Proxmox DKIM

Jonathan Tyler

New Member
May 15, 2019
4
2
3
37
For sure, everyone has an own view on topics, however, a Mail Gateway from my point of view is the best position to perform such topics. Also for my company we use different systems behind (Plesk, Exchange, Zammad) would be fine, if I could add DKIM just at one place and with only one system without the requirement to relay anything additional between to add DKIM (if we would like to).
I can understand where you're coming from now, and can see the benefit there for some setups. I guess I really didn't need to add that last line, sorry about that.

Since I already had Zimbra setup to do DKIM it didn't make much sense to change it now. I was just pointing out that it does relay signed emails without any issues so far. Only issue I noticed is what I mentioned in the previous reply/post I just made.
 

killmasta93

Active Member
Aug 13, 2017
695
37
33
26
hmmm, but if you replay to pmg how does it get signed though zimbra, i have postfix which was previous doing the signing with opendkim when i started to relay the emails the signed dkim was not going though, that why i had to put pmg to sign the emails instead of my postfix email server
 

Jonathan Tyler

New Member
May 15, 2019
4
2
3
37
hmmm, but if you replay to pmg how does it get signed though zimbra, i have postfix which was previous doing the signing with opendkim when i started to relay the emails the signed dkim was not going though, that why i had to put pmg to sign the emails instead of my postfix email server
I'm not sure how Zimbra handles the signing, but as far as I can tell it signs it before relaying to PMG, as if it was simply sending the email to it's destination. Then I guess PMG sends it unaltered since I'm not doing any other processing there, other than the outbound spam/virus checks.
I just added my PMG to the Relay Host setting, restarted, and sent a test to mail-tester.com, which came back with a 10/10 score just as I was getting before.

Zimbra is a lot of overhead if you just need postfix, but it takes a lot of headache out of setting it up.
 
  • Like
Reactions: killmasta93
Jan 21, 2017
320
45
33
Berlin
Thanks for implementing DKIM. The records that PMG generated look a bit weird in comparision to records generated by other DKIM solutions.
This may be an requirement on how DKIM was implemented in PMG. It would be nice if you could clarify.

DNS Entries containing brackets "(" ")" seem to be invalid when trying to save TXT records with several domain providers.

DNS Entry generated by PMG:
Code:
default._domainkey    IN    TXT    ( "v=DKIM1; h=sha256; k=rsa; "
      "p=xxxxyyyyy1"
      "xxxxyyyyy2"
      "xxxxyyyyy3" )  ; ----- DKIM key default
DNS Entry how it usually looks like with other DKIM software:
Code:
default._domainkey    IN    TXT    "v=DKIM1;h=sha256;k=rsa;p=xxxxyyyyy1;"
- No space
- No quotes
- No brackets

- Is this a bug or intenially?
- How to configure DNS recrods based on what PMG generates?

Thanks in advance!
 
  • Like
Reactions: rengiared

Stoiko Ivanov

Proxmox Staff Member
Staff member
May 2, 2018
3,827
465
88
Hmm - We took a look at the output of opendkim-genkey - afaik this is the format that bind understands in a zonefile.
So this was intentionally.

You can always strip away the () and "" inbetween .

If you could provide a few examples where other formats are useful (and which) - we could probably augment the cli-tool and maybe the GUI to display them differently.
-> please open an enhancement request at https://bugzilla.proxmox.com in that case.

Thanks
 
Nov 28, 2019
2
5
3
32
TXT DNS entries have a 255 character/byte limit. So when an entry is longer than 255 bytes it get split into multiple strings. The output is valid, but if you're not comfortable with that output or unsure of how to enter it, you can just remove the quotes and spaces between the quotes and let your DNS provider do the splitting for you.
 

About

The Proxmox community has been around for many years and offers help and support for Proxmox VE and Proxmox Mail Gateway. We think our community is one of the best thanks to people like you!

Get your subscription!

The Proxmox team works very hard to make sure you are running the best software and getting stable updates and security enhancements, as well as quick enterprise support. Tens of thousands of happy customers have a Proxmox subscription. Get your own in 60 seconds.

Buy now!