Server Messages not signed?
Server Messages not signed?
Hi there,
is it possible, that server messages (e.g. "Message undeliverable") are not DKIM signed?
Can I somehow activate DKIM signing for server messages?
Thank you very much in advance!
is it possible, that server messages (e.g. "Message undeliverable") are not DKIM signed?
Can I somehow activate DKIM signing for server messages?
Thank you very much in advance!
Re: Server Messages not signed?
Mine aren't signed either, but I only send to local accounts. perhaps different if sent to a remote account.
trying to think of a way that I can test that...
trying to think of a way that I can test that...
Just 'cause I link to a page and say little else doesn't mean I am not being nice.
https://www.hmailserver.com/documentation
https://www.hmailserver.com/documentation
Re: Server Messages not signed?
What domain would <> empty sender use for DKIM?
Re: Server Messages not signed?
Whilst SMTP envelope is empty, my daemon messages have a from header of 'mailer-daemon@FQDN' where FQDN is the local server name as set in SMTP settings
I only allow local senders to send mail from my server, so all of my Mailer-Daemon messages are to local recipients
I only allow local senders to send mail from my server, so all of my Mailer-Daemon messages are to local recipients
Just 'cause I link to a page and say little else doesn't mean I am not being nice.
https://www.hmailserver.com/documentation
https://www.hmailserver.com/documentation
Re: Server Messages not signed?
It's been a while since I've seen one. And me too for local senders only, so i wouldn't even know or care about DKIM.
How would you even test this proposition? If the sender and recipient are external, you'd need access to the sender server, i think, to see why a mailer daemon message was or was not received and why.
Re: Server Messages not signed?
Local account -> Forward to external account -> Rejected by DMARC -> Return message -> Local account -> Forward to external account....and there things screw up with(out) DKIM
CIDR to RegEx: d-fault.nl/cidrtoregex
DNS Lookup: d-fault.nl/dnstools
DKIM Generator: d-fault.nl/dkimgenerator
DNSBL Lookup: d-fault.nl/dnsbllookup
GEOIP Lookup: d-fault.nl/geoiplookup
DNS Lookup: d-fault.nl/dnstools
DKIM Generator: d-fault.nl/dkimgenerator
DNSBL Lookup: d-fault.nl/dnsbllookup
GEOIP Lookup: d-fault.nl/geoiplookup
Re: Server Messages not signed?
not an issue for me
Code: Select all
RewriteEnvelopeFromWhenForwarding=1
; When performing forwarding, hMailServer now keeps the original From address rather than changing to that of the forwarding account.
; This change was made to reduce risk of message delivery failures.
; To force the previous behavior, set RewriteEnvelopeFromWhenForwarding=1
Just 'cause I link to a page and say little else doesn't mean I am not being nice.
https://www.hmailserver.com/documentation
https://www.hmailserver.com/documentation
Re: Server Messages not signed?
Thanks for the answers so far!
I have several adresses which are set to forward the incoming mails to other mail servers.
When my server is forwarding the email, the recepient server sometimes blocks it due to spam issues or something else.
In this case, my server sends an error message to the original sender. And it seems, these messages are not signed, because I get DKIM errors via DMARC from Yahoo.
May "RewriteEnvelopeFromWhenForwarding=1" help in this case?
I have several adresses which are set to forward the incoming mails to other mail servers.
When my server is forwarding the email, the recepient server sometimes blocks it due to spam issues or something else.
In this case, my server sends an error message to the original sender. And it seems, these messages are not signed, because I get DKIM errors via DMARC from Yahoo.
May "RewriteEnvelopeFromWhenForwarding=1" help in this case?
Re: Server Messages not signed?
Just 'cause I link to a page and say little else doesn't mean I am not being nice.
https://www.hmailserver.com/documentation
https://www.hmailserver.com/documentation
Re: Server Messages not signed?
Perfect! Thank you for this hint. Will give it a try.mattg wrote: ↑2019-07-09 01:22#19 here
viewtopic.php?f=10&t=30193&start=180#p213193
This is a private build
Re: Server Messages not signed?
I don's see what a Reply "account" Rule has to do with server messages not being DKIM signedmattg wrote: ↑2019-07-09 01:22#19 here
viewtopic.php?f=10&t=30193&start=180#p213193
This is a private build
CIDR to RegEx: d-fault.nl/cidrtoregex
DNS Lookup: d-fault.nl/dnstools
DKIM Generator: d-fault.nl/dkimgenerator
DNSBL Lookup: d-fault.nl/dnsbllookup
GEOIP Lookup: d-fault.nl/geoiplookup
DNS Lookup: d-fault.nl/dnstools
DKIM Generator: d-fault.nl/dkimgenerator
DNSBL Lookup: d-fault.nl/dnsbllookup
GEOIP Lookup: d-fault.nl/geoiplookup
Re: Server Messages not signed?
Does the mail daemon 'reply to sender on bounce' not use the same function? I didn't check, but assumed that it would...
Again, I don't have an issue as all of my Daemon messages are to local accounts, as only local accounts can send from my server
Again, I don't have an issue as all of my Daemon messages are to local accounts, as only local accounts can send from my server
Just 'cause I link to a page and say little else doesn't mean I am not being nice.
https://www.hmailserver.com/documentation
https://www.hmailserver.com/documentation
Re: Server Messages not signed?
Doesn't helpFreeze wrote: ↑2019-07-09 01:29Perfect! Thank you for this hint. Will give it a try.mattg wrote: ↑2019-07-09 01:22#19 here
viewtopic.php?f=10&t=30193&start=180#p213193
This is a private build
Server messages still seem to be unsigned.
Re: Server Messages not signed?
Tried this setting, but there is no difference between having this option enabled or disabled.mattg wrote: ↑2019-07-06 03:26not an issue for me
Code: Select all
RewriteEnvelopeFromWhenForwarding=1 ; When performing forwarding, hMailServer now keeps the original From address rather than changing to that of the forwarding account. ; This change was made to reduce risk of message delivery failures. ; To force the previous behavior, set RewriteEnvelopeFromWhenForwarding=1
In both cases the "From"-field in the mail header isn't altered when the server is forwarding a message from external to external (hMailServer version 5.6.8-B2451).
Re: Server Messages not signed?
You can try to rewrite the mailer-daemon@ address to a existing account for which the domain name had DKIM enabled
Taken from: https://www.hmailserver.com/forum/viewtopic.php?t=30139
Make a global rule
criteria:
From / contains / mailer-daemon
X-hMailServer-LoopCount / equals / 1
action:
Set header Value / From / postmaster@domain.com
Server messages should be signed after that... (when send to external)
[EDIT]
But now i am thinking of it, what if you just add the mailer-daemon@ domain and address and enable DKIM for that?
Taken from: https://www.hmailserver.com/forum/viewtopic.php?t=30139
Make a global rule
criteria:
From / contains / mailer-daemon
X-hMailServer-LoopCount / equals / 1
action:
Set header Value / From / postmaster@domain.com
Server messages should be signed after that... (when send to external)
[EDIT]
But now i am thinking of it, what if you just add the mailer-daemon@ domain and address and enable DKIM for that?
