From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from firstgate.proxmox.com (firstgate.proxmox.com [212.224.123.68]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits)) (No client certificate requested) by lists.proxmox.com (Postfix) with ESMTPS id 8BD1794FB8 for ; Fri, 23 Feb 2024 18:17:55 +0100 (CET) Received: from firstgate.proxmox.com (localhost [127.0.0.1]) by firstgate.proxmox.com (Proxmox) with ESMTP id 63DA01C986 for ; Fri, 23 Feb 2024 18:17:25 +0100 (CET) Received: from proxmox-new.maurer-it.com (proxmox-new.maurer-it.com [94.136.29.106]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits)) (No client certificate requested) by firstgate.proxmox.com (Proxmox) with ESMTPS for ; Fri, 23 Feb 2024 18:17:23 +0100 (CET) Received: from proxmox-new.maurer-it.com (localhost.localdomain [127.0.0.1]) by proxmox-new.maurer-it.com (Proxmox) with ESMTP id A086544E3F for ; Fri, 23 Feb 2024 18:17:23 +0100 (CET) Date: Fri, 23 Feb 2024 18:17:22 +0100 From: Stoiko Ivanov To: Maximiliano Sandoval Cc: pmg-devel@lists.proxmox.com Message-ID: <20240223181722.662d5bf7@rosa.proxmox.com> In-Reply-To: <20240219130036.445696-1-m.sandoval@proxmox.com> References: <20240219130036.445696-1-m.sandoval@proxmox.com> X-Mailer: Claws Mail 4.1.1 (GTK 3.24.38; x86_64-pc-linux-gnu) MIME-Version: 1.0 Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit X-SPAM-LEVEL: Spam detection results: 0 AWL 0.082 Adjusted score from AWL reputation of From: address BAYES_00 -1.9 Bayes spam probability is 0 to 1% DMARC_MISSING 0.1 Missing DMARC policy KAM_DMARC_STATUS 0.01 Test Rule for DKIM or SPF Failure with Strict Alignment SPF_HELO_NONE 0.001 SPF: HELO does not publish an SPF Record SPF_PASS -0.001 SPF: sender matches SPF record T_SCC_BODY_TEXT_LINE -0.01 - URIBL_BLOCKED 0.001 ADMINISTRATOR NOTICE: The query to URIBL was blocked. See http://wiki.apache.org/spamassassin/DnsBlocklists#dnsbl-block for more information. [proxmox.com] Subject: Re: [pmg-devel] [PATCH] dkim: document dkim_use_domain X-BeenThere: pmg-devel@lists.proxmox.com X-Mailman-Version: 2.1.29 Precedence: list List-Id: Proxmox Mail Gateway development discussion List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 23 Feb 2024 17:17:55 -0000 Thanks for addressing this! comment inline: On Mon, 19 Feb 2024 14:00:36 +0100 Maximiliano Sandoval wrote: > Signed-off-by: Maximiliano Sandoval > --- > Continuation of https://lists.proxmox.com/pipermail/pmg-devel/2024-February/002714.html. > > pmgconfig.adoc | 7 +++++++ > 1 file changed, 7 insertions(+) > > diff --git a/pmgconfig.adoc b/pmgconfig.adoc > index bf3887e..0acb8e9 100644 > --- a/pmgconfig.adoc > +++ b/pmgconfig.adoc > @@ -585,6 +585,13 @@ Controls whether all outbound mail should get signed or only mails from domains > listed in `/etc/pmg/dkim/domains`, if it exists and `/etc/pmg/domains` > otherwise. > > +Select Signing Domain:: > + > +Determines whether to DKIM sign emails using the domain found in the envelope > +from or the from header in the body of the email. Some emails do not set a here I'd probably add a reference to RFC5321 and RFC5322 respectively > +return path and it is desirable to sign them using the domain found in the from I personally would rather phrase that as: `Some emails are sent with an empty envelope sender` instead of not setting a return path (the Return-Path header is usually set by some MTA on the transport-path of the mail. > +header. > + Additionally - I'd mention that DMARC (with reference to the RFC+section) needs the header-from as domain in certain situations. > These settings are saved to the 'admin' subsection in `/etc/pmg/pmg.conf`, > using the following configuration keys: >