OpenDKIM for all

stephdl · January 18, 2018, 7:42am

Hi all

I worked recently to bring a new feature to nethserver: opendkim

The goal is to sign the email by a RSA key and allow other email servers to authenticate you as the good sender by retrieving the public key in your public DNS zone (default._domainkey.YourDomainName)

the protocol of test is available at https://github.com/NethServer/dev/issues/5407

to update your server, do

yum update nethserver-mail-common --enablerepo=testing

I would like to personally thank (no matter for order) @davidep @filippo_carletti @giacomo for test, idea, code, support and fun.

Please test and report

davidep · January 18, 2018, 8:25am

Those are super-great news Stéphane! I’ll check it out on my production server!

Now I can’t wait to see rspamd in action too

robb · January 18, 2018, 1:11pm

Great work @stephdl! It is important that NethServer modules (and especially mail features) are safe and trustworthy. Too many garbage is being sent already.
IMO the startpoint for trustworthy email services is knowing the mail comes from the person that is mentioned in the sender field. OpenDKIM is part of that trust.

Jclendineng · January 18, 2018, 11:07pm

yum update nethserver-mail-common --enablerepo=nethserver-testing

Installing now, will report back.

Jclendineng · January 24, 2018, 2:00pm

Works as expected, I am having some other issues but I am trying to figure out if they are coming from this testing update or something else.Email addresses section errors with

[64] Cannot use lexical variable $view as a parameter name

See the system log for details.

So I am going through my logs.

DPI also errors but I doubt that it is related.

stephdl · January 24, 2018, 2:31pm

Please, can you check the/var/log/httpd-admin/error_log when you display the error and give back the full error line

Jclendineng · January 24, 2018, 2:34pm

Ive created a bug topic, Im pretty sure its php related not email.

stephdl · January 24, 2018, 2:34pm

url, please

Jclendineng · January 24, 2018, 2:35pm

TJerez · January 25, 2018, 6:10pm

I am testing out on my server and it is working properly. Totally awesome, you guys rock

davidep · January 25, 2018, 8:21pm

One issue has been found during the QA phase that is blocking the release of this feature. If we don’t find a solution for it we must wait for the alternative mail-filter implementation based on rspamd.

More info here

https://github.com/NethServer/dev/issues/5407

tzar · January 30, 2018, 5:37pm

Count me in.

stephdl · January 30, 2018, 8:09pm

The patch has been reversed, efforts go to rspamd now, we will go back to opendkim a bit later. For those who upgraded the server you can downgrade by

yum downgrade nethserver-mail-common

TJerez · January 30, 2018, 11:03pm

Sorry to be the odd man, but I got a bit excited and have already gone to Production Server with this

I am not as technical as you guys, but can someone please let me know exactly what the problem is in dumb terms. From what i think i understand, there is an issue authenticating when sending emails to users from the same domain e.g. me@mydomain.com to you@mydomain.com while on the same network.

If that is the case, would it affect me since i have my Mail Server set up over the internet with its own public IP on a separate NS installation and not on the LAN.

Aldo would i be able to change when a solution is found for DKIM afterwards without losing anything.

Thanks for your patience

stephdl · January 30, 2018, 11:09pm

due to a proxied smtp, all emails seems to come from the localhost and not from the real sender IP. For rspamd the proxied smtp needed by amavisd is removed then it should not give more trouble. We just need to wait a bit more and find the good way to sign email by dkim

rspamd could be a way
opendkim is the common way

For now just revert the rpm, opendkim should no be removed, only disabled and think to remove the public key of your dns zone.