1
A question about DKIM Email Signing
Question asked by Constantine Serafim - March 8, 2016 at 11:42 AM
Unanswered
I am testing SmarterMail 14.5 and I have a couple of question if someone can assist me as I am new on this.
 
1. I have setup DKIM signing (according to instructions) and tested it with by sending out an email from the admin user and it all looks fine in the received email header. But when I do a DNS Test from the SmarterMail DKIM setup screen I get a Fail message. How can this be corrected ?
 
2. If I setup the a user in Outlook with the SMTP pointing to the SmarterMail server and send an email, the email is sent ok, but looking at the received email header there is NO DKIM signing. So what I see is happening that the Server is not signing the email if it comes thought it from a user not in the SmarterMail users list. Is this normal? How can we get this to work so the server is signing emails regardless from which user they are sent?

3 Replies

Reply to Thread
0
Scarab Replied
March 8, 2016 at 1:34 PM
1. If you have setup a DNS TXT record for DKIM (as shown on the MAIL SIGNING "CERTIFICATE" tab) for that domain then it should test fine. Depending on what you are using for DNS you may have to encapsulate your Key if it is 2048-bits or higher. You can encapsulate a DNS TXT record as follows for BIND DNS (used by most DNS providers):
 
Name Type Data
exa._domainKey.example.com TXT
( "k=rsa; p=MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA7eUgxJr9AIAVJ86tjc3c"
"N2ZKygm0LGZTlOpbrpMHX+888MTB+GeHRkWPJ6UNHz4xioTK4rLodGE4zJoEeFklC7ajoUZ"
"HMJcYr/5Ge82JlW6zrDIgUdCDRNDcgLENP5n+VSY7D8nByOt9eySaH/q4MPzVdHFoGI6fFZ+"
"BJ2XGE8Ng6J9A2aHFrhvahqr0GcZI6SHQdN1vxRvZaC5EIHSWKFtk3f2naD2NoPMOB7BZB2"
"WQ+m/PSLjB71YlLXF6jVJeuzeId5sOZqhkiX7oFXnJltFrP8JRHifC6Bv6M4+aP95VPBpYiEDZJ"
"TqPTjx2X2e1CMemPqlAg5J1EiXAoVwx4QIDAQAB" )
 
Nest the entire Public Key in parentheses and then for each line nest it in double-quotes. Each line should not exceed 250 characters. If done correctly, and DNS has propagated, the DNS check should succeed.

(With Microsoft DNS you don't have to encapsulate the Public Key with parentheses and double-quotes, but you still have to break the key into multiple lines less than 250 characters each.)

2. It sounds like you generated the Public Key and Tested DNS but did you remember to click on the [SAVE] button on the MAIL SIGNING screen for that domain? Any changes you make are transitory and not committed until you click on [SAVE].
0
Constantine Serafim Replied
March 10, 2016 at 2:44 AM
Thank you for your response!
 
If I encaptulate the key as suggested, I still can't get the DNS to test ok. If I then send an email from the admin user in SmarterMail, the received email header record shows:
X-SmarterMail-Spam: ISpamAssassin 0 [raw: 0], SPF_Pass, DK_None, DKIM_TempFail, RHSBL.
 
If I don't encaptulate the public key in DNS then email header record shows:
X-SmarterMail-Spam: ISpamAssassin 0 [raw: 0], SPF_Pass, DK_None, DKIM_Pass, RHSBL
Although this looks OK the DNS Test Fails.
 
The Key is generated and saved carefully. But, if I do the above test sending an email from a client (Outlook) that uses the SmarterMail SMTP then NO Signing at all of the email appear in the email header!
 
Any suggestions please?
 
0
Debby Coutinho Replied
June 7, 2016 at 2:08 PM
Did you receive clarification re the sending of emails via a smartermail user account, where the sending email domain is not physically setup in smartermail.  I am having a similar issue, where we forward mails from a bulkmailing system into the smartermail server via a spool account, but the emails do not get signed when they are sent out. I assume this is due to the domain not existing on the server with a cert configured. But im looking for a solution to this, without having to implement another solution to sign these emails.

Reply to Thread