- Edited
Englishencoding from different mail clients using mailcow as mail server
Can’t tell. Sending emails composed in sogo with plain text and umlaute to i.e. domain hosted at allinkl brings up the same result:
Authentication-Results: q.kasserver.com;
dkim=fail reason=“signature verification failed” (2048-bit key; unprotected) header.d=x.de header.i=@x.de header.a=rsa-sha256 header.s=dkim header.b=JevnIlCW;
dkim-atps=neutral
I’m sending from a socalled pool IP: IP-x.x.x.x-um38.pools.vodafone-ip.de. Means not a static IP. But if this causes the failure, then the failure should also be while sending in HTML. As I pointed out, DKIM passes with email sent from the same (dynamic) IP(4).
IMVHO I don’t think so.
- Edited
stefan21 OK, according to your header examples from above it was always mx5.vodafonemail.de which had the problem with your DKIM, so I thought it’s Vodafone specific.
But, as I wrote above, no DKIM problems here sending plaintext mails with Sogo
If you like, you could tell me one of your email adresses (is in this forum a pm function?). I’ll send you an email. Let’s see how this works.
- Edited
Well, since yesterday I have one user who also has encoding troubles. User is on iPad with ActiveSync configured. User can send via SOGo without problems, but from Apples integrated mail client outgoing mails are totally unreadable.
Had no time to investigate further yet.
esackbauer OK, I just checked this on my iPad and my ActiveSync account, works as usual with iPadOS 16.7.2 and after updating to iPadOS 17.1.1 in my case
Have deleted and reinstalled the Activesync account with my Ipad user. Problem persists. But only with that iPad user.
Installed the mobileconfig IMAP profile and everything as back to normal.
- Edited
Here’s the result from the dkimvalidator:
#######
Original Message:
Received: from mail.z.de (ip-109-192-q-q.um38.pools.vodafone-ip.de [109.192.q.q])
by relay-1.us-west-2.relay-prod (Postfix) with ESMTPS id BB5E628E53
for RO3ER2LYBB7X5n@dkimvalidator.com; Fri, 17 Nov 2023 11:44:00 +0000 (UTC)
Received: from [127.0.0.1] (localhost [127.0.0.1]) by localhost (Mailerdaemon) with ESMTPA id 203793C009C
for RO3ER2LYBB7X5n@dkimvalidator.com; Fri, 17 Nov 2023 12:43:54 +0100 (CET)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=z.de; s=dkim;
t=1700221435;
h=from:reply-to:subject:date:message-id:to:mime-version:content-type:
content-transfer-encoding; bh=lZj4ZrwRyEiLyclvgIilptURN6KHsH85iH83mFdpfT0=;
b=WOezYpMCyhYml9qghfu2Iikoe9pM7Rbdk1G3L0aTEsLcknLE13xr2kza07cc6y+/cQTBDz
vLwzHs2pUqdohgDrFvuvUnGzKa8SD/3rLDDImyor37oWIYCe2f/GTjr6H18Gfq3mzOc/wq
Fd45OF0rbl/ACT7bmNfpWFOuBLyIpdhadysT6ggYT+dSaXYrFDTnCGC/Ux4tYaD+Uuy/r2
A09tU6tqTNFCk3OKc6QdelA1D5663ZQI9y58nF1v8MZ2BCl1MgtaPdaEmPQKFsjNeR9plG
GBokcfLamSFqHDajTTphfw4QGAWMC4RavRs508MPfd5Hl0YFhjobYFZ7xbsLug==
From: “X Y” x.y@z.de
Content-Type: text/plain; charset=“utf-8”
Reply-To: x.y@z.de
