Relay Mail Server with DKIM

royceb · October 6, 2018, 12:55am

NethServer Version: Neth 7.5 stable
Module: Email

Hello,

Just installed NS 7.5 with email. I am curious if you can use NS as an smtp relay server and have it sign the outgoing message with newly added DKIM feature? I’ve tested server and it can send/receive email by itself and when the email is composed and sent from NS the DKIM works just fine. I’ve made a mock up out the diagram below (and I know that Neth can/does offer the same email setup as Zen). I am curious if I could makeing NS into a spam filtering/DKIM signing mechanism.

Layout:
Zentyal 5.1 Mail Server <==> Nethserver 7.5 relay <==> Internet

==EDIT==
Similar question asked here: https://serverfault.com/questions/368761/dkim-on-postfix-relay-server

stephdl · October 6, 2018, 7:40am

maybe just a new wave of questions after my answer

I use nethserver as my main email server, but it is hard for me to be compliant with all email servers of the world, mainly those of Microsoft, they do not want of my email. So I use a smtp smarthost of my isp to send the email, but I sign them by opendkim. Of course you must deactivate the spf, else you could be found as a spammer because your email is not sent by the right IP address

in short

Nethserver (this server signs by opendkim) -> ISP smarthost -> Internet -> other email server

from my point of view the email should be signed by the zentyal server, or put to the trash zentyal and be a nethservian

GG_jr · October 6, 2018, 7:52am

I think you can use spf, adding in txt the IP of the ISP

“v=spf1 mx:domain.tld ip4:yourIP ip4:ispIP ~all”

“v=spf1 ip4:yourIP ip4:ispIP ~all”

or try with only your ISP IP

“v=spf1 ip4:ispIP ~all”

royceb · October 6, 2018, 3:06pm

Hey @stephdl great response.

I would love to easily implement the DKIM on Zentyal if not get rid of it all together but there are just some primary things Zentyal currently offers that I am not getting with Neth 7.5 at this time. Zentyal makes it a pain in the rump as well to add DKIM. Heck, once I can get Neth to be as easy to use (bother experience wise and what Zentyal offers to me) I will be switching but I’d figure this is the great place to start so I can put up a new mailing filter and DKIM.

I’ve read that I need to start in the postfix and add the trusted hosts to the conf file but I then don’t know how to tell Neth that it should sign all those incoming emails before it relays them to the final destination.

@GG_jr you are right. I have my DMARC, SPF and DKIM records all signed and setup working perfectly from Neth if Neth is acting email server for inbound/outbound messages.

stephdl · October 6, 2018, 3:48pm

Nethserver could authenticate users from a remote openldap or remote sambaAD, if needed you could move just the mail service to NS.

royceb · October 6, 2018, 3:58pm

I’ve got NS joined to the domain of Zentyal. I guess the best way I can try and explain what I’m after would be a similar product called Scrolloutf1 (http://www.scrolloutf1.com/). Normally I would use this BUT I’d like to drop that product and get NS up and running in that functionality. Over time, NS will become the defacto replacement for my Zentyal servers but those are currently in production.