On Fri, 4 Mar 2022 at 23:34, Ansgar <ans...@43-1.org> wrote:
> On Fri, 2022-03-04 at 13:27 +0100, Stephan Lachnit wrote:
> > On Fri, Mar 4, 2022 at 12:47 PM Baptiste Beauplat <lykn...@cilg.org>
> > wrote:
> > > As a reminder debian.org addresses does support DKIM. After
> > > configuration on your mail server, you can publish your DKIM public
> > > key
> > > to db.debian.org [1][2].
> >
> > Can you point to some quick guide on how to do this for gmail? The
> > support page seems kinda confusing to me.
>
> This usually requires you running your own mail server (for outgoing
> mail).
>
> I don't think mail providers like GMail allow you to set up DKIM for
> individual IP addresses.
This is basically how I do it. My setup is I have G-Suite or whatever its
name is this week and a separate outbound server. I'm not sure what the "to
do this for gmail" means here, so there is three parts to this:
* What Gmail does with DKIM
* How I send emails from @debian.org using mutt etc
* How I send emails from @debian.org using Gmail
First, Gmail likes DKIM signed mails; some of these bounces are caused by
DKIM problems. DKIM is basically a signature to say the senders server is
allow to send those emails. You have to set it up (sign) on the outbound
servers and check it on the inbound servers.
For any of my servers/laptops I send outbound email to my own outbound
server. This server signs emails using opendkim with the dropbear.xyz key
or the debian key depending on the from address. It's no good sending email
from j...@cow.com with a key good for j...@sheep.net
Last of all, to send emails within Gmail using csm...@debian.org as my from
address, you go into Settings->Accounts->Send mail as. The outbound
mailserver is my server (that signs my debian emails). Of course my
outbound server requires a username and password to send emails so that is
recorded in the settings too (and is unique for each sending system/server).
The result is this goodness I can see with an email from my laptop into
Gsuite using my debian email address:
Authentication-Results: mx.google.com;
dkim=pass header.i=@debian.org header.s=debian1.csmall.user
header.b=uVHcNrjO;
header.i is identity, e.g. what domain are you trying to prove you can use.
header.s is selector, which is what method/key am I using to prove this.
header.b is the hash/signature.
I'm a network engineer, not a mail server admin so this might not be 100%,
but it does give me the happy mailserver headers I want.
- Craig