Date: Fri, 17 Nov 2023 12:43:54 +0100
To: RO3ER2LYBB7X5n@dkimvalidator.com
MIME-Version: 1.0
Message-ID: <42-65575200-3-560d3d80@48021463>
Subject: =?utf-8?q?T=C3=84SCHT?=
User-Agent: SOGoMail 5.9.0
Content-Transfer-Encoding: quoted-printable
X-Last-TLS-Session-Version: None
Sogo, plain text, signatur mit umlauten, footer mit umlauten
–=20
signature
plain text
=C3=B6=C3=A4=C3=BC=C3=9F
plain footer
=C3=B6=C3=A4=C3=BC=C3=9F
#######
DKIM Information:
DKIM Signature
Message contains this DKIM Signature:
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=z.de; s=dkim;
t=1700221435;
h=from:reply-to:subject:date:message-id:to:mime-version:content-type:
content-transfer-encoding; bh=lZj4ZrwRyEiLyclvgIilptURN6KHsH85iH83mFdpfT0=;
b=WOezYpMCyhYml9qghfu2Iikoe9pM7Rbdk1G3L0aTEsLcknLE13xr2kza07cc6y+/cQTBDz
vLwzHs2pUqdohgDrFvuvUnGzKa8SD/3rLDDImyor37oWIYCe2f/GTjr6H18Gfq3mzOc/wq
Fd45OF0rbl/ACT7bmNfpWFOuBLyIpdhadysT6ggYT+dSaXYrFDTnCGC/Ux4tYaD+Uuy/r2
A09tU6tqTNFCk3OKc6QdelA1D5663ZQI9y58nF1v8MZ2BCl1MgtaPdaEmPQKFsjNeR9plG
GBokcfLamSFqHDajTTphfw4QGAWMC4RavRs508MPfd5Hl0YFhjobYFZ7xbsLug==
Signature Information:
v= Version: 1
a= Algorithm: rsa-sha256
c= Method: relaxed/relaxed
d= Domain: z.de
s= Selector: dkim
q= Protocol:
bh= lZj4ZrwRyEiLyclvgIilptURN6KHsH85iH83mFdpfT0=
h= Signed Headers: from:reply-to:subject:date:message-id:to:mime-version:content-type:
content-transfer-encoding
b= Data: WOezYpMCyhYml9qghfu2Iikoe9pM7Rbdk1G3L0aTEsLcknLE13xr2kza07cc6y+/cQTBDz
vLwzHs2pUqdohgDrFvuvUnGzKa8SD/3rLDDImyor37oWIYCe2f/GTjr6H18Gfq3mzOc/wq
Fd45OF0rbl/ACT7bmNfpWFOuBLyIpdhadysT6ggYT+dSaXYrFDTnCGC/Ux4tYaD+Uuy/r2
A09tU6tqTNFCk3OKc6QdelA1D5663ZQI9y58nF1v8MZ2BCl1MgtaPdaEmPQKFsjNeR9plG
GBokcfLamSFqHDajTTphfw4QGAWMC4RavRs508MPfd5Hl0YFhjobYFZ7xbsLug==
Public Key DNS Lookup
Building DNS Query for dkim._domainkey.z.de
Retrieved this publickey from DNS: v=DKIM1;k=rsa;t=s;s=email;p=MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtHkJ1zfpaCrbEr5y4riJc82jyNtNheQrREUuH1dhKOwfhyIeqHtAWPir5sdkn418FJ8j4Zu1N7g0xqQqvceXwllO2xik+tLAsWMYk2t7XvD7IWM9D1awaC9QgTPXk7v9mGEjh1HSvrxyBr7Fa8cJP56Ujhda7xpCw05AZTJL7Nu3hgnc6dEAotF1qEIpof6XJ5XW0zzd3cxvyN5TE12ewSYE6GblgtQjTNYyGaW2l4o8Kxpw6Qha1XowoDq/Eyv2PFyPbUg8i3QXLxBaGJQ0U+j8Tk0T1iay1AukZAdCvnPa8UCrc9CkKQ73TG+nd9OL4zZdwSVWWYTV8MzjwgABowIDAQAB
Validating Signature
result = fail
Details: message has been altered
#######
SPF Information:
Using this information that I obtained from the headers
Helo Address = mail.z.de
From Address = x.x@z.de
From IP = 109.192.q.q
SPF Record Lookup
Looking up TXT SPF record for z.de
Found the following namesevers for z.de: ns5.kasserver.com ns6.kasserver.com
Retrieved this SPF Record: zone updated 20210630 (TTL = 167)
using authoritative server (ns5.kasserver.com) directly for SPF Check
Result: pass (Mechanism ‘mx’ matched)
Result code: pass
Local Explanation: z.de: 109.192.q.q is authorized to use ‘x.y@z.de’ in ‘mfrom’ identity (mechanism ‘mx’ matched)
