I found instruction on installing open dkim in efa server,
but if i install it in this box then i must put in dns dkim record and this cut other servers that send mail with my domain
(i have other external services that sends mail with our domain extension)
With SPF there are no problems becouse i added ips of these external services
it is correct ?
About DKIM
Re: About DKIM
What do you mean, " this cut other servers that send mail with my domain"?
Which servers stop receiving your mail sent from the other servers after enabling dkim? Your efa servers, or other people's servers?
Which servers stop receiving your mail sent from the other servers after enabling dkim? Your efa servers, or other people's servers?
-
- Posts: 389
- Joined: 23 Apr 2015 09:45
Re: About DKIM
I dont know dkim, i make example with spf, i dont know if it is the same with dkim
My server with efa sent email for gruppocomet.it and have ip address 195.120.124.42
so i make spf : gruppocomet.it +195.120.124.42
If you try to send email for gruppocomet.it from others server you get fail or softfail
I have some external that send mail for me using gruppocomet.it so i add their server ip to spf so it is also SPF PASS
now if i put dkim Key in dns and i install opendkim in efa only email sent with efa will be considered correct
email sent from other servers dont have dkim Keys in header but dns have it so it is a fail ?
My server with efa sent email for gruppocomet.it and have ip address 195.120.124.42
so i make spf : gruppocomet.it +195.120.124.42
If you try to send email for gruppocomet.it from others server you get fail or softfail
I have some external that send mail for me using gruppocomet.it so i add their server ip to spf so it is also SPF PASS
now if i put dkim Key in dns and i install opendkim in efa only email sent with efa will be considered correct
email sent from other servers dont have dkim Keys in header but dns have it so it is a fail ?
Re: About DKIM
My understanding is dkim only provides additional verification that the mail is authentic and should be trusted. Unlike spf, dkim is just another bit of information that allows you to decide if the message is spam or not. spf allows you to either do nothing, accept the mail from "invalid" servers (soft_fail) or reject that mail completely (hard_fail)
So enabling dkim allows other systems another way to test to see if your mail is valid. Checking for dkim signatures allows you another check in spamassassin to decide if the mail is spam or not.
publishing a dkim record should not cause your mail to be rejected. If someone has setup a mail server to block all unsigned, and/or invalidly dkim signed messages, then they will reject a lot of mail.
Let me give an example:
mail from efa:
- has valid dkim key
- should have a lower spam score, depending on your spamassassin scoring
mail from 3rd party server for your domain:
- may or may not have a dkim key
- will still be accepted by other mail servers if your spf settings allow it
- may or may not have a higher spam score on the receiving system depending on their spam checks.
Does that make more sense?
So enabling dkim allows other systems another way to test to see if your mail is valid. Checking for dkim signatures allows you another check in spamassassin to decide if the mail is spam or not.
publishing a dkim record should not cause your mail to be rejected. If someone has setup a mail server to block all unsigned, and/or invalidly dkim signed messages, then they will reject a lot of mail.
Let me give an example:
mail from efa:
- has valid dkim key
- should have a lower spam score, depending on your spamassassin scoring
mail from 3rd party server for your domain:
- may or may not have a dkim key
- will still be accepted by other mail servers if your spf settings allow it
- may or may not have a higher spam score on the receiving system depending on their spam checks.
Does that make more sense?
-
- Posts: 389
- Joined: 23 Apr 2015 09:45
Re: About DKIM
but mail from 3rd party server for my domain will get INVALID OR MISSING DKIM if i put Keys in dns ?
Re: About DKIM
maybe.
it depends on the setup of the receiving system.
do you still have my address? send me a message from on of those other servers and let's see what happens exactly.
it depends on the setup of the receiving system.
do you still have my address? send me a message from on of those other servers and let's see what happens exactly.
-
- Posts: 389
- Joined: 23 Apr 2015 09:45
Re: About DKIM
I not implemented DKIM at all so there is no tests possible
I am thinking to not implement DKIM
i dont remember your email, my is nicola.piazzi@gruppocomet.it
Now i am watching the way to add other antivirus but it seems that only clam is still free
You have an idea ?
I am thinking to not implement DKIM
i dont remember your email, my is nicola.piazzi@gruppocomet.it
Now i am watching the way to add other antivirus but it seems that only clam is still free
You have an idea ?
Re: About DKIM
let me arrange a test as I have dkim keys posted.
it'll be a couple of hours before I can test
ps: you might want to edit out your email address above.
it'll be a couple of hours before I can test
ps: you might want to edit out your email address above.
Re: About DKIM
not had a chance to test for you last night. I'll try to squeeze it in tonight.