>David, > >I'm happy to know a knowledgeable person related to DKIM. From what I >can tell, the current james dkim mailet is only usable for non-virtual >hosting servers, where the server rdns is the same as the 'from' domain >in the email.
Definitely not - I'm using it on a linode VM. Also rDNS and DKIM are entirely separate issues. It's true that to max out on this_message_is_not_spam points, the rDNS should match the domain name, but that's often impossible to achieve in the real world where you may hosts a number of domains on a single host, whether that be a VM or real hardware. And of course antispam software knows this. A single ipv4 rDNS can only match a single domain; so long as you set it to match one of your domains that **actually resolves**, remote servers will accept your email and deliver it to an INBOX, *provided* all the other checks pass - ie - you're not in a DNSBL and you have correct SPF, DKIM and DMARC TXT records. Again - DKIM and rDNS are completely different issues that just happen to be two of the factors that are considered by antispam software. The james dkim mailet is going to need some modifications >to support virtual hosting. But until recently, it was not clear to me >that I needed to sign using each virtual host 'from' domain instead of >the smtp server domain. DKIM is agnostic about bare metal v virtual machine; it doesn't know or care. What matters is that you have the key pair and that james (or exim or postfix or whatever smtp software) signs outgoing mail with the private key and that the corresponding public key is available in a correctly formatted DNS TXT record - one for *each* domain. > >I am hosting all of my domains on Amazon Web Services. AWS offers a >gateway that can serve as a james proxy. I'm not thrilled to have to do >it, but I'm now 'laundering' all of my outbound mail through the AWS >gateway. Receiving servers see AWS, not my james server. I analyzed >how the AWS gateway modifies the mail. The AWS gateway adds a DKIM >record for the actual 'from' domain as you explained is required. It >also adds a DKIM record for the AWS server domain itself. Is that >overkill? Probably not, it won't do any harm; the unfortunate fact is that it's become more difficult for "little guys" to run there own mail server. I think Mr gmail and Mr hotmail are very happy to talk with Mr Amazon, probably more so than with Joey :-) Joey really needs to get those 3 TXT records in order and hope he hasn't inherited a blocklisted ip for his VM. My experience of getting off a blocklist is not good. >Or should there always be an smtp server dkim record as well >as a 'from' domain dkim record? DKIM is a per domain issue from the DNS point of view. If you send mail from the mail exchanger at foobar.com, it's foobar.com that needs the DKIM record. I've no clue about what if any mangling Amazon does in that respect, but I assume what it does is necessary. -- David Matthews [email protected] --------------------------------------------------------------------- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
