I am curious to find out if my domains are being used to send spam without my knowledge. So I am configuring the following:
SPF: Sender Policy framework, tells others which mail servers are authorized to send E-Mail for your domain.
DKIM: Domain Keys Identified Mail, uses encryption and DNS to verify an E-Mail sender and that it was not altered in transit
DMARC: Domain based Message Authentication, Reporting and Conformance. Builds on SPF and DKIM and implements a policy and reporting system around them
My mail setup is using Postfix for the mta, SOGo & Squirrelmail for mail agents. I broke squirrelmail in the process but I will have to deal with that problem at later time. My current issue is how OpenDKIM filters the OpenLDAP alias entries retrieved by SOGo from the OpenLDAP entries. I get the following message in my maillog:
Notice the issue, how the alias name does not have the domain name. Here is the email header at the receiving end:
Postfix must add the domain name to the from address after the OpenDKIM filtering. The SMTP server at the receiving end has no issue with what I am sending but my smtp server was not very happy with the header.
My solution was to change: public function validate_alias($alias, $check_uniqueness = FALSE, $check_reserved = TRUE) in /usr/clearos/apps/mail_extension/libraries/OpenLDAP_User_Extension.php and remove from the validation the @ sign to include the domain name.
I never understood why the domain name can not be added to the User Alias Name especially if you have two domains configured for the same box. My solution resolves the above problem but I am concern that this might bite me in the future?
SPF: Sender Policy framework, tells others which mail servers are authorized to send E-Mail for your domain.
DKIM: Domain Keys Identified Mail, uses encryption and DNS to verify an E-Mail sender and that it was not altered in transit
DMARC: Domain based Message Authentication, Reporting and Conformance. Builds on SPF and DKIM and implements a policy and reporting system around them
My mail setup is using Postfix for the mta, SOGo & Squirrelmail for mail agents. I broke squirrelmail in the process but I will have to deal with that problem at later time. My current issue is how OpenDKIM filters the OpenLDAP alias entries retrieved by SOGo from the OpenLDAP entries. I get the following message in my maillog:
Mar 1 10:42:21 services210 opendkim[17575]: A2CAF5E5: can't parse From: header value ' "Philippe Eveleigh" <philippe>'
Notice the issue, how the alias name does not have the domain name. Here is the email header at the receiving end:
Authentication-Results: mx.google.com;
dkim=pass [email protected] header.s=201802 header.b=I2jGqBrg;
...
Authentication-Results: mail.cognoquest.org; dkim=permerror (bad message/signature format)
Postfix must add the domain name to the from address after the OpenDKIM filtering. The SMTP server at the receiving end has no issue with what I am sending but my smtp server was not very happy with the header.
My solution was to change: public function validate_alias($alias, $check_uniqueness = FALSE, $check_reserved = TRUE) in /usr/clearos/apps/mail_extension/libraries/OpenLDAP_User_Extension.php and remove from the validation the @ sign to include the domain name.
if (!preg_match("/^([a-z0-9_\-\.\$]+)$/", $alias))
return lang('mail_extension_mail_alias_invalid');
for
if (!preg_match("/^([a-z0-9_\-\.\@\$]+)$/", $alias))
return lang('mail_extension_mail_alias_invalid');
I never understood why the domain name can not be added to the User Alias Name especially if you have two domains configured for the same box. My solution resolves the above problem but I am concern that this might bite me in the future?
In Webconfig
Share this post:
Responses (2)
-
Accepted Answer
-
Accepted Answer
Nick Howitt wrote:
Is that not an issue of how you have set the e-mail client? Does your alias and proper name use the same domain?
Yes and no, I guess you could make an argument for the client do to this but I would be incline not to. The client SOGo retrieves what it is instructed to do via LDAP. For my configuration as many others here: Installing SOGo 3.0.2-1 on ClearOS 7.2:
MailFieldNames = (clearMailAliases,mail);
The above request will retrieve the 'clearMailAliases' that have no domain and the 'mail' that does. For my configuration I do not include the 'mail' argument I do not want to provide the world the name of my mail boxes. Yes the domain is the same.
Please login to post a reply
You will need to be logged in to be able to post a reply. Login using the form on the right or register an account if you are new here.
Register Here »