1. A

    No option for DKIM selector

    I'm looking into enabling DKIM on my PMG and am wondering what I am supposed to add to the Selector windows when creating the selector. As currently the selector list is blank (see image). Can someone please point me in the right direction? Regards, Aaron
  2. S

    Conditionally skip filtering based on valid+aligned DKIM signature for specific domain(s)?

    Hi all, I'm wondering if anyone has had any luck whitelisting trusted domains conditional on having an aligned and passing DKIM signature for in the message? The goal is to only skip filtering for messages from that trusted domain that are authenticated. This way it's a whitelist that is not...
  3. hoffmn01

    2-node cluster - mail loops back to myself on target domains for one node only

    Hello Proxmox-Forum, we do have a storage error. We are running a 2-node cluster of the latest mail gateway version in HA mode. One of the nodes started to make trouble delivering mail to external domains (Microsoft-based and others). The error is reproducible. The error message on the node1 is...
  4. J

    Quarantine unsigned e-mails from own domain

    Hi, we receive spoofed phishing emails that appear to be coming from our own domain. In order to filter or quarantine those spoofed emails I activated DKIM signatures for our own emails. Now that all "legitimate" e-mails from our domain are digitally signed via DKIM I was hoping I could filter...
  5. X

    DKIM Relayed Domains

    Guten Tag Bekommen im DNS, die im PMG unter 'Configuration: Mail Proxy > Relay Domains' angegeben Domaenen, alle den gleichen DKIM-Record, so wie er im PMG unter 'Configuration: Mail Proxy > DKIM > View DNS Record' steht? Liebe Gruesse!
  6. L

    DKIM signing for bounces

    In the current PMG 8.0.7 version postfix internal mails (bounce & notify) will not be DKIM signed - even if the source domain is part of the signing domains. If the bounce sender domain have a strict DKIM / DMARC alignment, some providers are rejecting these important mails. e.G. Incoming mail...
  7. W

    [SOLVED] DKIM Cname

    Hello now that we have gotten DKIM signing to work im sitting here thinking what if worst case senario came to pass.. all devices gets encrypted. handing out the TXT record that the users need to enter into there dns servers what if it changes so you have to start from scratch. this got me...
  8. K

    Proxmox Mail Gateway DMARC / Postqueue

    Hallo zusammen, ich habe momentan das Proxmox Mail Gateway in der Version 7.3-6 im Einsatz. Zudem habe ich opendkim und opendmarc installiert und an Postfix angeschlossen. Soweit funktioniert auch alles. Jedoch habe ich im opendmarc Daemon eingestellt, dass die DMARC-Policy ausgewertet werden...
  9. R

    [SOLVED] SPF Failed E-Mail mit 500 ablehnen - DKIM / DMARC

    Hallo zusammen, besteht die Möglichkeit E-Mails abzulehnen wenn der SPF verletzt wird. Bspw. wenn die Domain einen Hardfail eingetragen hat? Ich würde gerne E-Mails nur bei einem hardfail nicht bei einem softfail ablehnen. Habe ich im Standard eine Möglichkeit dazu? Die gleiche Frage auch auf...
  10. S

    DKIM signature with two domains in PMG

    Hello How to make a DKIM signature with two domains in PMG? When we release a letter from quarantine, heder is added there and the receiving server defines the email as spam attach a piece of the log where the check fails X-Mailru-Dmarc-Auth: dmarc=fail...
  11. U

    Better DKIM Whitelist

    To quarantine the flood of marketing junkmail, using a backstop rule at the very bottom of the priority that matches header fields for all the various marketing automation systems has been very successful. Basically, a large set of "</> Match Field" entries like so: X-Mailgun-Sid=.+ X-SG-EID=.+...
  12. P

    Proxmox Mail Gateway to another Proxmox Mail Gateway causes DKIM Header Repetition

    I have an Exchange server behind a Proxmox Mail Gateway 7.0-6 On the other end I have a Postfix server behind another Proxmox Mail Gateway 6.4-4 EXCHANGE <---> PROXMOX MG 7.0-6 <-----> WAN <-----> PROXMOX MG 6.4-4 <----> POSTFIX If I send a test mail from the postfix side to my exchange...
  13. C

    What is the meaning of KAM_DMARC_REJECT?

    I'm trying to configure PMG with unbound as local DNS, as explained here. And it seems to work because my firewall logs shows the PMG server is connecting with multiple IP's on port 53 every time I get an incoming email. But I'm also seeing a lot of false positives with this hit...
  14. L

    [SOLVED] DKIM for external servers

    I have setup DKIM so that mails from our internal network that are sent over PMG get a signature. Now I wonder what to do with our external servers, e.g. JIRA or Gitlab. Those currently send mails via a smarthost but could be switched to using the local Postfix on each server. One option...
  15. hoffmn01

    DKIM - body has been altered - when enabling disclaimer function

    Hello, we've got 2 mailgateways in production and we are happy with them. We recently noticed that DKIM is not working if we add a disclaimer through the mail filter actions. If we switch off the disclaimer, we get a valid/ok message for DKIM. If we enable disclaimer we get the following...
  16. DerDanilo

    Feature Request: DKIM - support ed25519 and dual signing

    - PMG should also support signing with ed25519 keys. - It is advisable to sign with rsa AND ed25519 since not all receiving servers are capable of checking ed25519 keys. (Dual Signing) - This should be configurable RFC 8301 RFC 8463...
  17. U

    different dkim selectors for domains

    Hello! Now, as far as I understood from the UI and docs, it is possible to have only one DKIM selector, that is shared across all domains in the installation. Is there a way to have uniq selector/key per domain?
  18. B

    [SOLVED] Undeliverable mail message not signed by DKIM

    I have proxmox mailgw as a relay to more mail servers in my local network and when someone tries to send mail to non-existing address, PMG returns Undelivered Mail Returned to Sender which is marked as spam because the message is not signed with DKIM, how can I have PMG automatically sign those...
  19. S

    PMG DKIM Config

    I'm just leaving this here so it may help other people. I've been screwing with this for several hours to get it working. Originally here is what I did to get the keys enable DKIM create selector (pmg2021) tick the box to sign outgoing mail. View the DNS change DNS records add a domain to...
  20. DerDanilo

    [SOLVED] Selecting domains for DKIM signing

    We want to be able to selectively have domain signed. Therefore we mantain domains in /etc/pmg/dkim/domains. Sign all Outgoing Mail Controls whether all outbound mail should get signed or only mails from domains listed in /etc/pmg/dkim/domains if it exists and /etc/pmg/domains otherwise...


The Proxmox community has been around for many years and offers help and support for Proxmox VE, Proxmox Backup Server, and Proxmox Mail Gateway.
We think our community is one of the best thanks to people like you!

Get your subscription!

The Proxmox team works very hard to make sure you are running the best software and getting stable updates and security enhancements, as well as quick enterprise support. Tens of thousands of happy customers have a Proxmox subscription. Get yours easily in our online shop.

Buy now!