CIDR to RegEx: d-fault.nl/cidrtoregex
DNS Lookup: d-fault.nl/dnstools
DKIM Generator: d-fault.nl/dkimgenerator
DNSBL Lookup: d-fault.nl/dnsbllookup
GEOIP Lookup: d-fault.nl/geoiplookup
DNS Lookup: d-fault.nl/dnstools
DKIM Generator: d-fault.nl/dkimgenerator
DNSBL Lookup: d-fault.nl/dnsbllookup
GEOIP Lookup: d-fault.nl/geoiplookup
Re: Server Messages not signed?
Thank you for the answer. I set up the mailer-daemon@ - account and give it a try.
But this would mean, that hMailServer looks up the "From"-address in the user accounts and if there is one, the mail gets signed?
Sounds a little bit strange, but we will see
But this would mean, that hMailServer looks up the "From"-address in the user accounts and if there is one, the mail gets signed?
Sounds a little bit strange, but we will see
Re: Server Messages not signed?
Doesn't work either.
The message is not signed.
Re: Server Messages not signed?
Not sure what you are trying to do and how you tested this....but above method is tested and working, when send to external address (either by forward rule or account forward)
If server message is delivered to a local address the message is never signed...dkim signing only is done from local to external address....and not just in this example, always!
CIDR to RegEx: d-fault.nl/cidrtoregex
DNS Lookup: d-fault.nl/dnstools
DKIM Generator: d-fault.nl/dkimgenerator
DNSBL Lookup: d-fault.nl/dnsbllookup
GEOIP Lookup: d-fault.nl/geoiplookup
DNS Lookup: d-fault.nl/dnstools
DKIM Generator: d-fault.nl/dkimgenerator
DNSBL Lookup: d-fault.nl/dnsbllookup
GEOIP Lookup: d-fault.nl/geoiplookup
Re: Server Messages not signed?
What I did to test it is the following:RvdH wrote: ↑2019-08-28 18:32Not sure what you are trying to do and how you tested this....but above method is tested and working, when send to external address (either by forward rule or account forward)
If server message is delivered to a local address the message is never signed...dkim signing only is done from local to external address....and not just in this example, always!
I created a forward address from test@mytld.com to thisaccountdoesntexist@foreigntld.com.
Then I sent a mail from myaccount@differenthoster.com to test@mytld.com and the server-message I received from mailer-daemon@mytld.com was not signed.
Here the message that was sent to myaccount@differenthoster.com:
Code: Select all
X-Apparently-To: myaccount@differenthoster.com; Wed, 28 Aug 2019 16:38:56 +0000
Return-Path: <>
Authentication-Results: mta4463.mail.ne1.differenthoster.com;
dkim=neutral (no sig) header.i=@mytld.com;
spf=pass smtp.mailfrom=@mytld.com;
dmarc=pass(p=quarantine sp=NULL dis=none) header.from=mytld.com;
Received-SPF: pass (domain of mytld.com designates 178.77.66.12 as permitted sender)
X-YMailISG: Kfrzv94WLDsvFl9nkVXdJsclm6xxfFZBnLn7yKLKeOY0Bbd7
iwavOdkZUA1giQct390my7o8gCfWRRbow2fyxn7WRtzSc1rOi9t6wbxfIq.3
7ZuynZ25SpyUTzKfvxUr4IcUm4GJnZScRbRb8dImnGXFASfwGiJQMu5D002_
FaXc9spiytMHHGhvAhaaYdTbcu1EDkqwhuyHgwCWp1aI3Dr2VkDYlUeV5zSZ
dLrTerdWjKVPtIFztL444_GNmBuiXFJLt9zI_vLf1jZ1cGdgbiXcTb9GzAb8
auoZCtmqmsNMLODJ1Vo7GmQ46k0aCrIUmjAzZwvPFrq_oIFxgDXWlj0pFJ8B
7SMsdI_rS5QOwjl_GJDzK6OMh.LHmqMVrTkPMxjgIQvpcJ.UoXXIxZssCRHF
aQlON_r9_7qRWEjHGFA6DUw7Z3kMJmUwnGhXUCB5G83Q1XCjNIzi9VN1gyna
0xHlqOVt71pmeVcXkeFM2Vpv_bxcc9Rf7FGDvdxS8O9hNdvVmhNapfzfAiaq
zvNPynNh4OHaQvZBV84_iD6HyAC7Oudk5kemu3_t9ukaAIIHcFwkzKqOisVJ
R6jMK4X0QGwP6wqcAvUtXM1VEMtYkZoR1.s8HRURVjZCFkN1wekoKFzHaTWH
hTuHMJlZoH_bKa2GPzovCKPgqzHzMzyLdiupT2uY.bCh7O3jG9tvZKuoHops
JXnqn0tWkV4wSNLMD1QDLvgJJdHNRzQGMc.sUMwuUMqXY4TO9BHdzkmky3o_
Z0JLg6hIGwHiDswo0mNTi6FME9dYswI5pp9Pt_SEkQpYXojc7fW5pebZ0XpH
TULGRV2SaCi6HTvVyzEh1sCHiLUUNNLu3TpWoSxt2ezs8wbUGz9dX4OU1mOb
FcPa.ZX6p7.Z2tcmh5MgSF1ACjXciLtle7O0C6o-
X-Originating-IP: [178.77.66.12]
Received: from 10.217.131.17 (EHLO mytld.com) (178.77.66.12)
by mta4463.mail.ne1.differenthoster.com with SMTPS; Wed, 28 Aug 2019 16:38:54 +0000
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Return-Path: <>
Message-ID: <61E4833B-BD2E-467A-87F4-5E85ED2FC467@mytld.com>
Date: Wed, 28 Aug 2019 18:37:52 +0200
From: mailer-daemon@mytld.com
To: myaccount@differenthoster.com
Subject: Message undeliverable: Test
Content-Transfer-Encoding: quoted-printable
X-hMailServer-LoopCount: 1
Content-Length: 411
Your message did not reach some or all of the intended recipients.
Sent: Wed, 28 Aug 2019 18:37:47 +0200
Subject: Test
The following recipient(s) could not be reached:
thisaccountdoesntexist@foreigntld.com
Error Type: SMTP
Remote server (212.227.15.9) issued an error.
hMailServer sent: RCPT TO:<thisaccountdoesntexist@foreigntld.com>
Remote server replied: 550 Requested action not taken: mailbox unavailable
hMailServer
Re: Server Messages not signed?
This behavior is equal for both of your suggestions:
1) create rule to rewrite the From field to an existing account
2) create a mailer-daemon@mytld.com account
1) create rule to rewrite the From field to an existing account
2) create a mailer-daemon@mytld.com account
Re: Server Messages not signed?
1) RewriteEnvelopeFromWhenForwarding=1 enabled?
