DKIM doesn't work with forwarders?!

kpmedia

Well-Known Member
Feb 13, 2011
90
1
58
USA, Europe
cPanel Access Level
Root Administrator
DKIM should be about the domain itself -- not the accounts. However, in cPanel, I've found a flaw.

Example:
- My account is "mybox@domain"
- I have john@domain, support@domain and sales@domain as forwarders.
- Using Outlook, I can have 3 "accounts". Same settings, but different reply names. (Only 1 checks, the others act as outbound only.)
- When on the road, I can check 1 account in webmail/Roundcube on an iPad, and reply as John@domain

But DKIM doesn't sign. :mad:

DKIM only signs it when I connect (IMAP/POP) as "mybox" and show "mybox@domain" as the reply address.

That's fubar.

Have I missed a setting somewhere, or does cPanel/exim insist that DKIM happen at the account level? Because, again, that's not correct according to DKIM standards. It's about the domain, not the account.

I can do it with MailEnable on Windows with zero issues.
 
Last edited:

Infopro

Well-Known Member
May 20, 2003
17,075
524
613
Pennsylvania
cPanel Access Level
Root Administrator
Twitter
In your: cPanel > Mail section > Email Authentication you'll find the DKIM options for your cPanel account of course. Assuming these are enabled there, disable DKIM, and then Go Back, and disable SPF. Next, Go Back and enable DKIM. Then Go Back and enable SPF.

Send an email from any of the accounts to this address: [email protected] wait a few moments for a result email to be sent back to you. What does that result email say?
 

kpmedia

Well-Known Member
Feb 13, 2011
90
1
58
USA, Europe
cPanel Access Level
Root Administrator
Did that already.

Even went into SSH and deleted the old .removed files from the public/private DKIM folders, on a second try. It's not the enabled/disabled status that does it.

For some reason, Exim (cPanel implementation) will not sign email unless the account/mailbox is used as the FROM. It's not right. Even if I signed the email as poopyhead@anotherdomain, the DKIM should still sign the private key, since I'm connecting to the server via mybox@domain. (And in that case, of course, the public key would not match and would show a DKIM error.)

The test on DKIM with John@/Sales@/etc (example forwards) has no DKIM signing. It comes back neutral. I've verified that with Port25, appmaildev.com and unlocktheinbox.com. The domain has ADKIM as all, so the unsigned email fails since it's not signed.

I've used Exim in the past -- forget if it was ISPConfig or Virtualmin -- but did not have the error. (I'll be reinstalling on a test VPS just to verify it's not Exim.) Never seen this behavior from a mailserver before. That's not proper DKIM signing.

Update:

I ran more tests. This works fine on another cPanel server.
This server is still early in the testing phase, so I'm going to reinstall cPanel. We'll see what happens.
 
Last edited: