The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

DKIM doesn't work with forwarders?!

Discussion in 'E-mail Discussions' started by kpmedia, Nov 9, 2013.

  1. kpmedia

    kpmedia Well-Known Member

    Joined:
    Feb 13, 2011
    Messages:
    85
    Likes Received:
    0
    Trophy Points:
    6
    Location:
    USA, Europe
    cPanel Access Level:
    Root Administrator
    DKIM should be about the domain itself -- not the accounts. However, in cPanel, I've found a flaw.

    Example:
    - My account is "mybox@domain"
    - I have john@domain, support@domain and sales@domain as forwarders.
    - Using Outlook, I can have 3 "accounts". Same settings, but different reply names. (Only 1 checks, the others act as outbound only.)
    - When on the road, I can check 1 account in webmail/Roundcube on an iPad, and reply as John@domain

    But DKIM doesn't sign. :mad:

    DKIM only signs it when I connect (IMAP/POP) as "mybox" and show "mybox@domain" as the reply address.

    That's fubar.

    Have I missed a setting somewhere, or does cPanel/exim insist that DKIM happen at the account level? Because, again, that's not correct according to DKIM standards. It's about the domain, not the account.

    I can do it with MailEnable on Windows with zero issues.
     
    #1 kpmedia, Nov 9, 2013
    Last edited: Nov 9, 2013
  2. Infopro

    Infopro cPanel Sr. Product Evangelist
    Staff Member

    Joined:
    May 20, 2003
    Messages:
    14,468
    Likes Received:
    196
    Trophy Points:
    63
    Location:
    Pennsylvania
    cPanel Access Level:
    Root Administrator
    Twitter:
    In your: cPanel > Mail section > Email Authentication you'll find the DKIM options for your cPanel account of course. Assuming these are enabled there, disable DKIM, and then Go Back, and disable SPF. Next, Go Back and enable DKIM. Then Go Back and enable SPF.

    Send an email from any of the accounts to this address: check-auth@verifier.port25.com wait a few moments for a result email to be sent back to you. What does that result email say?
     
  3. kpmedia

    kpmedia Well-Known Member

    Joined:
    Feb 13, 2011
    Messages:
    85
    Likes Received:
    0
    Trophy Points:
    6
    Location:
    USA, Europe
    cPanel Access Level:
    Root Administrator
    Did that already.

    Even went into SSH and deleted the old .removed files from the public/private DKIM folders, on a second try. It's not the enabled/disabled status that does it.

    For some reason, Exim (cPanel implementation) will not sign email unless the account/mailbox is used as the FROM. It's not right. Even if I signed the email as poopyhead@anotherdomain, the DKIM should still sign the private key, since I'm connecting to the server via mybox@domain. (And in that case, of course, the public key would not match and would show a DKIM error.)

    The test on DKIM with John@/Sales@/etc (example forwards) has no DKIM signing. It comes back neutral. I've verified that with Port25, appmaildev.com and unlocktheinbox.com. The domain has ADKIM as all, so the unsigned email fails since it's not signed.

    I've used Exim in the past -- forget if it was ISPConfig or Virtualmin -- but did not have the error. (I'll be reinstalling on a test VPS just to verify it's not Exim.) Never seen this behavior from a mailserver before. That's not proper DKIM signing.

    Update:

    I ran more tests. This works fine on another cPanel server.
    This server is still early in the testing phase, so I'm going to reinstall cPanel. We'll see what happens.
     
    #3 kpmedia, Nov 10, 2013
    Last edited: Nov 10, 2013
Loading...

Share This Page