DKIM - Domain Aliases
Question asked by Adam Lewis - November 2, 2016 at 1:44 PM
Answered
I have a domain with a domain alias. I have DKIM signing setup for the domain, but any emails sent as the alias fail DKIM signing. How is this suppose to work? There is no way to setup or change the settings per alias.

6 Replies

Reply to Thread
2
Von-Austin See Replied
Employee Post Marked As Answer
Adam,
 
There is no way to change the DKIM settings per alias.
 
When you send from a DOMAIN alias, SmarterMail will sign the header indicating that the domain you are sending from. This should match the domain alias. You should see your headers looks similar to mine below:
 
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=domainalias.com;
So when this is received by a mail server, the lookup will go against domainalias.com, you will need to ensure that this domain name has TXT records for DKIM setup identically to the primary domain. The test should then pass.
 
I just tested this against Google using this configuration and it was successful, below are my headers:
 
Authentication-Results: mx.google.com;
       dkim=pass header.i=@domainalias.com;
       spf=softfail (google.com: domain of transitioning admin@domainalias.com does not designate xxx.xxx.xxx.xxx as permitted sender) smtp.mailfrom=admin@domainalias.com
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=domainalias.com; s=05312016;
        h=x-originating-ip:content-type:mime-version:message-id:reply-to
          :date:subject:to:from;
        bh=mh62rHCe6g4qZz9UQcXu1iQun0kiCltW5byNIzRe0wI=;
        b=KAqC+klpp/7SPYhqH/kz/ZQfwgtTmnUBPMAwwuJFl4oKjIZ3jvhw7evizaZT9wCHR
          QouQ1VReCzYPPslFzW2/6usS4LERAwZDy1Rx3lzxMMQ/XPQUR5AcNScQ9WGqmFSQx
          7XT3qJNxcZkSLWPUaSOQ9ogIQFIrPwKUNRJdEJdg1Cn4cjlmUY7Z3oqOiLbdZCoxa
          XRELXXgr/YwFawI3ylWfw93cndPFXGBMQKbuBJZmIDVmHSJY+OCRahd0JTO1PJ7PS
          S0j9IPSLdbXJOx2xudgDvzCoxiHrv53weiupkCEbAHYNed1wxKBPqC9WHY+b19rXb
          wnuPUxkq0IUajQOTQ==
I hope this helps clarify. 
Von See
Technical Support Supervisor
SmarterTools Inc.
(877) 357-6278
www.smartertools.com
0
Adam Lewis Replied
Ahh. So we can use the same signature for all aliases. I will try this tomorrow but obviously if it's works for you I'm sure it'll work for me. Thanks!
0
This was great help. We have a sever configured to send marketing type emails. We SMTP connect to the SM server... but it wasn't DKIM signing because the FROM addresses didn't match the Domain within the SM server being used to send the marketing messages. So we added each FROM domain as an alias and ensured each FROM domain had the DKIM key TXT record in their DNS to mach the sending domain. Works like a charm.
1
Norman Roy Replied
Hello Michael, Hello Smartermail Support,
 
i´ve got the same scenario - Smartermail as a central gateway to send transactional mails from dozen of servers. We need DKIM on those sending domains. Adding domain-aliases (like Michael Breines did) resolve in "local user not found" errors. How do we resolve those? Smartermail checks if the sending domain has a local account on the domain, but we just want to send out bulk-DKIM signed. Any help on this appriciated.
Best wishes
Norman
0
Merle Wait Replied
Just restating what Von-Austin See said... as it should work in every scenario stated above.. consistently...
So to be clear:
   domainMain.com   -->  has DKIM key.
   domainAlias.com   ------------+       (is going to same DKIM key that was generated in domainMain.com from SM.
   domainAlias2.com ------------+
 
you take that DKIM, and in the DNS server....
   for domainMain.com   = use DKIM key from SM ..  (i.e. dkim_key.......   domainMain.com)   
        domainAlias1.com =  use the the same DKIM key(file) from domainMain.com 
                                           ( only now it is   ... dkim_key.DomainAlias.com )
        domainAlias2.com =  use the the same DKIM key(file) from domainMain.com 
                                           ( only now it is   ... dkim_key.DomainAlias.com )
 
      so domainAlias1.com and DomainAlias2.com   use the domainkey  generated from SM, for domainMain.com
 
That should work for sending domain and local accounts, external domains .. et al...  I have never encountered an issue.
Not sure how any other issues would arise... 
As long as the domain name servers from each domain and alias have same MX and DKIM structure, it should all work as desired.  
0
Norman Roy Replied
Tank you very much for your reply - probably my question lacks information somehow. Though at the moment i can´t even test DKIM signing throughout problem getting a single mail on an alias out to the world. (Smartermail 16)
 
Maybe some more or detailed information helps on solving my problem.
 
We´ve one Smartermail Gateway, let´s call the domain gateway.com. On there there a several domains called 001.gateway.com, 002.gateway.com and so on. On every of those there´s a single User configured, e.g. 001@001.gateway.com.
 
Those accounts are accessed from Debian Postfix SMTPs to relay out on local configured Mailadresses from CMS oder Shops eg. shop@customer.com. So the Postifx uses Auth to send out Mails from non specified email names on one domain. 
Those mail adresses could be anything, we don´t know though our customers define those themselves.
 
What we are doing now is to add the DomainAlias customer.com to one of the defined gateway.com Domains.
The postfix get´s the relay account to relay, but this won´t work out, though Smartermail checks if the used Adress is a local adress on the Usertable of the Domain Alias. It is not, as we don´t know the adresses.
 
So right here lies our problem at the moment - if we could solve this one, for sure your DKIM setting will work out.
 
Thanks for your help. 
Best wishes, Norman

Reply to Thread