DKIM OUTBOUND

Questions and answers about how to do stuff
Post Reply
scl402a
Posts: 5
Joined: 12 Oct 2014 11:01

DKIM OUTBOUND

Post by scl402a » 09 Nov 2018 14:42

I am trying to enable DKIM for inbound email. I assume, this would get EFA to verify all incoming mail against the DMARC/DKIM system.

I noticed the following,

1) servers that I used my EFA for, might send me back a 'message not delivered'
2) this will cause EFA to send a 'return email', that is from my domain, and thus, it will fail, as EFA don't do outbound DKIM signing?
3) Is there a way for me to direct all EFA return email to another smtp outbound host?

or

Can I make EFA not to send any return to sender type of message?

Alleyviper
Posts: 74
Joined: 16 Oct 2018 05:55
Location: Portugal

Re: DKIM OUTBOUND

Post by Alleyviper » 07 Mar 2019 01:39

Hi there,

EFA changes the body of the email, for this dkim hash gets tampered with. No solution yet, but it is being addressed on EFA4.

kris240376
Posts: 3
Joined: 17 Sep 2018 18:56

Re: DKIM OUTBOUND

Post by kris240376 » 07 Mar 2019 16:06

I remember reporting this issue and was told that v4 doesn't exhibit this issue. I'm keeping my fingers crossed that this is still the case when v4 is released.

Alleyviper
Posts: 74
Joined: 16 Oct 2018 05:55
Location: Portugal

Re: DKIM OUTBOUND

Post by Alleyviper » 18 Mar 2019 07:04

Hi there,

For Inbound Dkim/Dmarc is already checked by opendkim I think.

For OUTBOUND:
I was able to setup Dkim Signing properly:

a) On Efa Menu select 9) Spam Settings > 1) Non Spam Settings | I have Store non spam and enable Signing
settings.PNG
settings.PNG (14.68 KiB) Viewed 1238 times
b) At /etc/Mailscanner/Mailscanner.conf (Change Sign Clean Messages from yes/no to a file ruleset)

Code: Select all

# Add the "Inline HTML Signature" or "Inline Text Signature" to the end
# of uninfected messages?
# If you add your own signature in your email application, and include the
# magic token "_SIGNATURE_" in your email message, the signature will be
# inserted just there, rather than at the end of the message.
# This can also be the filename of a ruleset.
# EFA Note: CustomAction.pm will Sign Clean Messages instead using the custom(nonspam) action.
Sign Clean Messages = %rules-dir%/sig.clean.messages.rules
c) Create a file sig.clean.messages.rules at /etc/Mailscanner/rules/ [You can copy from an existing file rule to keep permissions]

Code: Select all

-rwxr-xr-x 1 root   apache   53 Mar 15 23:28 sig.clean.messages.rules
c) On the webgui choose the from domain.tld not to sign clean message
tld.PNG
tld.PNG (15.84 KiB) Viewed 1239 times
Now INBOUND messages have the signature and Outbound from the domain.tld EFA complets the DKIM Signing without body hash of email beeing Tempered with.

I have a new problem now. the Inbound Signature does not show the link for users to report message as Spam. :pray:

Post Reply