DKIM and DMARC for built-in outgoing mail
clouddaz last edited by girish
Outgoing mail from the built in email solution does not have a DKIM signature or a DMARC signature.
Is this possible to enable or configure?
Also, Email -> Status. Are all the check marks green?
@girish, yes they are all green.
@clouddaz If you can send a test mail to
firstname.lastname@example.org(you can do this from
send test mail), I can inspect the headers.
I've just sent it, but don't be surprised if it turns up in your spam folder. Thanks in advance for checking.
And I just noticed:
Feb 14 01:02:24 [INFO] [-] [core] [outbound] Sending email as a transaction Feb 14 01:02:24 [NOTICE] [-] [dkim_sign] skipped: no private key for lily.dmnw.net Feb 14 01:02:24 [INFO] [-] [core] [outbound] Processing delivery for domain: cloudron.io Feb 14 01:02:24 EACCES: permission denied, open '/app/haraka-config/config/dkim/lily.dmnw.net/private'
@clouddaz That does indeed seem like the problem.
On the server: Go to the directory
/home/yellowtent/boxdata/mail/dkim/<domain>. It should have the public/private DKIM keys. Are they present? If they are present, then
chown -R yellowtent:yellowtent /home/yellowtent/boxdata/mail/dkimand then go to
If they are not present, let me know, we have to see why they are not present (they are created at domain addition time).
Yes both DKIM keys are present. chown and mail restart were completed but still no DKIM or DMARC signing. This is the first domain (hostname) not a subsequent added domain, if that helps.
@clouddaz Can you give us SSH access so I can debug the issue? Support -> Enable Remote support. Thanks!
I have the same issue on my cloudron (standard plan). All checkmarks at SMTP Status are green. I use Mailjet (free account) at the moment to get around this issue.
2019-02-26T21:12:32.000Z EACCES: permission denied, open '/app/haraka-config/config/dkim/*****.******/private' 2019-02-26T21:12:32.000Z [NOTICE] [-] [dkim_sign] skipped: no private key for *****.******
cloudron@h2812623:/home/yellowtent/boxdata/mail/dkim/*****.******$ ll total 20 drwxr-xr-x 2 yellowtent yellowtent 4096 Jan 9 07:29 ./ drwxr-xr-x 3 yellowtent yellowtent 4096 Dez 8 23:13 ../ -rw------- 1 yellowtent yellowtent 891 Dez 8 23:13 private -rw-r--r-- 1 yellowtent yellowtent 272 Dez 8 23:13 public -rw-r--r-- 1 yellowtent yellowtent 8 Dez 8 23:13 selector
@girish please let us know if you figure out what causes this behavior.
I noticed that some folders maybe have wrong permissions. "cloudron" is the user I used to install Cloudron (with sudo) on the server.
Most of the folders/files under /home/yellowtent are owned by yellowtent, some by root and a small percentage is owned by cloudron. Could this result in the error we see?
This is fixed in 3.5.4 now.
ruben last edited by
I experienced the same issue today on a fresh new installation v4.0.0:
2019-05-10T11:54:20.000Z [INFO] [-] [core] [outbound] Sending email as a transaction 2019-05-10T11:54:20.000Z EACCES: permission denied, open '/app/haraka-config/config/dkim/mydomain.net/private' 2019-05-10T11:54:20.000Z [NOTICE] [-] [dkim_sign] skipped: no private key for mydomain.net 2019-05-10T11:54:20.000Z [INFO] [-] [core] [outbound] Processing delivery for domain: mail-tester.com
so it seems that this bug is still out there...
murgero last edited by
@ruben 4.0.0 is out? how do I install? my cloudron checks for updates but says it's up to date??
@ruben did you checked if the file exists? What are the file permissions/owner/group? Does the file contains a certificate? With cloudron 4.X.X you have the ability to re-setup DNS (maybe this fixes the issue?). What about renewing all certs (--> Domain)?
@murgero cloudron is at v4.0.3 at the moment. Do you use a custom hoster image? I'm on a netcup image and the message popped up today. You're off topic by the way...
murgero last edited by
This post is deleted!
ruben last edited by
@subven yes, the file exists. These are the permissions:
drwxr-xr-x 2 yellowtent yellowtent 4096 May 10 10:33 ./ drwxr-xr-x 4 yellowtent yellowtent 4096 May 10 11:27 ../ -rw------- 1 yellowtent yellowtent 887 May 10 10:33 private -rw-r--r-- 1 yellowtent yellowtent 272 May 10 10:33 public -rw-r--r-- 1 yellowtent yellowtent 8 May 10 10:33 selector
The DKIM-signing works after a
chmod 777 privatebut I don't think that 's a sustainable solution.
The 'renew all certs'-button does not seem te renew my certificates.
My DNS-setup is 'wildcard', so I don't think it 's possible to re-setup dns?
I just added an extra domain (with cloudron 4.0.3) and it results in the same permissions:
drwxr-xr-x 2 yellowtent yellowtent 4096 May 17 06:54 ./ drwxr-xr-x 5 yellowtent yellowtent 4096 May 17 06:54 ../ -rw------- 1 yellowtent yellowtent 887 May 17 06:54 private -rw-r--r-- 1 yellowtent yellowtent 272 May 17 06:54 public -rw-r--r-- 1 yellowtent yellowtent 8 May 17 06:54 selector