DKIM and Signing domains

dthompson

Active Member
Nov 23, 2011
120
8
38
Canada
www.digitaltransitions.ca
I am curious as I look over the my servers for the DKIM section in Dashboard --> Configuration --> Mail Proxmox --> DKIM

In the Settings section, if I have It set to "Sign all Outgoing Mail" that it signs all domains that are hosted regardless of whether they are using the DKIM record on their DNS?

Is this is the case, does it matter if Sign Domains section has the domain section in it?

Looking at this from my view, if I have the Settings set to: Sign all Outgoing Mail set to No

But then add my domains below that I want to sign then only those domains I've designated will be signed by the server. If I have it set to Yes in the settings section, then my guess is that it signs every domain with the key no matter if the organization uses that domain key or not.

So I guess what I am asking is this:

If I use the Settings: Sign all Outgoing Mail and have it set to Yes can I remove all the domains in the Sign Domain Section since that would over ride the pre-set domains manually added?

Is I use the Settings: Sign all Outgoing Mail and have it set to No, then I would manually add the domains that I want to sign with the domain key.

Please someone correct my if I am wrong. I read over the documentation and it doesn't seem to actually address my question.

Thanks!
 

Stoiko Ivanov

Proxmox Staff Member
Staff member
May 2, 2018
5,985
826
148
If you set 'Sign all Outgoing Mail' it will sign all outgoing mail - and it will set the 'd' key in the signature to the domain, which the sender address has
If you don't set it, PMG will sign all mails being sent from (a subdomain of) a domain in the Sign Domains list - but it will use the domain in the 'd' key of the signature.

Both settings are independent of the DNS-records the domains have set or not (PMG does not check that a fitting DKIM record exists)

The difference is relevant if you sent mail from subdomains:
e.g.:
- you send from x.foo.com - and have foo.com in the 'Sign Domains' the signature will have 'd=foo.com'
- you send from x.foo.com - and have "Sign all Outgoing Mail" enabled the signature will have 'd=x.foo.com'

I hope this explains it.
 

About

The Proxmox community has been around for many years and offers help and support for Proxmox VE, Proxmox Backup Server, and Proxmox Mail Gateway.
We think our community is one of the best thanks to people like you!

Get your subscription!

The Proxmox team works very hard to make sure you are running the best software and getting stable updates and security enhancements, as well as quick enterprise support. Tens of thousands of happy customers have a Proxmox subscription. Get your own in 60 seconds.

Buy now!