SOLVED DKIM and DMARC for built-in outgoing mail
-
Outgoing mail from the built in email solution does not have a DKIM signature or a DMARC signature.
Is this possible to enable or configure? -
@clouddaz Outbound mails should already have DKIM signature. Can you send a test mail to https://www.mail-tester.com/ and send us the report?
-
Also, Email -> Status. Are all the check marks green?
-
@girish, yes they are all green.
-
@clouddaz If you can send a test mail to
test@cloudron.io(you can do this fromemail->status->send test mail), I can inspect the headers. -
I've just sent it, but don't be surprised if it turns up in your spam folder. Thanks in advance for checking.
-
And I just noticed:
Feb 14 01:02:24 [INFO] [-] [core] [outbound] Sending email as a transaction Feb 14 01:02:24 [NOTICE] [-] [dkim_sign] skipped: no private key for lily.dmnw.net Feb 14 01:02:24 [INFO] [-] [core] [outbound] Processing delivery for domain: cloudron.io Feb 14 01:02:24 EACCES: permission denied, open '/app/haraka-config/config/dkim/lily.dmnw.net/private' -
@clouddaz That does indeed seem like the problem.
On the server: Go to the directory
/home/yellowtent/boxdata/mail/dkim/<domain>. It should have the public/private DKIM keys. Are they present? If they are present, thenchown -R yellowtent:yellowtent /home/yellowtent/boxdata/mail/dkimand then go toservices->mailand restart it.If they are not present, let me know, we have to see why they are not present (they are created at domain addition time).
-
Yes both DKIM keys are present. chown and mail restart were completed but still no DKIM or DMARC signing. This is the first domain (hostname) not a subsequent added domain, if that helps.
-
@clouddaz Can you give us SSH access so I can debug the issue? Support -> Enable Remote support. Thanks!
-
I have the same issue on my cloudron (standard plan). All checkmarks at SMTP Status are green. I use Mailjet (free account) at the moment to get around this issue.
2019-02-26T21:12:32.000Z EACCES: permission denied, open '/app/haraka-config/config/dkim/*****.******/private' 2019-02-26T21:12:32.000Z [NOTICE] [-] [dkim_sign] skipped: no private key for *****.******cloudron@h2812623:/home/yellowtent/boxdata/mail/dkim/*****.******$ ll total 20 drwxr-xr-x 2 yellowtent yellowtent 4096 Jan 9 07:29 ./ drwxr-xr-x 3 yellowtent yellowtent 4096 Dez 8 23:13 ../ -rw------- 1 yellowtent yellowtent 891 Dez 8 23:13 private -rw-r--r-- 1 yellowtent yellowtent 272 Dez 8 23:13 public -rw-r--r-- 1 yellowtent yellowtent 8 Dez 8 23:13 selector@girish please let us know if you figure out what causes this behavior.
-
I noticed that some folders maybe have wrong permissions. "cloudron" is the user I used to install Cloudron (with sudo) on the server.
Most of the folders/files under /home/yellowtent are owned by yellowtent, some by root and a small percentage is owned by cloudron. Could this result in the error we see? -
This is fixed in 3.5.4 now.
-
I experienced the same issue today on a fresh new installation v4.0.0:
2019-05-10T11:54:20.000Z [INFO] [-] [core] [outbound] Sending email as a transaction 2019-05-10T11:54:20.000Z EACCES: permission denied, open '/app/haraka-config/config/dkim/mydomain.net/private' 2019-05-10T11:54:20.000Z [NOTICE] [-] [dkim_sign] skipped: no private key for mydomain.net 2019-05-10T11:54:20.000Z [INFO] [-] [core] [outbound] Processing delivery for domain: mail-tester.comso it seems that this bug is still out there...
-
@ruben 4.0.0 is out? how do I install? my cloudron checks for updates but says it's up to date??
-
@ruben did you checked if the file exists? What are the file permissions/owner/group? Does the file contains a certificate? With cloudron 4.X.X you have the ability to re-setup DNS (maybe this fixes the issue?). What about renewing all certs (--> Domain)?
@murgero cloudron is at v4.0.3 at the moment. Do you use a custom hoster image? I'm on a netcup image and the message popped up today. You're off topic by the way...
-
This post is deleted! -
@subven yes, the file exists. These are the permissions:
drwxr-xr-x 2 yellowtent yellowtent 4096 May 10 10:33 ./ drwxr-xr-x 4 yellowtent yellowtent 4096 May 10 11:27 ../ -rw------- 1 yellowtent yellowtent 887 May 10 10:33 private -rw-r--r-- 1 yellowtent yellowtent 272 May 10 10:33 public -rw-r--r-- 1 yellowtent yellowtent 8 May 10 10:33 selectorThe DKIM-signing works after a
chmod 777 privatebut I don't think that 's a sustainable solution.The 'renew all certs'-button does not seem te renew my certificates.
My DNS-setup is 'wildcard', so I don't think it 's possible to re-setup dns?I just added an extra domain (with cloudron 4.0.3) and it results in the same permissions:
drwxr-xr-x 2 yellowtent yellowtent 4096 May 17 06:54 ./ drwxr-xr-x 5 yellowtent yellowtent 4096 May 17 06:54 ../ -rw------- 1 yellowtent yellowtent 887 May 17 06:54 private -rw-r--r-- 1 yellowtent yellowtent 272 May 17 06:54 public -rw-r--r-- 1 yellowtent yellowtent 8 May 17 06:54 selector -
-
@girish Hi, I can confirm that this issue is still there with 2 domains.
Unfortunately I didn't check after a fresh install and just 1 domain. -
@girish I had already deleted my test-setup; so I just set up a new one from scratch at scaleway. It results in the same errors and permissions as above.
-
@ruben Thanks. Can you tell me which DNS provider you are using? Let me try to reproduce the bug with that backend.
-
@girish Iām using the wildcard DNS-option.
-
@ruben thanks, I was able to reproduce the issue. It is related to the ubuntu image on scaleway. We relied on the user id to match between the host OS and the container. For some reason, adding a new user on scaleway starts from uid 1001 instead of 1000. Looking into a fix.
-
A fix for now is to just run
chmod +r /home/yellowtent/boxdata/mail/dkim/*/private.As for certs for renewing, @ruben do you have incoming port 80 open on your server? The cert issue is not related to dkim keys.
-
This is fixed now in 4.1 (which will get released next week or so)
-
@girish Nice! Will definitely try again after the release.
-
I can confirm that this is finally fixed now
