DKIM and DMARC for built-in outgoing mail



  • Outgoing mail from the built in email solution does not have a DKIM signature or a DMARC signature.
    Is this possible to enable or configure?



  • @clouddaz Outbound mails should already have DKIM signature. Can you send a test mail to https://www.mail-tester.com/ and send us the report?



  • Also, Email -> Status. Are all the check marks green?



  • @girish, yes they are all green.



  • @clouddaz If you can send a test mail to test@cloudron.io (you can do this from email -> status -> send test mail), I can inspect the headers.



  • I've just sent it, but don't be surprised if it turns up in your spam folder. Thanks in advance for checking.



  • And I just noticed:

    Feb 14 01:02:24 [INFO] [-] [core] [outbound] Sending email as a transaction
    Feb 14 01:02:24 [NOTICE] [-] [dkim_sign] skipped: no private key for lily.dmnw.net
    Feb 14 01:02:24 [INFO] [-] [core] [outbound] Processing delivery for domain: cloudron.io
    Feb 14 01:02:24 EACCES: permission denied, open '/app/haraka-config/config/dkim/lily.dmnw.net/private'
    


  • @clouddaz That does indeed seem like the problem.

    On the server: Go to the directory /home/yellowtent/boxdata/mail/dkim/<domain>. It should have the public/private DKIM keys. Are they present? If they are present, then chown -R yellowtent:yellowtent /home/yellowtent/boxdata/mail/dkim and then go to services -> mail and restart it.

    If they are not present, let me know, we have to see why they are not present (they are created at domain addition time).



  • Yes both DKIM keys are present. chown and mail restart were completed but still no DKIM or DMARC signing. This is the first domain (hostname) not a subsequent added domain, if that helps.



  • @clouddaz Can you give us SSH access so I can debug the issue? Support -> Enable Remote support. Thanks!



  • I have the same issue on my cloudron (standard plan). All checkmarks at SMTP Status are green. I use Mailjet (free account) at the moment to get around this issue.

    2019-02-26T21:12:32.000Z EACCES: permission denied, open '/app/haraka-config/config/dkim/*****.******/private'
    2019-02-26T21:12:32.000Z [NOTICE] [-] [dkim_sign] skipped: no private key for *****.******
    
    cloudron@h2812623:/home/yellowtent/boxdata/mail/dkim/*****.******$ ll
    total 20
    drwxr-xr-x 2 yellowtent yellowtent 4096 Jan  9 07:29 ./
    drwxr-xr-x 3 yellowtent yellowtent 4096 Dez  8 23:13 ../
    -rw------- 1 yellowtent yellowtent  891 Dez  8 23:13 private
    -rw-r--r-- 1 yellowtent yellowtent  272 Dez  8 23:13 public
    -rw-r--r-- 1 yellowtent yellowtent    8 Dez  8 23:13 selector
    

    @girish please let us know if you figure out what causes this behavior.



  • I noticed that some folders maybe have wrong permissions. "cloudron" is the user I used to install Cloudron (with sudo) on the server.
    2019-02-28 22_24_43-root@h2812623_ _home_yellowtent_boxdata_mail.png
    Most of the folders/files under /home/yellowtent are owned by yellowtent, some by root and a small percentage is owned by cloudron. Could this result in the error we see?



  • This is fixed in 3.5.4 now.



  • I experienced the same issue today on a fresh new installation v4.0.0:

    2019-05-10T11:54:20.000Z [INFO] [-] [core] [outbound] Sending email as a transaction
    2019-05-10T11:54:20.000Z EACCES: permission denied, open '/app/haraka-config/config/dkim/mydomain.net/private'
    2019-05-10T11:54:20.000Z [NOTICE] [-] [dkim_sign] skipped: no private key for mydomain.net
    2019-05-10T11:54:20.000Z [INFO] [-] [core] [outbound] Processing delivery for domain: mail-tester.com
    

    so it seems that this bug is still out there...



  • @ruben 4.0.0 is out? how do I install? my cloudron checks for updates but says it's up to date??



  • @ruben did you checked if the file exists? What are the file permissions/owner/group? Does the file contains a certificate? With cloudron 4.X.X you have the ability to re-setup DNS (maybe this fixes the issue?). What about renewing all certs (--> Domain)?

    @murgero cloudron is at v4.0.3 at the moment. Do you use a custom hoster image? I'm on a netcup image and the message popped up today. You're off topic by the way...



  • This post is deleted!


  • @subven yes, the file exists. These are the permissions:

    drwxr-xr-x 2 yellowtent yellowtent 4096 May 10 10:33 ./
    drwxr-xr-x 4 yellowtent yellowtent 4096 May 10 11:27 ../
    -rw------- 1 yellowtent yellowtent  887 May 10 10:33 private
    -rw-r--r-- 1 yellowtent yellowtent  272 May 10 10:33 public
    -rw-r--r-- 1 yellowtent yellowtent    8 May 10 10:33 selector
    

    The DKIM-signing works after a chmod 777 private but I don't think that 's a sustainable solution.

    The 'renew all certs'-button does not seem te renew my certificates.
    My DNS-setup is 'wildcard', so I don't think it 's possible to re-setup dns?

    I just added an extra domain (with cloudron 4.0.3) and it results in the same permissions:

    drwxr-xr-x 2 yellowtent yellowtent 4096 May 17 06:54 ./
    drwxr-xr-x 5 yellowtent yellowtent 4096 May 17 06:54 ../
    -rw------- 1 yellowtent yellowtent  887 May 17 06:54 private
    -rw-r--r-- 1 yellowtent yellowtent  272 May 17 06:54 public
    -rw-r--r-- 1 yellowtent yellowtent    8 May 17 06:54 selector
    

Log in to reply