OpenDKIM for all

Hi all

I worked recently to bring a new feature to nethserver: opendkim

The goal is to sign the email by a RSA key and allow other email servers to authenticate you as the good sender by retrieving the public key in your public DNS zone (default._domainkey.YourDomainName)

the protocol of test is available at https://github.com/NethServer/dev/issues/5407

to update your server, do

yum update nethserver-mail-common --enablerepo=testing

I would like to personally thank (no matter for order) @davidep @filippo_carletti @giacomo for test, idea, code, support and fun.

Please test and report

9 Likes

Those are super-great news StĂ©phane! I’ll check it out on my production server!

Now I can’t wait to see rspamd in action too :wink:

4 Likes

Great work @stephdl! It is important that NethServer modules (and especially mail features) are safe and trustworthy. Too many garbage is being sent already.
IMO the startpoint for trustworthy email services is knowing the mail comes from the person that is mentioned in the sender field. OpenDKIM is part of that trust.

4 Likes

yum update nethserver-mail-common --enablerepo=nethserver-testing

Installing now, will report back.

4 Likes

Works as expected, I am having some other issues but I am trying to figure out if they are coming from this testing update or something else.Email addresses section errors with

[64] Cannot use lexical variable $view as a parameter name

See the system log for details.

So I am going through my logs.

DPI also errors but I doubt that it is related.

Please, can you check the/var/log/httpd-admin/error_log when you display the error and give back the full error line

Ive created a bug topic, Im pretty sure its php related not email.

url, please

1 Like

I am testing out on my server and it is working properly. Totally awesome, you guys rock :ok_hand:

3 Likes

One issue has been found during the QA phase that is blocking the release of this feature. If we don’t find a solution for it we must wait for the alternative mail-filter implementation based on rspamd.

More info here

https://github.com/NethServer/dev/issues/5407

1 Like

Count me in.

The patch has been reversed, efforts go to rspamd now, we will go back to opendkim a bit later. For those who upgraded the server you can downgrade by

yum downgrade nethserver-mail-common

2 Likes

Sorry to be the odd man, but I got a bit excited and have already gone to Production Server with this :grimacing:

I am not as technical as you guys, but can someone please let me know exactly what the problem is in dumb terms. From what i think i understand, there is an issue authenticating when sending emails to users from the same domain e.g. me@mydomain.com to you@mydomain.com while on the same network.

If that is the case, would it affect me since i have my Mail Server set up over the internet with its own public IP on a separate NS installation and not on the LAN.

Aldo would i be able to change when a solution is found for DKIM afterwards without losing anything.

Thanks for your patience :sweat_smile:

due to a proxied smtp, all emails seems to come from the localhost and not from the real sender IP. For rspamd the proxied smtp needed by amavisd is removed then it should not give more trouble. We just need to wait a bit more and find the good way to sign email by dkim

rspamd could be a way
opendkim is the common way

For now just revert the rpm, opendkim should no be removed, only disabled and think to remove the public key of your dns zone.

2 Likes