Hi all
I seem to be having a strange problem with the dkim_signing module. I have a Zimbra server with two domains on it, the primary domain is
mydomain-name.uk.com (the server answers as
mail01.mydomain-name.com) and the second domain is
mydomain-name.co.uk. I have a primary account name as
a.u...@mydomain-name.uk.com, Zimbra has a feature to use a 'persona' to send an email using a different "Reply-to" & "From" email address, I normally use second domain on this server as "
a.u...@mydomain-name.co.uk.
If I send an email from my account as the 'primary' user' using
mydomain-name.uk.com for Reply-to & From everything works as expected when I send the mail to my gmail account all the SPF, DKIM, DMARC & ARC all give a pass. When I change to my secondary mail detail as
a.u...@mydomain-name.co.uk for the Reply-to & From it works sometimes and other times it fails the DMARC check.
As far as I understand it, I should use the following setting to use the 'correct' domain name in the DKIM header.i entry:
use_domain_sign_networks = "header";
I have that enabled and obviously the problem is caused by that setting not being respected for every email that's sent. I've listed below the configdump for dkim_signing and the headers from a successful and failed DMARC. I'm sorry about the length of this with all the headers but can anyone give me a clue on what's happening, is it my config or a possible bug? If I've missed any info then let me know what's needed and if it's a possible bug I'll file this in github as an issue. Thanks in advance
*** Section dkim_signing ***
allow_envfrom_empty = true;
allow_hdrfrom_mismatch = true;
allow_hdrfrom_multiple = false;
allow_username_mismatch = true;
auth_only = true;
sign_local = true;
symbol = "DKIM_SIGNED";
try_fallback = true;
use_domain = "header";
use_esld = true;
use_redis = false;
key_prefix = "DKIM_KEYS";
use_domain_sign_networks = "header";
use_domain_sign_local = "header";
*** End of section dkim_signing ***
# SPF, DKIM, DMARC - all passed
Delivered-To:
a.us...@gmail.comReceived: by 10.25.103.19 with SMTP id b19csp1562840lfc;
Sun, 4 Feb 2018 04:16:01 -0800 (PST)
X-Google-Smtp-Source: AH8x226jqcgU46N7Q3tdgdnvdigSr5OKxncOfAArVZis/blg/a11bBwdZJArbiGMYgYQ8ftjn07m
X-Received: by 10.223.135.209 with SMTP id c17mr30167019wrc.7.1517746561196;
Sun, 04 Feb 2018 04:16:01 -0800 (PST)
ARC-Seal: i=2; a=rsa-sha256; t=1517746561; cv=pass;
d=
google.com; s=arc-20160816;
b=B+06jWin9rvd+3WSGQAGsIMqx85hrIspgMaLDQYZD3/x2a39LfZ9E/7d+DNYYh5O/4
oeQoSec+PLx/bPHILE+NA/JFMf2B1SbyBreu1gEUakHaxaii1jYcCAFsaAEAhEg8+Pya
jmaGc5vfd74JfczsphrawLZ/qjaVvyracBdE1Ue/lp3xiI3a9hdxihwVTc6dGx3JIVI2
2kenb2Fr/W3A+YnVzkTN2vFaIDuIpe5besKl+zvrpEIoepnJ9oE09oIo1l2juqsn/Gwc
pGqlKHqYbsZ0I0fqD87QXpCGdZjkKavTIueHtHv2Q+j7EVk5Jz0L8rYFWBJintJmRGoX
3cPg==
ARC-Message-Signature: i=2; a=rsa-sha256; c=relaxed/relaxed; d=
google.com; s=arc-20160816;
h=dkim-signature:arc-authentication-results:arc-message-signature
:thread-topic:thread-index:mime-version:subject:message-id:to
