DKIM and DMARC for built-in outgoing mail

murgero

This post is deleted!

ruben

@subven yes, the file exists. These are the permissions:

drwxr-xr-x 2 yellowtent yellowtent 4096 May 10 10:33 ./
drwxr-xr-x 4 yellowtent yellowtent 4096 May 10 11:27 ../
-rw------- 1 yellowtent yellowtent  887 May 10 10:33 private
-rw-r--r-- 1 yellowtent yellowtent  272 May 10 10:33 public
-rw-r--r-- 1 yellowtent yellowtent    8 May 10 10:33 selector

The DKIM-signing works after a chmod 777 private but I don't think that 's a sustainable solution.

The 'renew all certs'-button does not seem te renew my certificates.
My DNS-setup is 'wildcard', so I don't think it 's possible to re-setup dns?

I just added an extra domain (with cloudron 4.0.3) and it results in the same permissions:

drwxr-xr-x 2 yellowtent yellowtent 4096 May 17 06:54 ./
drwxr-xr-x 5 yellowtent yellowtent 4096 May 17 06:54 ../
-rw------- 1 yellowtent yellowtent  887 May 17 06:54 private
-rw-r--r-- 1 yellowtent yellowtent  272 May 17 06:54 public
-rw-r--r-- 1 yellowtent yellowtent    8 May 17 06:54 selector

girish

@clouddaz @ruben @subven Any of you still facing this issue? I would love to get to the bottom of this since I thought this got fixed, but clearly hasn't.

doomilation

@girish Hi, I can confirm that this issue is still there with 2 domains.
Unfortunately I didn't check after a fresh install and just 1 domain.

ruben

@girish I had already deleted my test-setup; so I just set up a new one from scratch at scaleway. It results in the same errors and permissions as above.

girish

@ruben Thanks. Can you tell me which DNS provider you are using? Let me try to reproduce the bug with that backend.

ruben

@girish I’m using the wildcard DNS-option.

girish

@ruben thanks, I was able to reproduce the issue. It is related to the ubuntu image on scaleway. We relied on the user id to match between the host OS and the container. For some reason, adding a new user on scaleway starts from uid 1001 instead of 1000. Looking into a fix.

girish

A fix for now is to just run chmod +r /home/yellowtent/boxdata/mail/dkim/*/private.

As for certs for renewing, @ruben do you have incoming port 80 open on your server? The cert issue is not related to dkim keys.

girish

This is fixed now in 4.1 (which will get released next week or so)

ruben

@girish Nice! Will definitely try again after the release.

subven

I can confirm that this is finally fixed now

pintudason

DMARC is about email security. Traditionally this was about inbound protection, where DMARC can be used. Though, DMARC is more about outbound email protection.