The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

DKIM signing without filtering

Discussion in 'E-mail Discussions' started by AndersH, Apr 21, 2015.

  1. AndersH

    AndersH Registered

    Joined:
    Apr 21, 2015
    Messages:
    4
    Likes Received:
    0
    Trophy Points:
    1
    Location:
    xx
    cPanel Access Level:
    Website Owner
    For a website account I want to have the smtp server sign outgoing mail with DKIM, but I don't not want the server to filter incoming messages. Does anybody here know if this is possible with cPanel?

    If I look under "Email Authentication" in cPanel it says "DKIM allows your server to verify incoming email and prevent incoming spam messages. This feature ensures that incoming messages are unmodified and are genuinely from the indicated sender." This would seem to indicate that this function enables the filtering of incoming messages, that I do not want. But if I try to enable the function it checks if the server is authoritative and shows a dns record to configure, which would indicate that this is the signing, that I do want (there would be no need to set up a new dns record, if I was just doing filtering). So is this function ("DKIM" under "Email Authentication") controlling filtering (so the text is simply wrong) or signing? or both (and if so, are there any way of only enabling one of them)?
     
  2. cPanelMichael

    cPanelMichael Forums Analyst
    Staff Member

    Joined:
    Apr 11, 2011
    Messages:
    30,678
    Likes Received:
    654
    Trophy Points:
    113
    cPanel Access Level:
    Root Administrator
    Hello,

    The DKIM option under "Email Authentication" in cPanel only applies to outgoing email. The DKIM verification for incoming email is available in the "Exim Configuration Manager" within WHM.

    Thank you.
     
  3. AndersH

    AndersH Registered

    Joined:
    Apr 21, 2015
    Messages:
    4
    Likes Received:
    0
    Trophy Points:
    1
    Location:
    xx
    cPanel Access Level:
    Website Owner
    Thanks a lot for your reply. But isn't the text on the screen and the help saying the complete opposite? Would it be possible for you to open an issue a have the text fixed, as you are a staff member? It somehow seems wrong just to ignore such a bug and as a mere user I don't have a service account.
     
  4. cPanelMichael

    cPanelMichael Forums Analyst
    Staff Member

    Joined:
    Apr 11, 2011
    Messages:
    30,678
    Likes Received:
    654
    Trophy Points:
    113
    cPanel Access Level:
    Root Administrator
    Hello,

    The current message in Paper Lantern is:

    It's designed to explain what exactly DKIM is, but I do see your point that it can be confusing due to the option that's available in Web Host Manager. Is there any particular line of text you would prefer to see, or just an overall notice that enabling it will only affect outgoing email?

    Thank you.
     
  5. AndersH

    AndersH Registered

    Joined:
    Apr 21, 2015
    Messages:
    4
    Likes Received:
    0
    Trophy Points:
    1
    Location:
    xx
    cPanel Access Level:
    Website Owner
    I assume Paper Lantem is a version name. I should perhaps have mentioned that the one I look at is version 11.48.3. But the messages seem to have the same problem.

    I think there is two parts to DKIM, signing and verification. So I think I would change the header from "DKIM" to "DKIM signing" and the quoted text to something like "Adding a DKIM signature to your outgoing messages allows receiving servers to verify, that incoming messages are unmodified and are from the sender from whom they claim to be from. This may reduce the chance that your legitimate messages are treated as spam by the receivers server. (To setup filtering of incoming messages on this server go to "Exim Configuration Manager")"

    Does that make sense? I think that would have lessened my confusion. It should of course be checked that that is actually what the functionality does :) I can't find the Exim Configuration Manager, but that may be a licensing issue I guess.

    The "SPF"-section should probably have similar changes applied (e.g. "This feature prevents outgoing spam messages" gives the wrong impression, because if the spam messages are outgoing from your server adding a SPF-record won't change anything about that, but it will allow recipients to filter incoming spam coming from other servers). To help delivery it seem that a DMARC functionality should also be added.

    Thanks for your help.
     
  6. AndersH

    AndersH Registered

    Joined:
    Apr 21, 2015
    Messages:
    4
    Likes Received:
    0
    Trophy Points:
    1
    Location:
    xx
    cPanel Access Level:
    Website Owner
    I had forgotten about the dns part. But saying adding "and authorizing the key using a DNS-record" before "allows receiving servers to verify" perhaps makes it a bit long.
     
  7. cPanelMichael

    cPanelMichael Forums Analyst
    Staff Member

    Joined:
    Apr 11, 2011
    Messages:
    30,678
    Likes Received:
    654
    Trophy Points:
    113
    cPanel Access Level:
    Root Administrator
    Hello,

    I've opened internal case number 187573 to address the descriptions for these options. It has not yet been reviewed by our developers, but you can monitor our change logs for this case number at:

    cPanel - Change Logs

    Thank you.
     
Loading...

Share This Page