Gmail DKIM for mail list | MDaemon Technologies, Ltd.
  1. Forum
  2. MDaemon
  3. Gmail DKIM for mail list

Gmail DKIM for mail list

  • V

    the mailing list contains, in addition to the users of the mdaemon mail server, also a third-party mailbox gmail.com . When sending to such a mailing list, the email does not reach the gmail mailbox due to the DKIM/SPF check. In DKIM Signing, we have disabled the "sign mailing list messages also" option, so this will force the server to sign all emails for internal mailing (which makes up 99% of all outgoing emails) and will cause an increased load on the mail server. How can I avoid using this option, for example, through the "Content Filter" with "Conditions..." - "Sign with DKIM selector..."

    logs:

    Tue 2024-05-21 15:03:32.332: [46695398] --> DATA
    Tue 2024-05-21 15:03:32.384: [46695398] <-- 250 2.1.0 OK a640c23a62f3a-a5a17c2c163si1343924566b.926 - gsmtp
    Tue 2024-05-21 15:03:32.406: [46695398] <-- 250 2.1.5 OK a640c23a62f3a-a5a17c2c163si1343924566b.926 - gsmtp
    Tue 2024-05-21 15:03:32.406: [46695398] <-- 354 Go ahead a640c23a62f3a-a5a17c2c163si1343924566b.926 - gsmtp
    Tue 2024-05-21 15:03:32.406: [46695398] Sending <e:\mdaemon\queues\remote\pd8001000832443.msg> to [142.250.145.26]
    Tue 2024-05-21 15:03:32.406: [46695398] Transfer Complete
    Tue 2024-05-21 15:03:32.565: [46695398] <-- 550-5.7.26 Your email has been blocked because the sender is unauthenticated.
    Tue 2024-05-21 15:03:32.565: [46695398] <-- 550-5.7.26 Gmail requires all senders to authenticate with either SPF or DKIM.
    Tue 2024-05-21 15:03:32.565: [46695398] <-- 550-5.7.26
    Tue 2024-05-21 15:03:32.565: [46695398] <-- 550-5.7.26 Authentication results:
    Tue 2024-05-21 15:03:32.565: [46695398] <-- 550-5.7.26 DKIM = did not pass
    Tue 2024-05-21 15:03:32.565: [46695398] <-- 550-5.7.26 SPF [] with ip: [87.255.243.55] = did not pass
    Tue 2024-05-21 15:03:32.565: [46695398] <-- 550-5.7.26
    Tue 2024-05-21 15:03:32.565: [46695398] <-- 550-5.7.26 For instructions on setting up authentication, go to
    Tue 2024-05-21 15:03:32.565: [46695398] <-- 550 5.7.26 https://support.google.com/mail/answer/81126#authentication a640c23a62f3a-a5a17c2c163si1343924566b.926 - gsmtp
    Tue 2024-05-21 15:03:32.565: [46695398] --> QUIT
    Tue 2024-05-21 15:03:32.566: [46695398] Сообщение не содержало допустимого пути возврата и было удалено
    Tue 2024-05-21 15:03:32.566: [46695398] Socket connection closed by the other side (how rude!)
    Tue 2024-05-21 15:03:32.566: [46695398] SMTP session terminated (Bytes in/out: 1391/3304)
    0 likes
  • A

    Google requires all senders to authenticate with either SPF or DKIM.  If you do not want to DKIM sign messages, can you make changes so that the message will pass SPF?

    By default MDaemon sends messages with a NULL MAIL FROM, so they cannot pass SPF.  To change the address used in the MAIL FROM command of the SMTP session, open MDaemon and go to Setup / Mailing List Manager / Select the List / Notifications.  Enter a valid email address in the field for "List's SMTP Bounce address".  

    Make sure the domain used in the bound address has an SPF record configured and that sending from the MDaemon server will pass.

    Alternatively, you could use the content filter to DKIM sign the desired messages,  but you'll have to make sure the option for "Apply content & spam filters to list mail before cracking individual copies" is unchecked.  This option is found under Setup / Mailing List Manager / Mailing List Settings.  Changing this setting will also increase the load on the mail server because it will process each individual list message through the content filter and spam filter.

     

    --
    Arron Caruth

    0 likes
  • V

    @Arron 
    We would like to sign all emails with DKIM, but this is illogical, when a local user of the mail server sends to a list of 500 other local mailboxes, all these emails were signed and caused an unreasonable load on the server. At the same time, of course, the usual sending from a local mailbox to an external gmail mailbox is signed by DKIM. We use two mail domains, and it seems difficult to filter, since both users of one domain and another, as well as external senders, can write to this list.

    "List's SMTP 'Bounce' Address:" - Does this indicate the address of the mailbox to which a notification will be sent in case of delivery problems?

    0 likes
  • A

    I'm not sure what you are asking.  The only options currently available are to have the message pass SPF, check the box to sign mailing list messages, or use the content filter to sign the specific list messages that you want signed.

    --
    Arron Caruth

    0 likes
  • V

    @Arron , "... have the message pass SPF", Are you talking about this option highlighted in red dotted line? The address that needs to be specified here, will something come to it after that or not?

    0 likes
  • A

    Are you talking about this option highlighted in red dotted line? 

    Yes

    The address that needs to be specified here, will something come to it after that or not?

    Yes. 

     

    --
    Arron Caruth

    0 likes
Please login to reply this topic!