:reply-to:from:date:arc-authentication-results;
bh=NPeFKPrBf/7yRUlln8cX4rpJYoCC1Pw9yYKTnTilGN0=;
b=f4Eoxc4Qap/1+q1cn+hXn5oSX0gpy42+w3i/xOPgoP8jQBWIBvPgK5LUcYIn2f0EAh
ECODjL4U3xEynbUXDsvGUfUY6SlAPVZzYTJmW673xtO8PGgqgwUrlP7WmG9KQmLAv+ev
gwnIJ++Wnvn6B+yr9gK3ICtx8GLE3ECfHkfCYNw27gwM7bhDSsfXIIP02O1zlbHjtF+r
aUDU4zq7s3+FFxxcLE0mHo69nBkmUOM6YpPoUE/edFQwDmf3vbzHg61Lt8OY1D4iJQ1h
RkKksU7ke9A+QG18k3JhYBOwF5A9yjluACFMUwgxnd77bgkIdxmBF91MS/fZkEA9DxuT
KC0g==
ARC-Authentication-Results: i=2;
mx.google.com;
dkim=pass header.i=@
mydomain-name.co.uk header.s=dkim header.b=Mw5YZ8B4;
arc=pass (i=1);
spf=pass (
google.com: domain of
a.u...@mydomain-name.uk.com designates 82.64.17.37 as permitted sender) smtp.mailfrom=
a.u...@mydomain-name.uk.com;
dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=
mydomain-name.co.ukReturn-Path: <
a.u...@mydomain-name.uk.com>
Received: from
mail01.mydomain-name.uk.com ([82.64.17.37])
by
mx.google.com with ESMTPS id b68si2816560wrd.87.2018.02.04.04.16.00
for <
a.us...@gmail.com>
(version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128);
Sun, 04 Feb 2018 04:16:00 -0800 (PST)
Received-SPF: pass (
google.com: domain of
a.u...@mydomain-name.uk.com designates 82.64.17.37 as permitted sender) client-ip=82.64.17.37;
Authentication-Results:
mx.google.com;
dkim=pass header.i=@
mydomain-name.co.uk header.s=dkim header.b=Mw5YZ8B4;
arc=pass (i=1);
spf=pass (
google.com: domain of
a.u...@mydomain-name.uk.com designates 82.64.17.37 as permitted sender) smtp.mailfrom=
a.u...@mydomain-name.uk.com;
dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=
mydomain-name.co.ukReceived: from localhost (localhost.localdomain [IPv6:::1]) by
mail01.mydomain-name.uk.com (Postfix) with ESMTP id 8D216C0393F5 for <
a.us...@gmail.com>; Sun,
4 Feb 2018 13:16:00 +0100 (CET)
X-Virus-Scanned: amavisd-new at
mail01.mydomain-name.uk.comReceived: from
mail01.mydomain-name.uk.com ([IPv6:::1]) by localhost (
mail01.mydomain-name.uk.com [IPv6:::1]) (amavisd-new, port 10026) with ESMTP id jU2NVo6UMZoE for <
a.us...@gmail.com>; Sun,
4 Feb 2018 13:16:00 +0100 (CET)
Received: from
mail01.mydomain-name.uk.com (
mail01.mydomain-name.uk.com [192.168.1.30]) by
mail01.mydomain-name.uk.com (Postfix) with ESMTP id 3FAAFC039229 for <
a.us...@gmail.com>; Sun,
4 Feb 2018 13:15:59 +0100 (CET)
Date: Sun, 4 Feb 2018 13:15:59 +0100 (CET)
From: A User <
a.u...@mydomain-name.co.uk>
Reply-To: A User <
a.u...@mydomain-name.co.uk>
To: A User01 <
a.us...@gmail.com>
Message-ID: <
119387807.90083.151774...@mydomain-name.uk.com>
Subject: dmarc, dkim test
MIME-Version: 1.0
Content-Type: multipart/alternative; boundary="=_4844daec-010c-4afb-a511-0e11c57c6daf"
X-Mailer: Zimbra 8.8.6_GA_1906 (ZimbraWebClient - FF56 (Linux)/8.8.6_GA_1906)
Thread-Index: 7ohe7W4T2ld+Ss27hFqqcjeuMlxbDw==
Thread-Topic: dmarc, dkim test
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=
