1
Is it possible to set up a universal DKIM and mail-from for all external senders sending through the server?
Question asked by Shn L - 5/20/2023 at 12:27 PM
Unanswered
I'm testing out the free edition to use it as an SMTP relay. I have domain A set up in SmarterMail with DKIM and SPF and everything is aligned and passes when I send strictly from domain A.

But, when domain B sends through the server using domain A's SMTP credentials, DKIM is missing and SPF is failing (because the Mail From is not rewritten and doesn't have the server IP in the SPF record).

Is it possible to apply universal DKIM and mail-from, similar to how SendGrid does it with "sendgrid.net" by default so both can pass?

Thanks!

7 Replies

Reply to Thread
0
I think that SmarterMail has only DKIM settings by Domain.
So, at the moment, you can't setup a "universal" DKIM
Gabriele Maoret - Head of SysAdmins at SERSIS Currently manages 6 SmarterMail installations (1 in the cloud for SERSIS which provides services to a few hundred third-party email domains + 5 on-premise for customers who prefer to have their mail server in-house)
1
Sabatino Replied
Using api is easy to do.  I created a simple script which, in addition to creating a universal DKIM on the chosen domain, also creates standard aliases (postmaster, admin, superuser)
Sabatino Traini Chief Information Officer Genial s.r.l. Martinsicuro - Italy
1
Great, Sabatino! I never tought of using API to do this!
Gabriele Maoret - Head of SysAdmins at SERSIS Currently manages 6 SmarterMail installations (1 in the cloud for SERSIS which provides services to a few hundred third-party email domains + 5 on-premise for customers who prefer to have their mail server in-house)
0
Douglas Foster Replied
It appears you are using SmarterMail (configured as an Outbound Gateway) to perform DKIM signing on behalf of some non-SmarterMail servers that cannot do DKIM signing themselves.   I don't think SmarterMail Free can solve this problem for you.   SmarterMail Free only allows one domain, so you cannot configure DKIM signatures for multiple domains because you cannot configure multiple domains.  You couild configure one SM Free outbound gateway for each source domain, or you could buy the paid version.   But I don't know if SmarterMail will add DKIM signatures to a message that is merely passing through it.

If you have a mail-generating application that logs onto SmarterMail Free as a user account within the Free domain, then SmarterMail can be configured to allow any value for the message's From address, and a DKIM signature could be added for the Free domain.  This would not make the message DMARC compliant, but it would ensure that the message had an SMTP MailFrom address and a DKIM signature for the MailFrom domain.
0
Shn L Replied
Hi @Douglas,

So it sounds like whoever wants to pass messages through the SM server will need to use a domain that's already configured in SM or SM will not add a DKIM signature?

We don't want to have to touch our users' (non-SM senders) DNS as most of them are non-technical. So if they want to send from companyA.com for example through SM, ideally all they need is our SMTP credentials and we will add a default DKIM signature and rewrite their MailFrom so both DKIM and SPF can pass.

Can what @Sabatino mentioned above achieve this?
0
Douglas Foster Replied

If the message has a From address of userA@companyA.com and an SMTP MailFrom address of userB@CompanyB.com, you might be able to get SmarterMail to add a signature for CompanyB.com.   Some evaluators may consider this useful information, but there is no specific guidance for why this might be interesting.

To be useful for DMARC, messages with a From address of userA@companyA.com need a DKIM signature for CompanyA.com.  This can only be accomplished by publishing a public key in the DNS structure of CompanyA.com.   A CNAME entry could be redirect the lookup to your domain for simplified administration, but you have to publish something in the CompanyA.com DNS structure


0
Shn L Replied
Why would I want a DKIM signature for the MailFrom if DKIM is meant to authenticate the visible From?

Reply to Thread