Hi Peter,
Actually this tells me a lot. The message that I posted that you
received and gmail flagged did not come directly from my james server.
My post went to the Apache JAMES forum, and the forum server re-sent it
out to you and other subscribers. Anything related to my JAMES server,
my ip address, DKIM, spf, etc would have been scrubbed from the message
before the forum server redistributed it. So if gmail flagged it, it
must have been something related to the content in the message itself or
something related to Apache's James Forum server. Do you get other
posts to this forum that are flagged as suspicious, or was it only
mine? I'm sure gmail is not going to be much help in informing what it
found that made it suspicious.
Thx
Jerry
On 12/27/2019 5:45 PM, Peter Henderson wrote:
On Fri, 27 Dec 2019 at 16:50, Jerry Malcolm <[email protected]> wrote:
I know just enough about DKIM to be very dangerous... so bear with me
here...
I am still struggling with mail I send being bounced. In the interim to
protect my clients, I configured some of my tomcat apps to use Amazon's
SES (SMTP) service bypassing my JAMES server. I analyzed the mail sent
via AWS just to see what might be different. One thing I see is TWO
DKIM signatures... one for the "from" domain of the email and another
for the sending host domain "amazonaws.com".
I have had JAMES configured with DKIM for years. But all I have is a
DKIM signature for my main server domain and not for each individual
sending domain. mail-tester.com hasn't complained. But again, mail is
bouncing from some domains like icloud.com, outlook.com, etc. So
"something" is still wrong.... Everything is on the table as possibly
flawed right now.
So what is the 'right' way to do DKIM? I am going to assume that if AWS
is signing for both the virtual domain and the sending server domain,
that's probably a good thing. But I don't see a way in the JAMES DKIM
mailet to add a second signature for the sending virtual host domain.
Am I missing something? Is my DKIM fine with only signing the basic
server? Should I continue to look elsewhere for my problems? Or should
I do additional work to start signing the virtual sending domain as well?
Thx
Jerry
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
FYI
My gmail client, RED flagged your message as suspicious.
So I diligently read the content, then clicked the "it's safe" button.
Otherwise I can't help.
HTH
Peter.
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