2) I think for this need the return-path header to be filled (Try option 1 again, only use the original mailer-daemon@mytld.com as 'From' address... i think this fills the return-path header)
I get these results from a NDR report forwarded to gmail account
2) I think for this need the return-path header to be filled (Try option 1 again, only use the original mailer-daemon@mytld.com as 'From' address... i think this fills the return-path header)
I get these results from a NDR report forwarded to gmail account
Code: Select all
Authentication-Results: mx.google.com;
dkim=pass header.i=@mail.domain.nl header.s=mail header.b=T7tmBOJh;
spf=pass (google.com: domain of mailer-daemon@mail.domain.nl designates xx.xx.xx.xxx as permitted sender) smtp.mailfrom=mailer-daemon@mail.domain.nl;
dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=mail.domain.nl
CIDR to RegEx: d-fault.nl/cidrtoregex
DNS Lookup: d-fault.nl/dnstools
DKIM Generator: d-fault.nl/dkimgenerator
DNSBL Lookup: d-fault.nl/dnsbllookup
GEOIP Lookup: d-fault.nl/geoiplookup
DNS Lookup: d-fault.nl/dnstools
DKIM Generator: d-fault.nl/dkimgenerator
DNSBL Lookup: d-fault.nl/dnsbllookup
GEOIP Lookup: d-fault.nl/geoiplookup
Re: Server Messages not signed?
Yes, I tried both, RewriteEnvelopeFromWhenForwarding=1 and =0.RvdH wrote: ↑2019-08-29 00:051) RewriteEnvelopeFromWhenForwarding=1 enabled?
2) I think for this need the return-path header to be filled (Try option 1 again, only use the original mailer-daemon@mytld.com as 'From' address... i think this fills the return-path header)
I get these results from a NDR report forwarded to gmail accountCode: Select all
Authentication-Results: mx.google.com; dkim=pass header.i=@mail.domain.nl header.s=mail header.b=T7tmBOJh; spf=pass (google.com: domain of mailer-daemon@mail.domain.nl designates xx.xx.xx.xxx as permitted sender) smtp.mailfrom=mailer-daemon@mail.domain.nl; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=mail.domain.nl
But excuse me, I didn't get you.
What do you mean with "use the original mailer-daemon@mytld.com as 'From' address"?
Attached you can find my current rule.
In addition I created an account mailer-daemon@freeze.ws and of course, DKIM signing is enabled for the domain freeze.ws and is also working for normal mails.
But don't forget, I'm using version 5.6.8-B2451.
Re: Server Messages not signed?
Ah...i think in know why it works for me, sometimes...
When the NDR domain EnvelopeFrom and From address use the same domain it works
But when you use a second domain, different from EnvelopeFrom it will not work
I have proposed a change in the code to martin, this at least give you the ability to get NDR messages to be DKIM signed (if all required conditions are fulfilled)
https://github.com/hmailserver/hmailserver/pull/301
NDR messages EnvelopeFrom is there set to mailer-daemon@... address when forwarded to external, this adds the mailer-daemon@... address as Return-Path header, which is (seems to be) required to have a message DKIM signed
RewriteEnvelopeFromWhenForwarding setting is ignored for NDR messages
AFAIK this will never be put in the 5.6.8 branch... but you could try my custom 5.6.8-B2467.22 build with this functionality build-in, but you have to upgrade to hMailServer-5.6.8-B2467 first
When the NDR domain EnvelopeFrom and From address use the same domain it works
But when you use a second domain, different from EnvelopeFrom it will not work
I have proposed a change in the code to martin, this at least give you the ability to get NDR messages to be DKIM signed (if all required conditions are fulfilled)
https://github.com/hmailserver/hmailserver/pull/301
NDR messages EnvelopeFrom is there set to mailer-daemon@... address when forwarded to external, this adds the mailer-daemon@... address as Return-Path header, which is (seems to be) required to have a message DKIM signed
RewriteEnvelopeFromWhenForwarding setting is ignored for NDR messages
AFAIK this will never be put in the 5.6.8 branch... but you could try my custom 5.6.8-B2467.22 build with this functionality build-in, but you have to upgrade to hMailServer-5.6.8-B2467 first
CIDR to RegEx: d-fault.nl/cidrtoregex
DNS Lookup: d-fault.nl/dnstools
DKIM Generator: d-fault.nl/dkimgenerator
DNSBL Lookup: d-fault.nl/dnsbllookup
GEOIP Lookup: d-fault.nl/geoiplookup
DNS Lookup: d-fault.nl/dnstools
DKIM Generator: d-fault.nl/dkimgenerator
DNSBL Lookup: d-fault.nl/dnsbllookup
GEOIP Lookup: d-fault.nl/geoiplookup
Re: Server Messages not signed?
Thank you very much for your efforts!RvdH wrote: ↑2019-08-29 13:45Ah...i think in know why it works for me, sometimes...
When the NDR domain EnvelopeFrom and From address use the same domain it works
But when you use a second domain, different from EnvelopeFrom it will not work
I have proposed a change in the code to martin, this at least give you the ability to get NDR messages to be DKIM signed (if all required conditions are fulfilled)
https://github.com/hmailserver/hmailserver/pull/301
NDR messages EnvelopeFrom is there set to mailer-daemon@... address when forwarded to external, this adds the mailer-daemon@... address as Return-Path header, which is (seems to be) required to have a message DKIM signed
RewriteEnvelopeFromWhenForwarding setting is ignored for NDR messages
AFAIK this will never be put in the 5.6.8 branch... but you could try my custom 5.6.8-B2467.22 build with this functionality build-in, but you have to upgrade to hMailServer-5.6.8-B2467 first
But unfortunately I don't get it working...
See attached screenshots.
I installed version 5.6.8-B2467.22, I set the default domain to freeze.ws, I have a mailer-daemon@freeze.ws account and I have a rule that rewrites the From-Header.
