Cloudron makes it easy to run web apps like WordPress, Nextcloud, GitLab on your server. Find out more or install now.


Navigation

    Cloudron Forum

    • Register
    • Login
    • Search
    • Categories
    • Recent
    • Tags
    • Popular

    SOLVED DKIM and DMARC for built-in outgoing mail

    Support
    email
    6
    28
    560
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • C
      clouddaz last edited by girish

      Outgoing mail from the built in email solution does not have a DKIM signature or a DMARC signature.
      Is this possible to enable or configure?

      1 Reply Last reply Reply Quote 0
      • girish
        girish Staff last edited by

        @clouddaz Outbound mails should already have DKIM signature. Can you send a test mail to https://www.mail-tester.com/ and send us the report?

        1 Reply Last reply Reply Quote 0
        • girish
          girish Staff last edited by

          Also, Email -> Status. Are all the check marks green?

          C 1 Reply Last reply Reply Quote 0
          • C
            clouddaz @girish last edited by

            @girish, yes they are all green.

            1 Reply Last reply Reply Quote 0
            • girish
              girish Staff last edited by

              @clouddaz If you can send a test mail to test@cloudron.io (you can do this from email -> status -> send test mail), I can inspect the headers.

              1 Reply Last reply Reply Quote 0
              • C
                clouddaz last edited by

                I've just sent it, but don't be surprised if it turns up in your spam folder. Thanks in advance for checking.

                1 Reply Last reply Reply Quote 0
                • C
                  clouddaz last edited by

                  And I just noticed:

                  Feb 14 01:02:24 [INFO] [-] [core] [outbound] Sending email as a transaction
                  Feb 14 01:02:24 [NOTICE] [-] [dkim_sign] skipped: no private key for lily.dmnw.net
                  Feb 14 01:02:24 [INFO] [-] [core] [outbound] Processing delivery for domain: cloudron.io
                  Feb 14 01:02:24 EACCES: permission denied, open '/app/haraka-config/config/dkim/lily.dmnw.net/private'
                  
                  1 Reply Last reply Reply Quote 0
                  • girish
                    girish Staff last edited by

                    @clouddaz That does indeed seem like the problem.

                    On the server: Go to the directory /home/yellowtent/boxdata/mail/dkim/<domain>. It should have the public/private DKIM keys. Are they present? If they are present, then chown -R yellowtent:yellowtent /home/yellowtent/boxdata/mail/dkim and then go to services -> mail and restart it.

                    If they are not present, let me know, we have to see why they are not present (they are created at domain addition time).

                    1 Reply Last reply Reply Quote 0
                    • C
                      clouddaz last edited by

                      Yes both DKIM keys are present. chown and mail restart were completed but still no DKIM or DMARC signing. This is the first domain (hostname) not a subsequent added domain, if that helps.

                      1 Reply Last reply Reply Quote 0
                      • girish
                        girish Staff last edited by

                        @clouddaz Can you give us SSH access so I can debug the issue? Support -> Enable Remote support. Thanks!

                        1 Reply Last reply Reply Quote 0
                        • subven
                          subven last edited by

                          I have the same issue on my cloudron (standard plan). All checkmarks at SMTP Status are green. I use Mailjet (free account) at the moment to get around this issue.

                          2019-02-26T21:12:32.000Z EACCES: permission denied, open '/app/haraka-config/config/dkim/*****.******/private'
                          2019-02-26T21:12:32.000Z [NOTICE] [-] [dkim_sign] skipped: no private key for *****.******
                          
                          cloudron@h2812623:/home/yellowtent/boxdata/mail/dkim/*****.******$ ll
                          total 20
                          drwxr-xr-x 2 yellowtent yellowtent 4096 Jan  9 07:29 ./
                          drwxr-xr-x 3 yellowtent yellowtent 4096 Dez  8 23:13 ../
                          -rw------- 1 yellowtent yellowtent  891 Dez  8 23:13 private
                          -rw-r--r-- 1 yellowtent yellowtent  272 Dez  8 23:13 public
                          -rw-r--r-- 1 yellowtent yellowtent    8 Dez  8 23:13 selector
                          

                          @girish please let us know if you figure out what causes this behavior.

