3. DKIM and DMARC for built-in outgoing mail

DKIM and DMARC for built-in outgoing mail

  • C

    Outgoing mail from the built in email solution does not have a DKIM signature or a DMARC signature.
    Is this possible to enable or configure?

    0

  • @clouddaz Outbound mails should already have DKIM signature. Can you send a test mail to https://www.mail-tester.com/ and send us the report?

    0

  • Also, Email -> Status. Are all the check marks green?

    0
    C
     1 Reply
  • C

    @girish, yes they are all green.

    0

  • @clouddaz If you can send a test mail to test@cloudron.io (you can do this from email -> status -> send test mail), I can inspect the headers.

    0
  • C

    I've just sent it, but don't be surprised if it turns up in your spam folder. Thanks in advance for checking.

    0
  • C

    And I just noticed:

    Feb 14 01:02:24 [INFO] [-] [core] [outbound] Sending email as a transaction
Feb 14 01:02:24 [NOTICE] [-] [dkim_sign] skipped: no private key for lily.dmnw.net
Feb 14 01:02:24 [INFO] [-] [core] [outbound] Processing delivery for domain: cloudron.io
Feb 14 01:02:24 EACCES: permission denied, open '/app/haraka-config/config/dkim/lily.dmnw.net/private'
    0

  • @clouddaz That does indeed seem like the problem.

    On the server: Go to the directory /home/yellowtent/boxdata/mail/dkim/<domain>. It should have the public/private DKIM keys. Are they present? If they are present, then chown -R yellowtent:yellowtent /home/yellowtent/boxdata/mail/dkim and then go to services -> mail and restart it.

    If they are not present, let me know, we have to see why they are not present (they are created at domain addition time).

    0
  • C

    Yes both DKIM keys are present. chown and mail restart were completed but still no DKIM or DMARC signing. This is the first domain (hostname) not a subsequent added domain, if that helps.

    0

  • @clouddaz Can you give us SSH access so I can debug the issue? Support -> Enable Remote support. Thanks!

    0

  • I have the same issue on my cloudron (standard plan). All checkmarks at SMTP Status are green. I use Mailjet (free account) at the moment to get around this issue.

    2019-02-26T21:12:32.000Z EACCES: permission denied, open '/app/haraka-config/config/dkim/*****.******/private'
2019-02-26T21:12:32.000Z [NOTICE] [-] [dkim_sign] skipped: no private key for *****.******

    cloudron@h2812623:/home/yellowtent/boxdata/mail/dkim/*****.******$ ll
total 20
drwxr-xr-x 2 yellowtent yellowtent 4096 Jan  9 07:29 ./
drwxr-xr-x 3 yellowtent yellowtent 4096 Dez  8 23:13 ../
-rw------- 1 yellowtent yellowtent  891 Dez  8 23:13 private
-rw-r--r-- 1 yellowtent yellowtent  272 Dez  8 23:13 public
-rw-r--r-- 1 yellowtent yellowtent    8 Dez  8 23:13 selector

    @girish please let us know if you figure out what causes this behavior.

    0

  • I noticed that some folders maybe have wrong permissions. "cloudron" is the user I used to install Cloudron (with sudo) on the server.
    2019-02-28 22_24_43-root@h2812623_ _home_yellowtent_boxdata_mail.png
    Most of the folders/files under /home/yellowtent are owned by yellowtent, some by root and a small percentage is owned by cloudron. Could this result in the error we see?

    0

  • This is fixed in 3.5.4 now.

    1
  • R

    I experienced the same issue today on a fresh new installation v4.0.0:

    2019-05-10T11:54:20.000Z [INFO] [-] [core] [outbound] Sending email as a transaction
2019-05-10T11:54:20.000Z EACCES: permission denied, open '/app/haraka-config/config/dkim/mydomain.net/private'
2019-05-10T11:54:20.000Z [NOTICE] [-] [dkim_sign] skipped: no private key for mydomain.net
2019-05-10T11:54:20.000Z [INFO] [-] [core] [outbound] Processing delivery for domain: mail-tester.com

    so it seems that this bug is still out there...

    1
    M
     2 Replies
  • M

    @ruben 4.0.0 is out? how do I install? my cloudron checks for updates but says it's up to date??

    0
    R
     1 Reply

  • @ruben did you checked if the file exists? What are the file permissions/owner/group? Does the file contains a certificate? With cloudron 4.X.X you have the ability to re-setup DNS (maybe this fixes the issue?). What about renewing all certs (--> Domain)?

    @murgero cloudron is at v4.0.3 at the moment. Do you use a custom hoster image? I'm on a netcup image and the message popped up today. You're off topic by the way...

    0
    M
     1 Reply
  • M

    This post is deleted!
    0
  • R

    @subven yes, the file exists. These are the permissions:

    drwxr-xr-x 2 yellowtent yellowtent 4096 May 10 10:33 ./
drwxr-xr-x 4 yellowtent yellowtent 4096 May 10 11:27 ../
-rw------- 1 yellowtent yellowtent  887 May 10 10:33 private
-rw-r--r-- 1 yellowtent yellowtent  272 May 10 10:33 public
-rw-r--r-- 1 yellowtent yellowtent    8 May 10 10:33 selector

    The DKIM-signing works after a chmod 777 private but I don't think that 's a sustainable solution.

    The 'renew all certs'-button does not seem te renew my certificates.
    My DNS-setup is 'wildcard', so I don't think it 's possible to re-setup dns?

    I just added an extra domain (with cloudron 4.0.3) and it results in the same permissions:

    drwxr-xr-x 2 yellowtent yellowtent 4096 May 17 06:54 ./
drwxr-xr-x 5 yellowtent yellowtent 4096 May 17 06:54 ../
-rw------- 1 yellowtent yellowtent  887 May 17 06:54 private
-rw-r--r-- 1 yellowtent yellowtent  272 May 17 06:54 public
-rw-r--r-- 1 yellowtent yellowtent    8 May 17 06:54 selector
    0

  • @clouddaz @ruben @subven Any of you still facing this issue? I would love to get to the bottom of this since I thought this got fixed, but clearly hasn't.

    0
    R
     1 Reply
  • D

    @girish Hi, I can confirm that this issue is still there with 2 domains.
    Unfortunately I didn't check after a fresh install and just 1 domain.

    0
email 20
Log in to reply