But the NDR is still unsigned
Code: Select all
X-Apparently-To: bhpclan@ymail.com; Thu, 29 Aug 2019 21:45:01 +0000
Return-Path: <>
Authentication-Results: mta4196.mail.gq1.yahoo.com;
dkim=neutral (no sig) header.i=@freeze.ws;
spf=pass smtp.mailfrom=@freeze.ws;
dmarc=pass(p=quarantine sp=NULL dis=none) header.from=freeze.ws;
Received-SPF: pass (domain of freeze.ws designates 178.77.66.12 as permitted sender)
X-YMailISG: 8mjBpjQWLDup5f_N0QyXpMpjX.70AIBcEO.Fc.9E8xjrUcsu
qxpTiIribNdFIHTm0rZ7.5DKZXFh4OBKwv40lSBjmtoOAjLXQVhunfpIUP7x
zFChZdV_ZRgJo3DxLOVZzPZug2R0vURWmATaxZSzcPKV9dWzUT6su2ax94gq
.Tm0GJt8r9DkiIfYN2JDQ6VYqX7uASlyLGUAeU6B1jh6oOTW_smLZ8egLeUk
itHV.8wmeRXiZZL6dU9ArYqocgdrlbT8sDyLjetKTHnr_RVIFLPes1tgiPW2
BKAq5X_0zTdPg.f_nW4tKeuFgS.SL_H7z02aLucZZTL0dZAwt87I_1KKRrrj
7b94suQ3tV8T7ZSvLzlVU4ByQjgpkRkUL7.QI4_CE3.YU95_InW5LE3rqytL
0NMxfzb6PbXu8cxTzSXGgezCsgMwo00vs5pO_weRYC9idxzCsmP3rm.Aoeps
C5KI0MhDg8bLlG33yORV0qqDMrWuSEWp7.wTg5XSGh7S4R25SQFkAa9S6NCY
yWxMptqlA8T24JP98D_LEhf5ku.hZg6fAUHOYtDJ.L.RrtyPOX1CZtpVKZO9
w3lXim6fDZmvbt.UzKczPHGr.erNQ7FyA1GbmGNWYlw5eNE33jMvnUnJAlQg
W_UcG102eKGFoQMS8ctCVWlLLljoqq6o4NvOn3hcdUyhmop.hOJ6lcrEuGqb
guy0xQYMZyyUfeYtqaosYCDfC5YzYD9xnCnRj43VgmxK048fpPMDGNvB5mIo
tMi2nyL8hRBn78qzy4d44mRycI_sArfnVRYMb_9wybjwoIBjmTEIJbX8EoTj
LNz.DUjIGOo_LYxKpRilDUYuU6UwRwXadWcim.0CwowshFvoVs9PaAl.QYwk
GUC3OTShofY5RQN9aClYT4ji1XHfSUHFxKZO6D3UUw--
X-Originating-IP: [178.77.66.12]
Received: from 10.214.154.149 (EHLO freeze.ws) (178.77.66.12)
by mta4196.mail.gq1.yahoo.com with SMTPS; Thu, 29 Aug 2019 21:45:00 +0000
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Return-Path: <>
Message-ID: <4726DC49-A781-4A02-B229-FFBE7B1F706E@freeze.ws>
Date: Thu, 29 Aug 2019 23:43:57 +0200
From: mailer-daemon@freeze.ws
To: bhpclan@ymail.com
Subject: Message undeliverable: Test
Content-Transfer-Encoding: quoted-printable
X-hMailServer-LoopCount: 1
Content-Length: 411
Your message did not reach some or all of the intended recipients.
Sent: Thu, 29 Aug 2019 23:43:48 +0200
Subject: Test
The following recipient(s) could not be reached:
dsgwemdiwufn@gmx.de
Error Type: SMTP
Remote server (212.227.17.5) issued an error.
hMailServer sent: RCPT TO:<dsgwemdiwufn@gmx.de>
Remote server replied: 550 Requested action not taken: mailbox unavailable
hMailServer
Re: Server Messages not signed?
Ditch the rule, set the (freeze.ws) local host name under SMTP settings, as explained in the github pull request this makes the mailer-daemon@ address used by the mailserver
By using rule you set the From address before it reaches to code change in *.22, the change i made expects it to be empty (yellow marked line), which a NDR always is
By using rule you set the From address before it reaches to code change in *.22, the change i made expects it to be empty (yellow marked line), which a NDR always is
CIDR to RegEx: d-fault.nl/cidrtoregex
DNS Lookup: d-fault.nl/dnstools
DKIM Generator: d-fault.nl/dkimgenerator
DNSBL Lookup: d-fault.nl/dnsbllookup
GEOIP Lookup: d-fault.nl/geoiplookup
DNS Lookup: d-fault.nl/dnstools
DKIM Generator: d-fault.nl/dkimgenerator
DNSBL Lookup: d-fault.nl/dnsbllookup
GEOIP Lookup: d-fault.nl/geoiplookup
Re: Server Messages not signed?
I removed the rule, but the result stays the same
But, I've received two NDRs though I just sent one mail.
Do I still need the mailer-daemon@freeze.ws user account?
But, I've received two NDRs though I just sent one mail.
Do I still need the mailer-daemon@freeze.ws user account?
Code: Select all
X-Apparently-To: bhpclan@ymail.com; Sat, 31 Aug 2019 00:41:16 +0000
Return-Path: <>
Authentication-Results: mta4411.mail.ne1.yahoo.com;
dkim=neutral (no sig) header.i=@freeze.ws;
spf=pass smtp.mailfrom=@freeze.ws;
dmarc=pass(p=quarantine sp=NULL dis=none) header.from=freeze.ws;
Received-SPF: pass (domain of freeze.ws designates 178.77.66.12 as permitted sender)
X-YMailISG: aJHJ7LsWLDuTkabbBaWIphceJMRGJ0mhWmjp2xWK1p4ZxtmY
YZf_LEn5zHiUeqcC.lb6WLweCes0kglgNtlcnJReXCOZzfDjl0N5UoSakgv7
soYXDPH_AFFQdGbygqGkE5cSMRkf55FZhVGH2OMc0b8inW0P63dlRG9dYGta
xBEZSnLXYCFiA6B7tNtu24GFXEAFKQkhwXbes22x4iYlQAHXS0ZHyPjvKFqm
5ik_rBh5_MfLm2NMlx3XZ690TglfH3OFWTO5mo6CSCJ9hUczJQkx7Epr9SRv
L9ZNiWscMkoePllozHZlITgd4RNieYimUseB1DdsudkFij4dCicDgsdDgAoZ
HDNmI0ICoGOXGvLoDc2WzdBGtAXRdzmYzsggc25iqxw2YEHhS8Z0_xfZ4RfB
kTkKBEfVCTTPRRqLRHOb4Fl37HobYEWKXLT7HVNwFL16URLnisj5bDqvG2Ra
KsuknQj4lovgxTAYLSXM2zoZMpLQS.KkdI6Qs279HlF4oAkKTd8WvB.FRHsC
FUfu_H3PIZfapgMC7XvI4w4pPLCAx_2KGtmn8ixs0cqEohoTD7KVclKmRiF3
x7m.pT_ChIcqP9F6_SyVPyZwG7HQ40c7iCJ7rlSKfUAm_K1S9E6Dmtl66iN0
6W4uqtOaZt1aH3_yWNnDmi.4CDhWutXA9dIe6AYp3yHsofbe9iBNMYLfSnpZ
RT1AFSHUMZEDbi7TKXHD7r25ZdeJn2n3mbpr8.qfN6YMaQVGGz7ySUgxF7jz
9pFCaXs98WhmmuxMKOL8NaDCQP0WIIAIksjs3KXYXQW8D1aijUHQx3ycNhi_
9tH2_TALt2zO9QEB8cDJ1Hk640MKa7Kk6hAUhCCuKtpQGox3ZAn5MepGgy2i
AMSKXEe5By7TV9PmnflBjHdaPQbv_epMKTBbViRjnUa6P0tyZpeTlg--
X-Originating-IP: [178.77.66.12]
Received: from 10.217.151.201 (EHLO freeze.ws) (178.77.66.12)
by mta4411.mail.ne1.yahoo.com with SMTPS; Sat, 31 Aug 2019 00:41:15 +0000
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Return-Path: <>
Message-ID: <DC9541B5-513D-40FA-B7D8-815D0A00FACA@freeze.ws>
Date: Sat, 31 Aug 2019 02:40:13 +0200
From: mailer-daemon@freeze.ws
To: bhpclan@ymail.com
Subject: Message undeliverable: Test
Content-Transfer-Encoding: quoted-printable
X-hMailServer-LoopCount: 1
Content-Length: 411
Your message did not reach some or all of the intended recipients.