mydomain-name.co.uk; s=dkim; t=1517746559; h=from:reply-to:subject:date:message-id:to:mime-version:content-type; bh=NPeFKPrBf/7yRUlln8cX4rpJYoCC1Pw9yYKTnTilGN0=; b=ccPxosqlHMUhri71K6QqjB6WnovQxpNyIGCp0WnG8s0EqDbpiMdHkttznu96jJgO+cSgrS ENx8my8XDFcuJYxJqvTxiuRUmiZjpeKdzQP+6m6+E7LGdOf5UpJ8kG+/BypPNKIQAmw5hQ 6BwaR+CDEtU8szY2hLjbg46G/17gCUQ=
ARC-Seal: i=1; s=dkim; d=
mydomain-name.co.uk; t=1517746559; a=rsa-sha256; cv=none; b=Jp7nnitFoJrbrhMpaaFuGJwiAaMRxcUQTw8ElMnL+FYN7QNjXunjOQMeru/cxHvATRcJunWrtCnelbLkUoqlcF1mAnb/PAf/wgBaVcm/Ed8GJhGhgXjejLALuU3z2h8VADZAtqQSyAkshKIy5bUKyLUseGK75wdrl47OczKrUb8=
ARC-Authentication-Results: i=1;
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=
mydomain-name.co.uk; s=dkim; t=1517746559; h=from:reply-to:subject:date:message-id:to:mime-version:content-type; bh=NPeFKPrBf/7yRUlln8cX4rpJYoCC1Pw9yYKTnTilGN0=; b=Mw5YZ8B4CvK+Cd96qIpxerwm9ta/6UEhpz8Pp/quLzvH77EDGQ1VuhhrCUfLeuqpCmpEuc v/Z2WfNZJtoc//7o35glhdSyRgC/jzJbIBjqibNx5zRQx/oIC+biVib5EVf7rxnWm/dkv/ 3XtucHlEIOCYZ9mSDLKIYV2qKOnL7jM=
# SPF, DKIM - DMARC Failed
Delivered-To:
a.us...@gmail.comReceived: by 10.25.103.19 with SMTP id b19csp1417346lfc;
Sun, 4 Feb 2018 00:31:14 -0800 (PST)
X-Google-Smtp-Source: AH8x227uk3F6euKNNAnOeChdcRkTa4a30i8MIr6joU2PSmQUVsf/5L+O8QMtXzc+IFrO/p202bIA
X-Received: by 10.28.199.132 with SMTP id x126mr7418335wmf.71.1517733074077;
Sun, 04 Feb 2018 00:31:14 -0800 (PST)
ARC-Seal: i=2; a=rsa-sha256; t=1517733074; cv=pass;
d=
google.com; s=arc-20160816;
b=tnDuy6whTkXFubsm+F2fi/QDNPGWY0M+ndqF9rXRagpAVqAgcKjL9YTKE4qq9Kjdcn
t6N2nxu/3T0ieqZzs7JGuelxGpjWsFex9oYyDpM4FmoIN8Vjt3aynLnkq+ZC7OjFJ1wF
hgMLfCXSDxkCkIc3pu+0zOqWm0neX/tcmjPljMsbpybWTZppNBh7vW+S/NOuU3pq+8QK
f5DxpQYqBR4yBJdcDqtkj9p/lwsHLyLv6B5H60/qgHM/5PXjHZ+K1ENtoJo7e7+nhTbL
C6C4s4qnmGbAlClKOJpSo98SXxkP2Nz9ItGtGF9Puvfz8QzfgItxms5PgPrOiRM6Ahmt
IAUg==
ARC-Message-Signature: i=2; a=rsa-sha256; c=relaxed/relaxed; d=
google.com; s=arc-20160816;
h=dkim-signature:arc-authentication-results:arc-message-signature
:thread-topic:thread-index:mime-version:subject:message-id:to
:reply-to:from:date:arc-authentication-results;
bh=PV7sd/uSrsxdGHp1eFqnD8TDTZbJ2UlvheT3JX0mbuI=;
b=pc73IQSktfWot4phyF+TjI6QGQetmFOuRm1n7bnnSTI4ajrLLlVZnxC6kpZXqMk5ot
+O2TxnZ+PzHvCYIko6qZ71kCrHIOiq//jDUDeSMzQMNdQDvW5xRJk7ENWHwAIPrxYYiy
cs3jb2M5pB/lFuc+7vTt4ZbdxhkD7Rbu8KD4lU35RHbtBTalx1TpJhEj7GkQyOeeLHAf
Q0BBDSzmL7h3HafR2/jGvXJGs1OTkqLM2YIgl6DyNZekg1hUpwfK71ZUMYwr1nhEnacf
fSUqVdKvSy26vAxD94p8cBSD8Qt1+/f1USkxGrRdB2fCBeTstVPH4/xMokby+Qw3i9Ic
8UKA==
ARC-Authentication-Results: i=2;
mx.google.com;
dkim=pass header.i=@
mydomain-name.uk.com header.s=dkim header.b=CG2utftP;
arc=pass (i=1);
spf=pass (
google.com: domain of
a.u...@mydomain-name.uk.com designates 2a01:e0a:6e:c111:250:56ff:fe86:5606 as permitted sender) smtp.mailfrom=
a.u...@mydomain-name.uk.com;
dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=
mydomain-name.co.ukReturn-Path: <
a.u...@mydomain-name.uk.com>
Received: from
mail01.mydomain-name.uk.com ([2a01:e0a:6e:c111:250:56ff:fe86:5606])
by
mx.google.com with ESMTPS id v79si5407510wrb.43.2018.02.04.00.31.13
for <
