0

I created a mail server with debian 8 and iRedMail that works perfectly. The mail server runs 5 virtual domains and is configured with SPF, DKIM and DMARC

I receive correctly DMARC report for mails sent from the machine and everything is aligned.

I have a second machine that works as a Web Server, this machine sends daily reports to an @gmail.com account when I receive DMARC reports of this machine the SPF is aligned (because the IP is inserted in the DNS record) but the DKIM not presume because it is not configured.

How do I align the DKIM also the WEB machine? In addition to sometimes as the sending address is not the IP but the PTR (Reverse DNS) also in this case the DKIM is not aligned.

The following DNS configuration:

_dmarc.maildomain.com.  300 IN  TXT "v=DMARC1\; p=quarantine\; rua=mailto:mail@maildomain.com"
maildomain.com. 300 IN  TXT "v=spf1 a mx ip4:ip_mail_server ip4:ip_web_server ~all"
dkim._domainkey.maildomain.com. 300 IN  TXT "v=DKIM1\; p=KEY"
Vincenzo
  • 39
  • 1
  • 5
  • I'm not quite clear what you're looking for here. DKIM doesn't care about IPs, that's SPF's job. If you want to sign messages with DKIM from the web machine, you'll also need your private key and signing set up on there. – Synchro Sep 25 '16 at 17:50
  • Why do you need the DKIM to be aligned? If your SPF is aligned, then DMARC will work correctly. Synchro is right just sign the DKIM with the name of the web machine. – Henry Sep 26 '16 at 19:50

1 Answers1

0

I think there are three options:

  1. Use your existing mail server as authenticated smtp relay for the webserver (one point of failure but therefore less maintenance work) with e.g. ssmtp
  2. Implement DKIM signing on your webserver as well (either with the same key or a second one)
  3. Set DKIM option relaxed for DMARC. There is an official list of DMARC generator which may help you. Generally, the addition "adkim=s;" would do it in your TXT record starting with "v=DMARC1;"

Hope that helps, otherwise please add more details.

Reacher234
  • 230
  • 2
  • 11