Sent: Sat, 31 Aug 2019 02:38:06 +0200
Subject: Test
The following recipient(s) could not be reached:
dsgwemdiwufn@gmx.de
Error Type: SMTP
Remote server (212.227.15.9) issued an error.
hMailServer sent: RCPT TO:<dsgwemdiwufn@gmx.de>
Remote server replied: 550 Requested action not taken: mailbox unavailable
hMailServer
Code: Select all
X-Apparently-To: bhpclan@ymail.com; Sat, 31 Aug 2019 00:41:18 +0000
Return-Path: <>
Authentication-Results: mta4420.mail.ne1.yahoo.com;
dkim=neutral (no sig) header.i=@freeze.ws;
spf=pass smtp.mailfrom=@freeze.ws;
dmarc=pass(p=quarantine sp=NULL dis=none) header.from=freeze.ws;
Received-SPF: pass (domain of freeze.ws designates 178.77.66.12 as permitted sender)
X-YMailISG: EjsaADIWLDsfsifPAC1OCCdQy.3XjjoO0JyVtq8AcuxQXpo.
sLhrSRYiePYhFht04GRhKK7rwLXHtMNhWo4.LLA9..UR7IrqG0bEPREfaGps
RKiH_ggManURMWBUBUBX7jgASuMgibXge3YXLKhh1sssU33I32MC2ljo_f9H
GGBfz6eA69Ra_02SbKyXYnFojeyk7YWmpJTUmDrWZwsTlIGaRYRUeDbVh83v
Cwl_LC7lWjgS0CaYwwYL9MACThWuQ_kxtZqYvMWFUT7yGlyse.blU4OXZQk4
YYqGZCMFcEjWVBcpRh3cldXX4JHIP8.vTfs0x0qC6mg4zPffnv3AELPtT6GX
9pBYTgTcsectiS_E4vL8WWORXGjD33v0TXCak8i9Wc1YVX0nJRNqjhAHlKTp
3DlfdMAzCGn_cNIxfWWawk3jvEpHhEtOUrx14XbK18JDv094uQSHMC1A3MZT
wk5epOxxNKjZOZww1eoillhvDbvk57gmWTVuAVUc.TnYF_UwJt63gmKd62ze
yeEXWDO8Qh8Zcqnk4fzVR3_THOY0HIEb_DEFVUubX4iS2O4Qer7sn7vUSr5h
aYEvbtA9AhFom5_SJBK.ZIe6i20Z635wWXWI9NVJr4_p..ZEzPSI0Qu1hSkb
mHjh3JcehOWs5sQ3nieRzptS2mwZ6sovQ78xNzuvOxIbLfif9QoZXXIubf8m
dRzRKj6Qp.054a0xg1OwgQv8YurJ.VphDWaZfGdikQ65N70Ee5AO6QMfmnQ9
1TAWRlxr0p3j0gosMCZzyarNzPSUD5m1KusGucUF3x4PbdhSAibOxZUYQtBB
WRnPw3WMgrjwdQ5bhQsvnEanhc606Ff4VbZcbejOACbW0_YinpziJhK1P.XX
2ZnijtV281VjRe1XCZ14u3seQt6Sn37S5fmTciDxw1hTsb2ueX1fuXE-
X-Originating-IP: [178.77.66.12]
Received: from 10.217.150.12 (EHLO freeze.ws) (178.77.66.12)
by mta4420.mail.ne1.yahoo.com with SMTPS; Sat, 31 Aug 2019 00:41:17 +0000
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Return-Path: <>
Message-ID: <977ED8F3-C218-405C-BD98-39830573E475@freeze.ws>
Date: Sat, 31 Aug 2019 02:40:13 +0200
From: mailer-daemon@freeze.ws
To: bhpclan@ymail.com
Subject: Message undeliverable: Test
Content-Transfer-Encoding: quoted-printable
X-hMailServer-LoopCount: 1
Content-Length: 411
Your message did not reach some or all of the intended recipients.
Sent: Sat, 31 Aug 2019 02:38:04 +0200
Subject: Test
The following recipient(s) could not be reached:
dsgwemdiwufn@gmx.de
Error Type: SMTP
Remote server (212.227.15.9) issued an error.
hMailServer sent: RCPT TO:<dsgwemdiwufn@gmx.de>
Remote server replied: 550 Requested action not taken: mailbox unavailable
hMailServer
Re: Server Messages not signed?
I only see two external domains in the NDR...whats up with that?
In the last "To:" address above i would at least expect a local domain and not a yahoo account, really don't know what you are doing, is that a route?
Run this and post the results:
https://www.hmailserver.com/forum/viewt ... 20&t=30914 and include RULES when prompted.
Code: Select all
bhpclan@ymail.com
dsgwemdiwufn@gmx.de
Code: Select all
From: mailer-daemon@freeze.ws
To: bhpclan@ymail.com
Run this and post the results:
https://www.hmailserver.com/forum/viewt ... 20&t=30914 and include RULES when prompted.
CIDR to RegEx: d-fault.nl/cidrtoregex
DNS Lookup: d-fault.nl/dnstools
DKIM Generator: d-fault.nl/dkimgenerator
DNSBL Lookup: d-fault.nl/dnsbllookup
GEOIP Lookup: d-fault.nl/geoiplookup
DNS Lookup: d-fault.nl/dnstools
DKIM Generator: d-fault.nl/dkimgenerator
DNSBL Lookup: d-fault.nl/dnsbllookup
GEOIP Lookup: d-fault.nl/geoiplookup
Re: Server Messages not signed?
What I'm doing is:
- setup a forward address on my mailserver from test@freeze.ws to dsgwemdiwufn@gmx.de
- send an email from bhpclan@ymail.com to test@freeze.ws
- my server tries to forward the mail to dsgwemdiwufn@gmx.de, but since this account doesn't exist, my server receives an error from gmx.de
- thus my server sends an error message back to bhpclan@ymail.com and this message isn't signed
Here the data:Generated by HMSSettingsDiagnostics v1.96, Hmailserver Forum.
