I have a user that wants to send mail @something-I-dont-host.com using “mail.domain-I-host.com”. I got that domain added into the milter so that gets them past me, but the mail is not DKIM signed and sometimes gets rejected remotely. I can give them the DNS line so that signed mail will look-up right and get the key but how do I make the server sign it on the way out?
The list under:
Virtualmin > Email Settings > DomainKeys Identified Mail > Domains currently signed for
looks static (no button to add something there).
Webmin > Servers > Postfix Mail Server > Sender Dependent Transport Mapping
looks promising…I could “Add a new mapping” and put @something-I-dont-host.com and point it to the smtp-#### for the on I do… but I don’t know that that’s what it seems like it might be to me.
That doesn’t have anything to do with DKIM signing.
If the mail isn’t being sent through your server, you can’t sign the mail, and the public key for the signing key of the server sending the mail needs to be added to a TXT record for that zone.
Or, are you saying the user is sending mail through your server from a domain that is not on your server?
The second one. They are authenticating as someone@something-I-host.com but want to send mail as @something-i-do-not-host.com. I want to sign the outgoing mail and give them the DNS line to add to their DNS host.
So, as far as I know, signing is either always on or it isn’t. So, the message should be signed already.
I believe you just need to add the public key for the signing key to the zone for the from domain. It’ll be the same key as the domain the user is logging in under. (The one in the TXT record for the domain.)
I had a different issue with DKIM (this server starting life as a clone) but have resolved that. I appears that you were correct initially. I get a rightly signed mail with or without the domain in “Extra domains to sign for”.
(I’m leaving it there just in case this is used in some way I don’t realize.)
(I don’t actually know much about this part of the code.)