team/site
team
/
site
7
17
Fork 56
Code Issues 2 Pull Requests 1 Releases Wiki Activity

tilde.team DKIM signing uses the domain "tilde.team" for all mail domains like tilde.zone #137

New Issue
Closed
opened 2024-04-09 19:29:12 +00:00 by alexlehm · 7 comments
alexlehm commented 2024-04-09 19:29:12 +00:00
Copy Link

The DKIM signing configuration is currently slightly wrong as it uses a single KeyTable entry to sign all domains, which means that the signature always uses d=tilde.team, which means the mail has a valid signature but it is not considered as correct by all DKIM tools.

E.g. gmx/web.de seems to restrict domains sending multiple mails with incorrect signature so that all mails are deferred
(https://postmaster.gmx.net/de/case?c=r0103), the same might impede mail delivery to other domains.

To fix this, the files KeyTable and SigningTable have to be changed to map each email domain to the dns name for dkim and to the signing domain while still using the same key for all.

The two files are in /etc/opendkim/*
The changed files are in ~alexlehm/opendkim/* on tilde.team

The DKIM signing configuration is currently slightly wrong as it uses a single KeyTable entry to sign all domains, which means that the signature always uses d=tilde.team, which means the mail has a valid signature but it is not considered as correct by all DKIM tools. E.g. gmx/web.de seems to restrict domains sending multiple mails with incorrect signature so that all mails are deferred (https://postmaster.gmx.net/de/case?c=r0103), the same might impede mail delivery to other domains. To fix this, the files KeyTable and SigningTable have to be changed to map each email domain to the dns name for dkim and to the signing domain while still using the same key for all. The two files are in /etc/opendkim/* The changed files are in ~alexlehm/opendkim/* on tilde.team
ben commented 2024-04-09 23:39:36 +00:00
Owner
Copy Link

i've updated the configs using your examples. will test it out now.

i've updated the configs using your examples. will test it out now.
ben commented 2024-04-09 23:40:59 +00:00
Owner
Copy Link

example test with fuckup.club https://www.mail-tester.com/test-lbb78nk2v

example test with fuckup.club https://www.mail-tester.com/test-lbb78nk2v
alexlehm commented 2024-04-09 23:59:32 +00:00
Author
Copy Link

thank you, it checks out with thunderbird as well

thank you, it checks out with thunderbird as well
ben commented 2024-04-10 18:46:22 +00:00
Owner
Copy Link

testing the reply-by-mail thing again

testing the reply-by-mail thing again
alexlehm commented 2024-04-10 19:03:01 +00:00
Author
Copy Link

gmx.net is not yet accepting the mails, maybe that will improve after a while

gmx.net is not yet accepting the mails, maybe that will improve after a while
ben commented 2024-04-10 19:24:47 +00:00
Owner
Copy Link

i don't have an inbox there to test - do you?

i don't have an inbox there to test - do you?
alexlehm commented 2024-04-11 23:39:24 +00:00
Author
Copy Link

i have tried it with my gmx account, it didn't work immediately after the change but it is going through now, I received a mail with alexlehm@tilde.news correctly

i have tried it with my gmx account, it didn't work immediately after the change but it is going through now, I received a mail with alexlehm@tilde.news correctly
Sign in to join this conversation.
No Branch/Tag Specified
Branches Tags
master
Labels
Clear labels
No items
No Label
Milestone
Clear milestone
No items
No Milestone
Assignees
Clear assignees
No Assignees
2 Participants
Notifications
Due Date
The due date is invalid or out of range. Please use the format 'yyyy-mm-dd'.

No due date set.

Dependencies

No dependencies set.

Reference: team/site#137
No description provided.
Delete Branch "%!s(<nil>)"

Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?