DomainKeys exception

[oscarenzo]

Hello,

I have a doubt, is possible create a exception in at hosting account for one external domain?, i mean that if is possible that check DKIM for all the external domains but when arrive from this source just skip.

I have in the main server enable the option for DKIM check and in the hosting account also.

Thank you.

 

[cPanelMichael]

Hello

In "WHM Home » Service Configuration » Exim Configuration Manager", under the "Access Lists" tab, you can try adding the domain name to:

"Only-verify-recipient"

Thank you.

 

[oscarenzo]

Hello Michael,

Thank you by your reply, i added the IP address of the forward server in "Trusted SMTP IP addresses" and "Sender verification bypass IP addresses" is not the same that "Only-verify-recipient"?

 

[cPanelMichael]

You can click on the "?" icon next to see option to see a description:

Sender verification bypass IP addresses
IP addresses for which to bypass SMTP-time sender verification checks

Only-verify-recipient
Hosts or IP addresses that should be exempt from all spam checks at SMTP time, except recipient verification. Hosts or IP addresses you enter here are stored in /etc/trustedmailhosts.

Trusted SMTP IP addresses
IP addresses exempt from all SMTP sender, recipient, spam, and relaying checks. IP addresses you enter here are stored in /etc/skipsmtpcheckhosts. These senders must still use an RFC-compliant HELO name if the Require RFC-compliant HELO setting is enabled.

Thank you.

 

[oscarenzo]

You can click on the "?" icon next to see option to see a description:

Sender verification bypass IP addresses
IP addresses for which to bypass SMTP-time sender verification checks

Only-verify-recipient
Hosts or IP addresses that should be exempt from all spam checks at SMTP time, except recipient verification. Hosts or IP addresses you enter here are stored in /etc/trustedmailhosts.

Trusted SMTP IP addresses
IP addresses exempt from all SMTP sender, recipient, spam, and relaying checks. IP addresses you enter here are stored in /etc/skipsmtpcheckhosts. These senders must still use an RFC-compliant HELO name if the Require RFC-compliant HELO setting is enabled.

Thank you.

Hi i read it, by this my doubt because not have clear, i'm running scrollout with cpanel as main server, but the emails resended by scrollout had bounced by dkim in the domain, by this my ask, somebody are working with both platforms also?

thank you by advance.

 

[cPanelMichael]

Could you elaborate on how you have configured that spam appliance, and how it works?

Thank you.

 

[oscarenzo]

yes sure:

have a main server with cpanel/whm
main.server.tld

by other side i have a vps with scrollout
scrollout.domain.tld

then a hosting account myprotecteddomain.tld, when the mx 0 is pointing to scrollout.domain.tld, and have configured a quarantine inbox locate in the main.server.tld with domain quarantinedomain.tld.

In the main.server.tld i have enable this options:

Allow DKIM verification for incoming messages
Reject DKIM failures

when scrollout.domain.tld resend emails to the quarantine inbox, the main.server.tld bounce as dkim, this message show dkim log:

Jun 19 22:09:21 scrollout postfix/smtp[10877]: 3gvZ4074WQz11HR: [email protected], relay=quarantinedomain.tld[xx.xx.xx.xx]:25, delay=0.22, delays=0/0/0.15/0.06, dsn=5.0.0, status=bounced (host quarantinedomain.tld[xx.xx.xx.xx] said: 550-DKIM: encountered the following problem validating myprotecteddomain.tld: 550 pubkey_unavailable (in reply to end of DATA command))

by this from scroll out advice to me add exeption for all email check from scrollout server, i added the IP and hostname on:

Sender verification bypass IP addresses [?]
Only-verify-recipient [?]
Trusted SMTP IP addresses [?]

And still blocking the emails, from whm when i disable the option:

Reject DKIM failures [?]
work as well, then if i disable this option when the cpanel account enable it, will not block the emails with dkim configuration faill right?

 

[cPanelMichael]

Reject DKIM failures [?]
work as well, then if i disable this option when the cpanel account enable it, will not block the emails with dkim configuration faill right?

The option in cPanel is for enabling DKIM on your outgoing email. The option in your Exim Configuration Manager is to verify DKIM records on incoming email. I suggest disabling the option in WHM if it's rejecting the legitimate email, as otherwise you would have to develop a custom ACL to exclude certain domain names from the DKIM check if the existing whitelist options are not helpful.

Thank you.