spf_header = Received-SPF: pass (z.de: 109.192.q.q is authorized to use ‘x.y@z.de’ in ‘mfrom’ identity (mechanism ‘mx’ matched)) receiver=ip-172-31-52-154.ec2.internal; identity=mailfrom; envelope-from=“x.y@z.de”; helo=mail.z.de; client-ip=109.192.q.q
Same test, but as html text in sogo:
#######
From: “x y” x.y@z.de
Content-Type: multipart/alternative; boundary=“—-==-OpenGroupware_org_NGMime-65-1700222345.461701-0——”
Reply-To: x.y@z.de
Date: Fri, 17 Nov 2023 12:59:05 +0100
To: iBsUWO3nrKugbZ@dkimvalidator.com
MIME-Version: 1.0
Message-ID: <41-65575580-5-677bcc00@203231989>
Subject: =?utf-8?q?T=C3=84SCHT?=
User-Agent: SOGoMail 5.9.0
X-Last-TLS-Session-Version: None
——==-OpenGroupware_org_NGMime-65-1700222345.461701-0——
Content-Type: text/plain; charset=utf-8
Content-Transfer-Encoding: quoted-printable
Sogo, html text, signatur mit umlauten, footer mit umlauten
–=C2=A0
signature plain text =C3=B6=C3=A4=C3=BC=C3=9F
plain footer
=C3=B6=C3=A4=C3=BC=C3=9F
——==-OpenGroupware_org_NGMime-65-1700222345.461701-0——
Content-Type: text/html; charset=utf-8
Content-Transfer-Encoding: quoted-printable
<html>Sogo, html text, signatur mit umlauten, footer mit umlauten<br /><br />–=
<br />signature plain text =C3=B6=C3=A4=C3=BC=C3=9F</html>
html footer
=C3=B6=C3=A4=C3=BC=C3=9F
——==-OpenGroupware_org_NGMime-65-1700222345.461701-0——–
#######
Public Key DNS Lookup
Building DNS Query for dkim._domainkey.z.de
Retrieved this publickey from DNS: v=DKIM1;k=rsa;t=s;s=email;p=MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtHkJ1zfpaCrbEr5y4riJc82jyNtNheQrREUuH1dhKOwfhyIeqHtAWPir5sdkn418FJ8j4Zu1N7g0xqQqvceXwllO2xik+tLAsWMYk2t7XvD7IWM9D1awaC9QgTPXk7v9mGEjh1HSvrxyBr7Fa8cJP56Ujhda7xpCw05AZTJL7Nu3hgnc6dEAotF1qEIpof6XJ5XW0zzd3cxvyN5TE12ewSYE6GblgtQjTNYyGaW2l4o8Kxpw6Qha1XowoDq/Eyv2PFyPbUg8i3QXLxBaGJQ0U+j8Tk0T1iay1AukZAdCvnPa8UCrc9CkKQ73TG+nd9OL4zZdwSVWWYTV8MzjwgABowIDAQAB
Validating Signature
result = pass
Details:
But - bad format with umlaute.
Anyway - we need as email-client thunderbird.
As I already wrote, if it helps I have other linux mailservers in my LAN(s) (also with sogo, not used), I can provide configs and versions. The used programs are AFAIK pretty much the same.
If there’s interest to track this down, I’d suggest to do this not in this forum. It’s better done via email.
Details: message has been altered
Strange, is there anything in-between your mailcow and your local gateway to the internet?
The validator had no problems on my side with plain text Umlaut mails from Sogo…
DocFraggle trange, is there anything in-between your mailcow and your local gateway to the internet
That is also my suspicion. Some transparent filters on the firewall I would guess.
O.k. thank’s for sharing your thoughts.
I’ll check/disable in case anything on my asus home router, and will test again. I’ll be back.
I disabled diversion and skynet, the router DNS is unbound.