- setup a forward address on my mailserver from test@freeze.ws to dsgwemdiwufn@gmx.de
- send an email from bhpclan@ymail.com to test@freeze.ws
- my server tries to forward the mail to dsgwemdiwufn@gmx.de, but since this account doesn't exist, my server receives an error from gmx.de
- thus my server sends an error message back to bhpclan@ymail.com and this message isn't signed
Here the data:
Code: Select all
2019-08-31 Hmailserver: 5.6.8-B2467.22
DOMAINS
"Domain1.com" - bhxxxxxx.de Enabled: True
SIGNATURE LIMITS DKIM ADVANCED
Enabled: False Max size: 0 Enabled: True
Max message size: 0 Header: Relaxed Plus addressing: False
Max size of accounts: 0 Body: Relaxed
Algorithm: SHA256 Greylisting: False
Private key: c:\program files (x86)\hmailserver\data\Domain1.com\dkim.Domain1.com.private.pem
Selector: dkim
"Domain2.com" - doxxxxxxxxxxxxxx.de Enabled: True
SIGNATURE LIMITS DKIM ADVANCED
Enabled: False Max size: 0 Enabled: True
Max message size: 0 Header: Relaxed Plus addressing: False
Max size of accounts: 0 Body: Relaxed
Algorithm: SHA256 Greylisting: False
Private key: c:\program files (x86)\hmailserver\data\Domain2.com\dkim.Domain2.com.private.pem
Selector: dkim
"Domain3.com" - frxxxx.ws Enabled: True
SIGNATURE LIMITS DKIM ADVANCED
Enabled: False Max size: 0 Enabled: True
Max message size: 0 Header: Relaxed Plus addressing: False
Max size of accounts: 0 Body: Relaxed
Algorithm: SHA256 Greylisting: False
Private key: c:\program files (x86)\hmailserver\data\Domain3.com\dkim.Domain3.com.private.pem
Selector: dkim
"Domain4.com" - juxxxxxxxxxx.de Enabled: True
SIGNATURE LIMITS DKIM ADVANCED
Enabled: False Max size: 0 Enabled: True
Max message size: 0 Header: Relaxed Plus addressing: False
Max size of accounts: 0 Body: Relaxed
Algorithm: SHA256 Greylisting: False
Private key: c:\program files (x86)\hmailserver\data\Domain4.com\dkim.Domain4.com.private.pem
Selector: dkim
"Domain5.com" - r-xxxxx.de Enabled: False
"Domain6.com" - rwxx.de Enabled: True
SIGNATURE LIMITS DKIM ADVANCED
Enabled: False Max size: 0 Enabled: False
Max message size: 0 Plus addressing: False
Max size of accounts: 0
Greylisting: False
"Domain7.com" - sgxxxxxxxxxxxxxx.de Enabled: True
SIGNATURE LIMITS DKIM ADVANCED
Enabled: False Max size: 0 Enabled: True
Max message size: 0 Header: Relaxed Plus addressing: False
Max size of accounts: 0 Body: Relaxed
Algorithm: SHA256 Greylisting: False
Private key: c:\program files (x86)\hmailserver\data\Domain7.com\dkim.Domain7.com.private.pem
Selector: dkim
"Domain8.com" - wixxxxxxxxx.net Enabled: True
SIGNATURE LIMITS DKIM ADVANCED
Enabled: False Max size: 0 Enabled: True
Max message size: 0 Header: Relaxed Plus addressing: False
Max size of accounts: 0 Body: Relaxed
Algorithm: SHA256 Greylisting: False
Private key: c:\program files (x86)\hmailserver\data\Domain8.com\dkim.Domain8.com.private.pem
Selector: dkim
-----------------------------------------------------------------------------------------------
GLOBAL RULES
1, Delete Spam Criteria: Use AND
Custom: X-hMailServer-Spam Equals YES
-----Actions-----
Delete
-----------------------------------------------------------------------------------------------
IP RANGES
IP: 127.0.0.1 - 127.0.0.1 Priority: 15 Name: My computer
Allow connections Other
SMTP: True Antispam : False
POP3: True Antivirus: False
IMAP: True SSL/TLS: False
Allow Deliveries from Require Authentication from
Local To Local - True Local To Local - False
Local To External - True Local To External - False
External To Local - False
External To External - False
IP: ::1 - ::1 Priority: 15 Name: My Computer IPv6
Allow connections Other
SMTP: True Antispam : False
POP3: True Antivirus: False
IMAP: True SSL/TLS: False
Allow Deliveries from Require Authentication from
Local To Local - True Local To Local - False
Local To External - True Local To External - False
External To Local - False
External To External - False
IP: 0.0.0.0 - 255.255.255.255 Priority: 10 Name: Internet
Allow connections Other
SMTP: True Antispam : True
POP3: True Antivirus: False
IMAP: True SSL/TLS: False
Allow Deliveries from Require Authentication from
Local To Local - True Local To Local - False
Local To External - True Local To External - True
External To Local - True External To Local - False
External To External - False
IP: :: - ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff Priority: 10 Name: Internet IPv6
Allow connections Other
SMTP: True Antispam : True
POP3: True Antivirus: False
IMAP: True SSL/TLS: False
Allow Deliveries from Require Authentication from
Local To Local - True Local To Local - False
Local To External - True Local To External - True
External To Local - True External To Local - False
External To External - False
------------------------------------------------------
AUTOBANNED Local Addresses:
No entries
-----------------------------------------------------------------------------------------------
AUTOBAN
Autoban Enabled: True Max invalid logon attempts: 5
Minutes Before Reset: 30 (0,50 hours, 0,02 days)
Minutes to Autoban: 60 (1,00 hours, 0,04 days)
There is a total of 13 auto-ban IP ranges.
-----------------------------------------------------------------------------------------------
INCOMING RELAYS
No entries
-----------------------------------------------------------------------------------------------
MIRRORING Disabled
-----------------------------------------------------------------------------------------------
PROTOCOLS
SMTP
GENERAL DELIVERY RFC COMPLIANCE ADVANCED
No. Connections: 0 No Retries: 4 Mins: 60 Plain Text: False Bind:
Host: Domain3.com Empty sender: True Batch recipients: 100
Max Msg Size: 0 Relay:- Incorrect endings: True Use STARTTLS: True
(none entered) Disc. on invalid: True Delivered-To hdr: True
Max number commands: 100 Loop limit: 5
Recipient hosts: 15
Routes:
No routes defined.
POP3
No. Connections: 0
IMAP
GENERAL PUBLIC FOLDERS ADVANCED
No. Connections: 0 Public folder name: #Public IMAP sort: True
IMAP Quota: True
IMAP Idle: True
IMAP ACL: True
Delim: "\"
-----------------------------------------------------------------------------------------------
ANTISPAM
GENERAL SPAM TESTS Score SPAMASSASSIN
Spam Mark: 5 Use SPF: True - 3 Use Spamassassin: False
Add X-HmailServer-Spam: True Check HELO host: True - 2
Add X-HmailServer-Reason: True Check MX records: True - 2
Add X-HmailServer-Subject: True Verify DKIM: False
Subject Text: "[SPAM]"
Spam delete threshold: 8 Maximum message size: 1024
DNSBL ENTRIES:
zen.spamhaus.org Score: 5 Result: 127.0.0.2-8|127.0.0.10-11
bl.spamcop.net Score: 3 Result: 127.0.0.2
b.barracudacentral.org Score: 2 Result: 127.0.0.2
hostkarma.junkemailfilter.com Score: 2 Result: 127.0.0.2|127.0.0.4
bl.spameatingmonkey.net Score: 2 Result: 127.0.0.2-3
cbl.abuseat.org Score: 2 Result: 127.0.0.2
SURBL ENTRIES:
multi.surbl.org Score: 3
GREYLISTING:
Greylisting: False
WHITELISTING
No entries
-----------------------------------------------------------------------------------------------
ANTIVIRUS: No application configured.