a.us...@gmail.com>
(version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128);
Sun, 04 Feb 2018 00:31:13 -0800 (PST)
Received-SPF: pass (
google.com: domain of
a.u...@mydomain-name.uk.com designates 2a01:e0a:6e:c111:250:56ff:fe86:5606 as permitted sender) client-ip=2a01:e0a:6e:c111:250:56ff:fe86:5606;
Authentication-Results:
mx.google.com;
dkim=pass header.i=@
mydomain-name.uk.com header.s=dkim header.b=CG2utftP;
arc=pass (i=1);
spf=pass (
google.com: domain of
a.u...@mydomain-name.uk.com designates 2a01:e0a:6e:c111:250:56ff:fe86:5606 as permitted sender) smtp.mailfrom=
a.u...@mydomain-name.uk.com;
dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=
mydomain-name.co.ukReceived: from localhost (localhost.localdomain [IPv6:::1]) by
mail01.mydomain-name.uk.com (Postfix) with ESMTP id DBC4BC03923E for <
a.us...@gmail.com>; Sun,
4 Feb 2018 09:31:12 +0100 (CET)
X-Virus-Scanned: amavisd-new at
mail01.mydomain-name.uk.comReceived: from
mail01.mydomain-name.uk.com ([IPv6:::1]) by localhost (
mail01.mydomain-name.uk.com [IPv6:::1]) (amavisd-new, port 10026) with ESMTP id OAd4yFmzmGRa for <
a.us...@gmail.com>; Sun,
4 Feb 2018 09:31:12 +0100 (CET)
Received: from
mail01.mydomain-name.uk.com (
mail01.mydomain-name.uk.com [192.168.1.30]) by
mail01.mydomain-name.uk.com (Postfix) with ESMTP id B1F0AC03923B for <
a.us...@gmail.com>; Sun,
4 Feb 2018 09:31:12 +0100 (CET)
Date: Sun, 4 Feb 2018 09:31:12 +0100 (CET)
From: A User <
a.u...@mydomain-name.co.uk>
Reply-To: A User <
a.u...@mydomain-name.co.uk>
To: A User01 <
a.us...@gmail.com>
Message-ID: <
434979967.90035.151773...@mydomain-name.uk.com>
Subject: dmarc, dkim test
MIME-Version: 1.0
Content-Type: multipart/alternative; boundary="=_9880ce95-9884-4cdf-a122-ed00cd75fcec"
X-Mailer: Zimbra 8.8.6_GA_1906 (ZimbraWebClient - FF56 (Linux)/8.8.6_GA_1906)
Thread-Index: 3+DRJIk8FCnVmK4VyMnvLrLgR4dWjw==
Thread-Topic: dmarc, dkim test
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=
mydomain-name.co.uk; s=dkim; t=1517733072; h=from:reply-to:subject:date:message-id:to:mime-version:content-type; bh=PV7sd/uSrsxdGHp1eFqnD8TDTZbJ2UlvheT3JX0mbuI=; b=B3tjRkDzd7cNBvtCIlaz9CTj96ual1im8M22w1m78nz5OX9v53isEbHK8ZQueTvIiXNvJ6 +v/KdcHskikMqHt8xGVLpMkDD+6T9yk65iYHngnSFkjeHy/GBCKQnG0IED+VbfZbzD4c7i zbQfT7kDpFRwVI5+PbYYPIUiLJ9jfog=
ARC-Seal: i=1; s=dkim; d=
mydomain-name.co.uk; t=1517733072; a=rsa-sha256; cv=none; b=bgYFNbWFcr5wLvaeB5WoICe2b/i5gfO7tthslotyk9RIpDML6oowCntmmIgdAQlbEqRBZhriVk2PcuPhx3cq01fVbOR9LqIubtJRQNK/k/KX8JBAg/g8brpF6p+ZJDl++rjSOUBkv179rDQdqC5R7dfZ55rIX6WeORe0PiYz7B4=
ARC-Authentication-Results: i=1;
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=
mydomain-name.uk.com; s=dkim; t=1517733072; h=from:reply-to:subject:date:message-id:to:mime-version:content-type; bh=PV7sd/uSrsxdGHp1eFqnD8TDTZbJ2UlvheT3JX0mbuI=; b=CG2utftPcSbuyzyfTg6sbgbjNUekIydWLTomDDud1sdHqdhmmJpsNQI42rPYVpgarWYrqL 5vZJN54paSHSYDKazmTzai6R0XjnGdrS3QJgUA9ht+gdFYT+c+mAK+/zcanL0Y0MiQ2zgZ V4IIM+JTvD1Xj88r6vJjLMwboaurV88=
Regards
Bill