Sub '** Localhost
    If (Left(oClient.IPAddress, 8) = "192.168.") Then Exit Sub '** Local LAN clients IPv4
    
    If oMessage.HeaderValue("DKIM-Signature") = "" And Not oClient.Authenticated Then
        Result.Value = 1
    End If
    
End Sub
Just use your imagination, and there are ways to get desired result
CIDR to RegEx: d-fault.nl/cidrtoregex
DNS Lookup: d-fault.nl/dnstools
DKIM Generator: d-fault.nl/dkimgenerator
DNSBL Lookup: d-fault.nl/dnsbllookup
GEOIP Lookup: d-fault.nl/geoiplookup

Post Reply