                          1 Reply Last reply Reply Quote 0
                          • subven
                            subven last edited by

                            I noticed that some folders maybe have wrong permissions. "cloudron" is the user I used to install Cloudron (with sudo) on the server.
                            2019-02-28 22_24_43-root@h2812623_ _home_yellowtent_boxdata_mail.png
                            Most of the folders/files under /home/yellowtent are owned by yellowtent, some by root and a small percentage is owned by cloudron. Could this result in the error we see?

                            1 Reply Last reply Reply Quote 0
                            • girish
                              girish Staff last edited by

                              This is fixed in 3.5.4 now.

                              1 Reply Last reply Reply Quote 1
                              • R
                                ruben last edited by

                                I experienced the same issue today on a fresh new installation v4.0.0:

                                2019-05-10T11:54:20.000Z [INFO] [-] [core] [outbound] Sending email as a transaction
                                2019-05-10T11:54:20.000Z EACCES: permission denied, open '/app/haraka-config/config/dkim/mydomain.net/private'
                                2019-05-10T11:54:20.000Z [NOTICE] [-] [dkim_sign] skipped: no private key for mydomain.net
                                2019-05-10T11:54:20.000Z [INFO] [-] [core] [outbound] Processing delivery for domain: mail-tester.com
                                

                                so it seems that this bug is still out there...

                                M subven 2 Replies Last reply Reply Quote 1
                                • M
                                  murgero App Dev @ruben last edited by

                                  @ruben 4.0.0 is out? how do I install? my cloudron checks for updates but says it's up to date??

                                  R 1 Reply Last reply Reply Quote 0
                                  • subven
                                    subven @ruben last edited by

                                    @ruben did you checked if the file exists? What are the file permissions/owner/group? Does the file contains a certificate? With cloudron 4.X.X you have the ability to re-setup DNS (maybe this fixes the issue?). What about renewing all certs (--> Domain)?

                                    @murgero cloudron is at v4.0.3 at the moment. Do you use a custom hoster image? I'm on a netcup image and the message popped up today. You're off topic by the way...

                                    M 1 Reply Last reply Reply Quote 0
                                    • M
                                      murgero App Dev @subven last edited by

                                      This post is deleted!
                                      1 Reply Last reply Reply Quote 0
                                      • R
                                        ruben @murgero last edited by

                                        @subven yes, the file exists. These are the permissions:

                                        drwxr-xr-x 2 yellowtent yellowtent 4096 May 10 10:33 ./
                                        drwxr-xr-x 4 yellowtent yellowtent 4096 May 10 11:27 ../
                                        -rw------- 1 yellowtent yellowtent  887 May 10 10:33 private
                                        -rw-r--r-- 1 yellowtent yellowtent  272 May 10 10:33 public
                                        -rw-r--r-- 1 yellowtent yellowtent    8 May 10 10:33 selector
                                        

                                        The DKIM-signing works after a chmod 777 private but I don't think that 's a sustainable solution.

                                        The 'renew all certs'-button does not seem te renew my certificates.
                                        My DNS-setup is 'wildcard', so I don't think it 's possible to re-setup dns?

                                        I just added an extra domain (with cloudron 4.0.3) and it results in the same permissions:

                                        drwxr-xr-x 2 yellowtent yellowtent 4096 May 17 06:54 ./
                                        drwxr-xr-x 5 yellowtent yellowtent 4096 May 17 06:54 ../
                                        -rw------- 1 yellowtent yellowtent  887 May 17 06:54 private
                                        -rw-r--r-- 1 yellowtent yellowtent  272 May 17 06:54 public
                                        -rw-r--r-- 1 yellowtent yellowtent    8 May 17 06:54 selector
                                        
                                        1 Reply Last reply Reply Quote 0
                                        • girish
                                          girish Staff last edited by

                                          @clouddaz @ruben @subven Any of you still facing this issue? I would love to get to the bottom of this since I thought this got fixed, but clearly hasn't.

                                          R 1 Reply Last reply Reply Quote 0
                                          • D
                                            doomilation last edited by

                                            @girish Hi, I can confirm that this issue is still there with 2 domains.
                                            Unfortunately I didn't check after a fresh install and just 1 domain.

                                            1 Reply Last reply Reply Quote 0
                                            • First post
                                              Last post