Proxmox DKIM

[Jonathan Tyler]

For sure, everyone has an own view on topics, however, a Mail Gateway from my point of view is the best position to perform such topics. Also for my company we use different systems behind (Plesk, Exchange, Zammad) would be fine, if I could add DKIM just at one place and with only one system without the requirement to relay anything additional between to add DKIM (if we would like to).

I can understand where you're coming from now, and can see the benefit there for some setups. I guess I really didn't need to add that last line, sorry about that.

Since I already had Zimbra setup to do DKIM it didn't make much sense to change it now. I was just pointing out that it does relay signed emails without any issues so far. Only issue I noticed is what I mentioned in the previous reply/post I just made.

 

[killmasta93]

hmmm, but if you replay to pmg how does it get signed though zimbra, i have postfix which was previous doing the signing with opendkim when i started to relay the emails the signed dkim was not going though, that why i had to put pmg to sign the emails instead of my postfix email server

 

[Jonathan Tyler]

hmmm, but if you replay to pmg how does it get signed though zimbra, i have postfix which was previous doing the signing with opendkim when i started to relay the emails the signed dkim was not going though, that why i had to put pmg to sign the emails instead of my postfix email server

I'm not sure how Zimbra handles the signing, but as far as I can tell it signs it before relaying to PMG, as if it was simply sending the email to it's destination. Then I guess PMG sends it unaltered since I'm not doing any other processing there, other than the outbound spam/virus checks.
I just added my PMG to the Relay Host setting, restarted, and sent a test to mail-tester.com, which came back with a 10/10 score just as I was getting before.

Zimbra is a lot of overhead if you just need postfix, but it takes a lot of headache out of setting it up.

 

[atec666]

here is the solution (use traduc online for other language)

https://www.sysadminsdecuba.com/2018/07/configurando-dkim-sobre-proxmox-mail-gateway/

 

[DerDanilo]

Thanks for implementing DKIM. The records that PMG generated look a bit weird in comparision to records generated by other DKIM solutions.
This may be an requirement on how DKIM was implemented in PMG. It would be nice if you could clarify.

DNS Entries containing brackets "(" ")" seem to be invalid when trying to save TXT records with several domain providers.

DNS Entry generated by PMG:

default._domainkey    IN    TXT    ( "v=DKIM1; h=sha256; k=rsa; "
      "p=xxxxyyyyy1"
      "xxxxyyyyy2"
      "xxxxyyyyy3" )  ; ----- DKIM key default

DNS Entry how it usually looks like with other DKIM software:

default._domainkey    IN    TXT    "v=DKIM1;h=sha256;k=rsa;p=xxxxyyyyy1;"

- No space
- No quotes
- No brackets

- Is this a bug or intenially?
- How to configure DNS recrods based on what PMG generates?

Thanks in advance!

 

[Stoiko Ivanov]

Hmm - We took a look at the output of opendkim-genkey - afaik this is the format that bind understands in a zonefile.
So this was intentionally.

You can always strip away the () and "" inbetween .

If you could provide a few examples where other formats are useful (and which) - we could probably augment the cli-tool and maybe the GUI to display them differently.
-> please open an enhancement request at https://bugzilla.proxmox.com in that case.

Thanks

 

[timconner]

TXT DNS entries have a 255 character/byte limit. So when an entry is longer than 255 bytes it get split into multiple strings. The output is valid, but if you're not comfortable with that output or unsure of how to enter it, you can just remove the quotes and spaces between the quotes and let your DNS provider do the splitting for you.