Help with DKIM setup on multiple domains
Hi there,
Sorry this is long,
I am having trouble setting up DKIM and having it work correctly for one of my clients example.com
Here is the scenario:
I have example.com hosted at a2 on a shared hosting account.
Their dns is hosted at EasyDns
I have a managed VPS hosted with A2 as well.
On the managed VPS, I have an email application called example.net hosted which sends monthly newsletters to the example.com members.
I have DKIM setup for the domain example.net and emails that go out from it do indeed pass SPF and DKIM however when they arrive to a gmail or outlook address, they will have "via example.net" next to the Sender name. I am sure this is because the "From" domain does not match the sender"s domain address. (in this case lmadal@example.com).
What I tried doing:
I added the domain example.com in cpanel on the VPS where emailapplication resides. I then went into email deliverability and generated the DKIM key.
I then went to EasyDNS and entered the DKIM record as per the instructions. You can see it setup here: Network Tools: DNS,IP,Email
I verified in cpanel that the DKIM was valid and sent a test email to my gmail address (mikek@mnl.com), and to an example.com (someusr@example.com)address to check results. This email has the sender setup as lmadal@example.com.
The gmail address came through with passing both SPF and DKIM however it is still using the emailapplication DKIM key instead of the new one therefor still shows "via example.net" next to the Sender name.
Here are the Auth results in gmail headers:
The outlook email address (someusr@example.com) bounced with the following message in exim logs:
For the time being I have removed the example.com domain form the VPS because with this setup, the members that have that domain address will all bounce upon sending. Am I doing this correctly, or is there an additional step I am missing? Please help and let me know if you need any further details. Thank you. Mike Keller
ARC-Authentication-Results: i=1; mx.google.com;
dkim=pass header.i=@example.net header.s=default header.b=BPovsQzJ;
spf=pass (google.com: domain of 451459634-15397-3@example.net designates xx.xx.xxx.xxx as permitted sender) smtp.mailfrom=451459634-15397-3@example.net
Return-Path: <451459634-15397-3@example.net>
Received: from example.net (example.net. [xx.xx.xxx.xxx])
by mx.google.com with ESMTPS id s187si2062947pfb.255.2019.06.12.22.54.02
for
(version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128);
Wed, 12 Jun 2019 22:54:03 -0700 (PDT)
Received-SPF: pass (google.com: domain of 451459634-15397-3@example.net designates xx.xx.xxx.xxx as permitted sender) client-ip=xx.xx.xxx.xxx;
Authentication-Results: mx.google.com;
dkim=pass header.i=@example.net header.s=default header.b=BPovsQzJ;
spf=pass (google.com: domain of 451459634-15397-3@example.net designates xx.xx.xxx.xxx as permitted sender) smtp.mailfrom=451459634-15397-3@example.net
DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=example.net; s=default; h=Message-Id:From:Subject:Date:Reply-To:To:
The outlook email address (someusr@example.com) bounced with the following message in exim logs:
2019-06-12 22:54:02 1hbIgU-00063x-4t <= 451459635-21479341-31944015@example.net H=(localhost) [127.0.0.1]:36734 P=esmtp S=109390 T="April Newsletter" for someusr@example.com
2019-06-12 22:54:02 1hbIgU-00063x-4t ** emailapplication@xx.xx.xxx.xxx.static.example.com R=fail_remote_domains: The mail server could not deliver mail to emailapplication@xx.xx.xxx.xxx.static.example.com. The account or domain may not exist, they may be blacklisted, or missing the proper dns entries.
For the time being I have removed the example.com domain form the VPS because with this setup, the members that have that domain address will all bounce upon sending. Am I doing this correctly, or is there an additional step I am missing? Please help and let me know if you need any further details. Thank you. Mike Keller
-
I don't think DKIM is the issue with this based on a couple of things: 1. This shows the DKIM passes validation: dkim=pass header.i=@example.com header.s=default header.b=BPovsQzJ;
2. This shows the delivery is going to a mailbox that may not exist: emailapplication@xx.xx.xxx.xxx.static.example.com - is that a valid email address?R=fail_remote_domains: The mail server could not deliver mail to emailapplication@xx.xx.xxx.xxx.static.example.com. The account or domain may not exist, they may be blacklisted, or missing the proper dns entries.0 -
I don't think DKIM is the issue with this based on a couple of things: 1. This shows the DKIM passes validation:
dkim=pass header.i=@example.net header.s=default header.b=BPovsQzJ;
2. This shows the delivery is going to a mailbox that may not exist: emailapplication@xx.xx.xxx.xxx.static.example.com - is that a valid email address?R=fail_remote_domains: The mail server could not deliver mail to emailapplication@xx.xx.xxx.xxx.static.example.com. The account or domain may not exist, they may be blacklisted, or missing the proper dns entries.
Thanks for replying. Fixed the bounce issue by having to set themail routing for the example.com domain on the VPS to remote. However yes the dkim auth passes but it still is using the emailapplication dkim signature vs the example.com one. Is there any help you can give to get it to use the mycompany dkim signature when the from address is example.com? Basically, I need to somehow tell EXIM to dynamically sign the messages depending on the From address. Like; If domain exists on VPS for the from domain, use that domain's DKIM sig, else use the default example.net DKIM sig. I have been everywhere on the web looking for a solution. I believe SendGrid does this somehow but I have no idea who to contact for help. Thank you for any help you can give. Mike0 -
Hello @Mike Keller, Can you review the thread linked below and let me know if this points you in the right direction in terms of customizing how the EXIM DKIM header is signed? Thank you. 0
Please sign in to leave a comment.
Comments
3 comments