Block Attachments: False
-----------------------------------------------------------------------------------------------
SSL CERTIFICATES
Domain3.com
Certificate: C:\Program Files (x86)\hMailServer\Domain3.com.crt
Private key: C:\Program Files (x86)\hMailServer\Domain3.com.key
-----------------------------------------------------------------------------------------------
SSL/TLS
TLS 1.0 : False
TLS 1.1 : False
TLS 1.2 : True Verify Remote SSL/TLS Certs: True
SslCipherList :
ECDHE-RSA-AES128-GCM-SHA256 - ECDHE-ECDSA-AES128-GCM-SHA256 - ECDHE-RSA-AES256-GCM-SHA384
ECDHE-ECDSA-AES256-GCM-SHA384 - DHE-RSA-AES128-GCM-SHA256 - DHE-DSS-AES128-GCM-SHA256
kEDH+AESGCM - ECDHE-RSA-AES128-SHA256 - ECDHE-ECDSA-AES128-SHA256
ECDHE-RSA-AES128-SHA - ECDHE-ECDSA-AES128-SHA - ECDHE-RSA-AES256-SHA384
ECDHE-ECDSA-AES256-SHA384 - ECDHE-RSA-AES256-SHA - ECDHE-ECDSA-AES256-SHA
DHE-RSA-AES128-SHA256 - DHE-RSA-AES128-SHA - DHE-DSS-AES128-SHA256
DHE-RSA-AES256-SHA256 - DHE-DSS-AES256-SHA - DHE-RSA-AES256-SHA
AES128-GCM-SHA256 - AES256-GCM-SHA384 - ECDHE-RSA-RC4-SHA
ECDHE-ECDSA-RC4-SHA - AES128 - AES256
RC4-SHA - HIGH - !aNULL
!eNULL - !EXPORT - !DES
!3DES - !MD5 - !PSK;
-----------------------------------------------------------------------------------------------
TCPIP PORTS Connection Sec
0.0.0.0 / 25 / SMTP - None
0.0.0.0 / 110 / POP3 - None
0.0.0.0 / 143 / IMAP - None
0.0.0.0 / 465 / SMTP - SSL/TLS Cert: Domain3.com
0.0.0.0 / 993 / IMAP - SSL/TLS Cert: Domain3.com
0.0.0.0 / 995 / POP3 - SSL/TLS Cert: Domain3.com
:: / 25 / SMTP - None
:: / 110 / POP3 - None
:: / 143 / IMAP - None
:: / 465 / SMTP - SSL/TLS Cert: Domain3.com
:: / 993 / IMAP - SSL/TLS Cert: Domain3.com
:: / 995 / POP3 - SSL/TLS Cert: Domain3.com
-----------------------------------------------------------------------------------------------
LOGGING Logging Enabled: True
Paths:-
Current: C:\Program Files (x86)\hMailServer\Logs\hmailserver_2019-08-31.log
Error: C:\Program Files (x86)\hMailServer\Logs\ERROR_hmailserver_2019-08-31.log
Event: C:\Program Files (x86)\hMailServer\Logs\hmailserver_events.log - Not present
Awstats: C:\Program Files (x86)\hMailServer\Logs\hmailserver_awstats.log
APPLICATION - True
SMTP - True
POP3 - True
IMAP - True
TCPIP - .
DEBUG - .
AWSTATS - .
-----------------------------------------------------------------------------------------------
SYSTEM TESTS
Database type: MSSQL Compact
IPv6 support is available in operating system.
Backup directory C:\hMailServer-Backup\current is writable.
Relative message paths are stored in the database for all messages.
-----------------------------------------------------------------------------------------------
HMAILSERVER.INI
[Directories]
Program folder: C:\Program Files (x86)\hMailServer\
Database folder: C:\Program Files (x86)\hMailServer\Database
Data folder: C:\Program Files (x86)\hMailServer\Data
Log folder: C:\Program Files (x86)\hMailServer\Logs
Temp folder: C:\Program Files (x86)\hMailServer\Temp
Event folder: C:\Program Files (x86)\hMailServer\Events
[Database]
Type= MSSQLCE
Username=
PasswordEncryption=1
Port= 0
Server=
Internal= 1
[Settings]
RewriteEnvelopeFromWhenForwarding=0
-----------------------------------------------------------------------------------------------
Error 438. Out-dated version. Some fields or objects missing.
Re: Server Messages not signed?
What? Why should the NDR be send back to yahoo account?
That doesn't make any sense at all as the mail from yahoo -> freeze was successfully delivered...anything after that isn't to any concern to yahoo account
It could, with SRS ...but this isn't supported by hmailserver (yet...or ever?)
So you a probably best of setting RewriteEnvelopeFromWhenForwarding=1, that way the message never finds it way back to yahoo account, the yahoo account doesn't need to know you are a bad admin who screwed up configuring accounts/forwards
Not sure if the mails in your scenario are DKIM signed properly, this is sorely server to server communication so i doubt it will be DKIM signed
please run your test the other way around, set a forward to yahoo on test@freeze and send a mail from test@freeze -> gmx
That doesn't make any sense at all as the mail from yahoo -> freeze was successfully delivered...anything after that isn't to any concern to yahoo account
It could, with SRS ...but this isn't supported by hmailserver (yet...or ever?)
So you a probably best of setting RewriteEnvelopeFromWhenForwarding=1, that way the message never finds it way back to yahoo account, the yahoo account doesn't need to know you are a bad admin who screwed up configuring accounts/forwards
Not sure if the mails in your scenario are DKIM signed properly, this is sorely server to server communication so i doubt it will be DKIM signed
please run your test the other way around, set a forward to yahoo on test@freeze and send a mail from test@freeze -> gmx
CIDR to RegEx: d-fault.nl/cidrtoregex
DNS Lookup: d-fault.nl/dnstools
DKIM Generator: d-fault.nl/dkimgenerator
DNSBL Lookup: d-fault.nl/dnsbllookup
GEOIP Lookup: d-fault.nl/geoiplookup
DNS Lookup: d-fault.nl/dnstools
DKIM Generator: d-fault.nl/dkimgenerator
DNSBL Lookup: d-fault.nl/dnsbllookup
GEOIP Lookup: d-fault.nl/geoiplookup
Re: Server Messages not signed?
I just use this setup to generate a server error message. Of course in normal operation I don't have forward accounts which forward to non-existing addresses.
But what happens is, that somebody sends a mail to one of my forwarding accounts and then the mail server to which the mail is forwarded declines the reception. Maybe because the sender address is blocked or because there is no valid mx entry of the senders host or anything else.
And RewriteEnvelopeFromWhenForwarding=1 doesn't seem to help in this case. I still get DMARC reports that state the DKIM signing is missing for mails coming from freeze.ws. And these mails are server error messages. And thats exactly what I see with the setup I described above - the error messages are not signed.
But what happens is, that somebody sends a mail to one of my forwarding accounts and then the mail server to which the mail is forwarded declines the reception. Maybe because the sender address is blocked or because there is no valid mx entry of the senders host or anything else.
And RewriteEnvelopeFromWhenForwarding=1 doesn't seem to help in this case. I still get DMARC reports that state the DKIM signing is missing for mails coming from freeze.ws. And these mails are server error messages. And thats exactly what I see with the setup I described above - the error messages are not signed.
Re: Server Messages not signed?
I still believe the way you test this is all wrong, NDR are sent/should be sent to local accounts only
And only NDR received by local account, forwarded to external are DKIM signed as explained on github pull request
Normal messages of freeze.ws, eg: non NDR are DKIM signed properly?
