About DKIM

Questions and answers about how to do stuff
Post Reply
nicola.piazzi
Posts: 388
Joined: 23 Apr 2015 09:45

About DKIM

Post by nicola.piazzi »

I found instruction on installing open dkim in efa server,
but if i install it in this box then i must put in dns dkim record and this cut other servers that send mail with my domain
(i have other external services that sends mail with our domain extension)
With SPF there are no problems becouse i added ips of these external services

it is correct ?
User avatar
pdwalker
Posts: 1553
Joined: 18 Mar 2015 09:16

Re: About DKIM

Post by pdwalker »

What do you mean, " this cut other servers that send mail with my domain"?

Which servers stop receiving your mail sent from the other servers after enabling dkim? Your efa servers, or other people's servers?
nicola.piazzi
Posts: 388
Joined: 23 Apr 2015 09:45

Re: About DKIM

Post by nicola.piazzi »

I dont know dkim, i make example with spf, i dont know if it is the same with dkim

My server with efa sent email for gruppocomet.it and have ip address 195.120.124.42
so i make spf : gruppocomet.it +195.120.124.42

If you try to send email for gruppocomet.it from others server you get fail or softfail

I have some external that send mail for me using gruppocomet.it so i add their server ip to spf so it is also SPF PASS

now if i put dkim Key in dns and i install opendkim in efa only email sent with efa will be considered correct
email sent from other servers dont have dkim Keys in header but dns have it so it is a fail ?
User avatar
pdwalker
Posts: 1553
Joined: 18 Mar 2015 09:16

Re: About DKIM

Post by pdwalker »

My understanding is dkim only provides additional verification that the mail is authentic and should be trusted. Unlike spf, dkim is just another bit of information that allows you to decide if the message is spam or not. spf allows you to either do nothing, accept the mail from "invalid" servers (soft_fail) or reject that mail completely (hard_fail)

So enabling dkim allows other systems another way to test to see if your mail is valid. Checking for dkim signatures allows you another check in spamassassin to decide if the mail is spam or not.

publishing a dkim record should not cause your mail to be rejected. If someone has setup a mail server to block all unsigned, and/or invalidly dkim signed messages, then they will reject a lot of mail.

Let me give an example:

mail from efa:
- has valid dkim key
- should have a lower spam score, depending on your spamassassin scoring

mail from 3rd party server for your domain:
- may or may not have a dkim key
- will still be accepted by other mail servers if your spf settings allow it
- may or may not have a higher spam score on the receiving system depending on their spam checks.

Does that make more sense?
nicola.piazzi
Posts: 388
Joined: 23 Apr 2015 09:45

Re: About DKIM

Post by nicola.piazzi »

but mail from 3rd party server for my domain will get INVALID OR MISSING DKIM if i put Keys in dns ?
User avatar
pdwalker
Posts: 1553
Joined: 18 Mar 2015 09:16

Re: About DKIM

Post by pdwalker »

maybe.

it depends on the setup of the receiving system.

do you still have my address? send me a message from on of those other servers and let's see what happens exactly.
nicola.piazzi
Posts: 388
Joined: 23 Apr 2015 09:45

Re: About DKIM

Post by nicola.piazzi »

I not implemented DKIM at all so there is no tests possible
I am thinking to not implement DKIM

i dont remember your email, my is nicola.piazzi@gruppocomet.it

Now i am watching the way to add other antivirus but it seems that only clam is still free
You have an idea ?
User avatar
pdwalker
Posts: 1553
Joined: 18 Mar 2015 09:16

Re: About DKIM

Post by pdwalker »

let me arrange a test as I have dkim keys posted.

it'll be a couple of hours before I can test

ps: you might want to edit out your email address above.
User avatar
pdwalker
Posts: 1553
Joined: 18 Mar 2015 09:16

Re: About DKIM

Post by pdwalker »

not had a chance to test for you last night. I'll try to squeeze it in tonight.
Post Reply