Greetings,
I am struggling a bit with one client that is marking my mails from mailcow. They use exchange servers.

the error says: smtp.mailfrom=my.domain.com; dkim=fail (no key for signature)

Here is my setup:

**MailServer mail.myserver.com **:
mail.myserver.com A xxx.xxx.220.168
TXT v=spf1 ip4:xxx.xxx.220.168 mx -all
TXT dkim._domainkey key2048
MX @ mail.mymailserver.com 10

Sender Domain mydomain.net:
mydomain.net A xxx.xxx.123.213
TXT v=spf1 ip4:xxx.xxx.220.168 mx -all
TXT dkim.domainkey key2048 (of mail server)
TXT dkim2.
domainkey key2048 (of my domain)
MX @ mail.mymailserver.com 10

When I send emails to dkimvalidator, it passes. However my client’s server gives a warning. no key for signature. It does find dkim2 however. DKIMS are also good according to mxtoolbox.

Should I use the same DKIM selector for both keys in mydomain.net?
Do I need to add the Server DKIM to the DNS of all domains served by mailcow?
Do I need the DKIM of all domains hosted by mailcow to the SERVER DNS ?

Any suggestions ?
Thanks in advance.

Alex

    you should set MX, SPF and DKIM only for your mail domains, not for the mail server itself!
    Why do you think that is needed for the mail server itself?

      Have something to say?

      Join the community by quickly registering to participate in this discussion. We'd like to see you joining our great moo-community!

      esackbauer

      On Mailcow I can setup domains. Each domain gets its own DKM.
      But these domains are not sending mails, they use one domain, the domain mailcow was setup with as sender.

      So, in principle, these Keys are not needed. The domains DNS only need to add the dkim of the mailserver right? same as the spf IP4 of the mailserver.

        alexp On Mailcow I can setup domains. Each domain gets its own DKM.

        So far so correct. You should notice that those are “mail domains” and are set up for receiving via MX record and for sending with TXT record for DKIM.

        alexp they use one domain, the domain mailcow was setup with as sender.

        No, they use a FQDN hostname or IP address as MTA (“mailserver”), from which they are sent. The MX record is just for receiving mails, not sending mails, whereas DKIM and SPF are just for sending. SPF points to a hostname or IP address, DKIM points to a mail domain via DKIM selector.

        You should once again read everything about those different record types. You have not understood how they work.

        alexp **MailServer mail.myserver.com **:
        mail.myserver.com A xxx.xxx.220.168
        TXT v=spf1 ip4:xxx.xxx.220.168 mx -all
        TXT dkim._domainkey key2048
        MX @ mail.mymailserver.com 10

        Out of that block, only the A address is required. The other 3 entries are useless, unless you want to actually send mails like “user@mail.mymailserver.com

        No one is typing