DKIM passes, encoding/format is faulty:
Date: Fri, 17 Nov 2023 14:32:31 +0100
To: djrEXr4DjZ2CAP@dkimvalidator.com
MIME-Version: 1.0
Message-ID: <41-65576b80-d-677bcc00@203232121>
Subject: =?utf-8?q?T=C3=84SCHT?=
User-Agent: SOGoMail 5.9.0
X-Last-TLS-Session-Version: None
——==-OpenGroupware_org_NGMime-65-1700227951.204159-2——
Content-Type: text/plain; charset=utf-8
Content-Transfer-Encoding: quoted-printable
sogo html text, signatur and footer mit umlaute
=C3=A4=C3=B6=C3=BC=C3=9F
–=C2=A0
signature plain text =C3=B6=C3=A4=C3=BC=C3=9F
plain footer
=C3=B6=C3=A4=C3=BC=C3=9F
——==-OpenGroupware_org_NGMime-65-1700227951.204159-2——
Content-Type: text/html; charset=utf-8
Content-Transfer-Encoding: quoted-printable
<html>sogo html text, signatur and footer mit umlaute<br />=C3=A4=C3=B6=C3=BC=
=C3=9F<br /><br />– <br />signature plain text =C3=B6=C3=A4=C3=BC=C3=9F</=
html>
html footer
=C3=B6=C3=A4=C3=BC=C3=9F
——==-OpenGroupware_org_NGMime-65-1700227951.204159-2——–
What is this ——==-OpenGroupware_org_NGMime-65-1700227951.204159-2——– about?
Same result with the same tests also here:
From the postfix log, sent with TB, no matter same result with SOGo:
B0AD2427BCA: replace: header Received: from cdc97c45df2b (mailcowdockerized-sogo-mailcow-1.mailcowdockerized_mailcow-network [172.22.1.248])??(Authenticated sender: x.y@z.de)??by mail.z.de (Postcow) with ESMTP from mailcowdockerized-sogo-mailcow-1.mailcowdockerized_mailcow-network[172.22.1.248]; from=x.y@z.de to=check-auth@verifier.port25.com proto=ESMTP helo=<cdc97c45df2b>: Received: from [127.0.0.1] (localhost [127.0.0.1]) by localhost (Mailerdaemon) with ESMTPA id B0AD2427BCA??for check-auth@verifier.port25.com; Sat, 18 Nov 2023 01:54:47 +0100 (CET)
The header, the body and the DKIM key is corrupted. No idea what replace: header received means…
DNS-Check in mailcow says everything is fine.
Mailcow is running on top of archlinux. Laptop is WLAN connected. Static IP is 192.168.XX.YYY. Gateway is the router (for test every possible interference disabled), tried DMZ, portforwarding, etc. There’s no reverse proxy running on the laptop. No firewall, no filters on the laptop. Something must be wrong on the way from the container via docker to the router.
As I already mentioned, I’m running a few other mailservers NOT DOCKERIZED, nearly the same configuration (postfix, dovecot, fail2ban, rspamd, sogo (same ver.).
I have to give up. At this very moment I cannot use mailcow in production environment. I’m sorry.
Ok… one more thing came to my mind while reading your last post: from the debug outputs you posted and the .de domains I guess you are German? Did you setup your Archlinux in German as well? If so, maybe it’s some kind of encoding issue with the German locale? I haven’t had a look yet if the locale of the host system is used while setting up the docker containers of mailcow in the first place, but maybe… My host system is running with en_us.UTF-8
- Edited
You guess right, I’m German.
Here’s the info:
#$ localectl
System Locale: LANG=C.UTF-8
VC Keymap: de
X11 Layout: de
To my mind another possible issue came across. As I have a pool IP from vodafone (cable), this is not a static IP, it might be impossible to setup a mailserver without having a static IP4. They charge you extra if you want a static one.
Is there a workaround possible with i.e. DDNS and cname in DNS? Don’t know, never tried this. There was no reason for this…
stefan21 it might be impossible to setup a mailserver without having a static IP4.
That is true. It is working for receiving mails, but no chance to send mails via a dynamic IP.
Pay for a relay service then (they can read your mails…), or get a business cable product with static IP and the possibility to have a reverse DNS entry, or pay for a decent hoster.
I´m sending mail from a dynamic IP, no mail´s get rejected so it´s possible.
Before that i used smtp2go, also work´s great.
storpotaten no mail´s get rejected so it´s possible.
With a relay service yes. Otherwise you are very very lucky.