This is my logic:
Local account -> non-existent external account -> NDR to local -> forward to external
Your logic is like this:
External account -> Local account -> forward to external -> NDR to local -> NDR to external
And therefor i suggest you use RewriteEnvelopeFromWhenForwarding setting, this will omit the last NDR to external
And only NDR received by local account, forwarded to external are DKIM signed as explained on github pull request
Same result?
Normal messages of freeze.ws, eg: non NDR are DKIM signed properly?
This is my logic:
Local account -> non-existent external account -> NDR to local -> forward to external
Your logic is like this:
External account -> Local account -> forward to external -> NDR to local -> NDR to external
And therefor i suggest you use RewriteEnvelopeFromWhenForwarding setting, this will omit the last NDR to external
CIDR to RegEx: d-fault.nl/cidrtoregex
DNS Lookup: d-fault.nl/dnstools
DKIM Generator: d-fault.nl/dkimgenerator
DNSBL Lookup: d-fault.nl/dnsbllookup
GEOIP Lookup: d-fault.nl/geoiplookup
DNS Lookup: d-fault.nl/dnstools
DKIM Generator: d-fault.nl/dkimgenerator
DNSBL Lookup: d-fault.nl/dnsbllookup
GEOIP Lookup: d-fault.nl/geoiplookup
Re: Server Messages not signed?
Normal messages from freeze.ws are signed properly, yes.
But I don't get your suggestion "set a forward to yahoo on test@freeze and send a mail from test@freeze -> gmx".
test@freeze.ws is no account, its just forward address.
And even if it would be an account. What do you expect in this case? The forward to yahoo won't play any role if I send a message from test@freeze.ws to gmx.
So my logic is: External #1 account -> forward to external #2 -> unsigned NDR to external #1
And in my opinion, the external #1 should get an NDR if there was a problem in sending the message? And this NDR should be signed, shouldn't it?
I can try the RewriteEnvelopeFromWhenForwarding=1 one more time, but it didn't help in the past. I still got DMARC reports stating there are unsigned mails from freeze.ws.
And by going through the logs, I saw, it's because of NDRs sent back to external because the server to which the mail should have been forwarded, rejected it.
But I don't get your suggestion "set a forward to yahoo on test@freeze and send a mail from test@freeze -> gmx".
test@freeze.ws is no account, its just forward address.
And even if it would be an account. What do you expect in this case? The forward to yahoo won't play any role if I send a message from test@freeze.ws to gmx.
So my logic is: External #1 account -> forward to external #2 -> unsigned NDR to external #1
And in my opinion, the external #1 should get an NDR if there was a problem in sending the message? And this NDR should be signed, shouldn't it?
I can try the RewriteEnvelopeFromWhenForwarding=1 one more time, but it didn't help in the past. I still got DMARC reports stating there are unsigned mails from freeze.ws.
And by going through the logs, I saw, it's because of NDRs sent back to external because the server to which the mail should have been forwarded, rejected it.
Re: Server Messages not signed?
No, yahoo never send a mail to gmx, so the NDR to yahoo makes no sense...
If you do not understand that, were done talking...back to school for you!
Without SRS (linked to above) we never, ever will be able to do what you want, request.....simple as that!!!
If you do not understand that, were done talking...back to school for you!
Without SRS (linked to above) we never, ever will be able to do what you want, request.....simple as that!!!
CIDR to RegEx: d-fault.nl/cidrtoregex
DNS Lookup: d-fault.nl/dnstools
DKIM Generator: d-fault.nl/dkimgenerator
DNSBL Lookup: d-fault.nl/dnsbllookup
GEOIP Lookup: d-fault.nl/geoiplookup
DNS Lookup: d-fault.nl/dnstools
DKIM Generator: d-fault.nl/dkimgenerator
DNSBL Lookup: d-fault.nl/dnsbllookup
GEOIP Lookup: d-fault.nl/geoiplookup
Re: Server Messages not signed?
Okay, maybe you're right, but maybe we don't understand each other yet
I don't expect yahoo to send a message to gmx.
What happens is:
My server connects to yahoo and says: Hey, I have a message from blabla@blocked.com for you!
Then yahoo answers: Oh boy, I don't accept this message, I don't trust blocked.com!
Then my server sends the NDR to blabla@blocked.com, that the delivery didn't work - that's a fact, it sends this message.
And this message isn't signed for whatever reasons.
So where is my fallacy?
I don't expect yahoo to send a message to gmx.
What happens is:
My server connects to yahoo and says: Hey, I have a message from blabla@blocked.com for you!
Then yahoo answers: Oh boy, I don't accept this message, I don't trust blocked.com!
Then my server sends the NDR to blabla@blocked.com, that the delivery didn't work - that's a fact, it sends this message.
And this message isn't signed for whatever reasons.
So where is my fallacy?
Re: Server Messages not signed?
Here an example:
zxknnzxe@chainarchi.com sent a mail to graf@sg-schwarzenfeld.de.
graf@sg-schwarzenfeld.de is a forward address on my server which is forwarded to ggraf@lhg.de
But lhg.de rejected the mail because it classified it as spam.
Thus my server sends the NDR above to zxknnzxe@chainarchi.com and this NDR is not DKIM signed.
Code: Select all
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Return-Path:
Message-ID:
Date: Wed, 4 Sep 2019 22:31:59 +0200
From: mailer-daemon@freeze.ws
To: zxknnzxe@chainarchi.com
Subject: Message undeliverable: Michael Kors HandBags on Sale - Up to 80% off Online
Content-Transfer-Encoding: quoted-printable
X-hMailServer-LoopCount: 1
Your message did not reach some or all of the intended recipients.
Sent: Thu, 5 Sep 2019 04:31:39 +0800
Subject: Michael Kors HandBags on Sale - Up to 80% off Online
The following recipient(s) could not be reached:
ggraf@lhg.de
Error Type: SMTP
Remote server (195.190.135.25) issued an error.
hMailServer sent: .
Remote server replied: 550 REJECT spam id=3Dexpurgator-69e11b/1567629119-00006D59-2826B648/3/6412542229
hMailServer
graf@sg-schwarzenfeld.de is a forward address on my server which is forwarded to ggraf@lhg.de
But lhg.de rejected the mail because it classified it as spam.
Thus my server sends the NDR above to zxknnzxe@chainarchi.com and this NDR is not DKIM signed.
Re: Server Messages not signed?
Perhaps.. for further clarification: When I'm talking about "forward address" I mean "Alias", so there is no real user account on my server for these addresses.
Re: Server Messages not signed?
No, you are out of luck then, mail forwarded to external email addresses through aliases and distribution list are never DKIM signed
CIDR to RegEx: d-fault.nl/cidrtoregex
DNS Lookup: d-fault.nl/dnstools
DKIM Generator: d-fault.nl/dkimgenerator
DNSBL Lookup: d-fault.nl/dnsbllookup
GEOIP Lookup: d-fault.nl/geoiplookup
DNS Lookup: d-fault.nl/dnstools
DKIM Generator: d-fault.nl/dkimgenerator
DNSBL Lookup: d-fault.nl/dnsbllookup
GEOIP Lookup: d-fault.nl/geoiplookup