Page 1 of 1

DKIM OUTBOUND

Posted: 09 Nov 2018 14:42
by scl402a
I am trying to enable DKIM for inbound email. I assume, this would get EFA to verify all incoming mail against the DMARC/DKIM system.

I noticed the following,

1) servers that I used my EFA for, might send me back a 'message not delivered'
2) this will cause EFA to send a 'return email', that is from my domain, and thus, it will fail, as EFA don't do outbound DKIM signing?
3) Is there a way for me to direct all EFA return email to another smtp outbound host?

or

Can I make EFA not to send any return to sender type of message?

Re: DKIM OUTBOUND

Posted: 07 Mar 2019 01:39
by Alleyviper
Hi there,

EFA changes the body of the email, for this dkim hash gets tampered with. No solution yet, but it is being addressed on EFA4.

Re: DKIM OUTBOUND

Posted: 07 Mar 2019 16:06
by kris240376
I remember reporting this issue and was told that v4 doesn't exhibit this issue. I'm keeping my fingers crossed that this is still the case when v4 is released.

Re: DKIM OUTBOUND

Posted: 18 Mar 2019 07:04
by Alleyviper
Hi there,

For Inbound Dkim/Dmarc is already checked by opendkim I think.

For OUTBOUND:
I was able to setup Dkim Signing properly:

a) On Efa Menu select 9) Spam Settings > 1) Non Spam Settings | I have Store non spam and enable Signing
settings.PNG
settings.PNG (14.68 KiB) Viewed 1296 times
b) At /etc/Mailscanner/Mailscanner.conf (Change Sign Clean Messages from yes/no to a file ruleset)

Code: Select all

# Add the "Inline HTML Signature" or "Inline Text Signature" to the end
# of uninfected messages?
# If you add your own signature in your email application, and include the
# magic token "_SIGNATURE_" in your email message, the signature will be
# inserted just there, rather than at the end of the message.
# This can also be the filename of a ruleset.
# EFA Note: CustomAction.pm will Sign Clean Messages instead using the custom(nonspam) action.
Sign Clean Messages = %rules-dir%/sig.clean.messages.rules
c) Create a file sig.clean.messages.rules at /etc/Mailscanner/rules/ [You can copy from an existing file rule to keep permissions]

Code: Select all

-rwxr-xr-x 1 root   apache   53 Mar 15 23:28 sig.clean.messages.rules
c) On the webgui choose the from domain.tld not to sign clean message
tld.PNG
tld.PNG (15.84 KiB) Viewed 1297 times
Now INBOUND messages have the signature and Outbound from the domain.tld EFA complets the DKIM Signing without body hash of email beeing Tempered with.

I have a new problem now. the Inbound Signature does not show the link for users to report message as Spam. :pray: