I worked recently to bring a new feature to nethserver: opendkim
The goal is to sign the email by a RSA key and allow other email servers to authenticate you as the good sender by retrieving the public key in your public DNS zone (default._domainkey.YourDomainName)
Great work @stephdl! It is important that NethServer modules (and especially mail features) are safe and trustworthy. Too many garbage is being sent already.
IMO the startpoint for trustworthy email services is knowing the mail comes from the person that is mentioned in the sender field. OpenDKIM is part of that trust.
Works as expected, I am having some other issues but I am trying to figure out if they are coming from this testing update or something else.Email addresses section errors with
[64] Cannot use lexical variable $view as a parameter name
One issue has been found during the QA phase that is blocking the release of this feature. If we donât find a solution for it we must wait for the alternative mail-filter implementation based on rspamd.
Sorry to be the odd man, but I got a bit excited and have already gone to Production Server with this
I am not as technical as you guys, but can someone please let me know exactly what the problem is in dumb terms. From what i think i understand, there is an issue authenticating when sending emails to users from the same domain e.g. me@mydomain.com to you@mydomain.com while on the same network.
If that is the case, would it affect me since i have my Mail Server set up over the internet with its own public IP on a separate NS installation and not on the LAN.
Aldo would i be able to change when a solution is found for DKIM afterwards without losing anything.
due to a proxied smtp, all emails seems to come from the localhost and not from the real sender IP. For rspamd the proxied smtp needed by amavisd is removed then it should not give more trouble. We just need to wait a bit more and find the good way to sign email by dkim
rspamd could be a way
opendkim is the common way
For now just revert the rpm, opendkim should no be removed, only disabled and think to remove the public key of your dns zone.