Mailu: Sent emails from alternate domains don't support DKIM signing

The workaround for sending is fine :

• in the admin UI
  
  
  
  • create domain1 and domain2
  
  
  • create DKIM for both domains
  
  
• add domain2 -> domain1 in the alternative table
• in the webmail
  
  
  
  • log with user@domain1
  
  
  • create identity user@domain2
  
  
  • send an email as user@domain2
  
  

Result : email is sent and signed with DKIM from domain2

I still have to check if received emails for user@domain2 are received in user@domain1 mailbox.

Hurray !!! With the above setup, emails received for user@domain2 are directed to user@domain1 as expected.

SO...

The feature is there, but the admin UI prevents "normal" users from accessing it. I'm risking some suggestions :

1. only allow domains that are already created and have no users to be added as alternatives (reverse the existing limitation),
2. prevent creation of users in domains that are used as alternatives to others,
3. prevent the same domain to be an alternative to more than one other.

The following headers are only present when sending with domain1:

• ARC-Message-Signature
• ARC-Seal
• ARC-Authentication-Results

How can we have the messages sent from domain2 also contain those headers?

i guess it would be good while generating DKIM that it takes all alternative domains in to account?

Following the procedure I describe, outgoing emails sent from alternative domains are DKIM signed with the alternative domain key. But only those sent from the original domain also contain the ARC-* headers (which look similar but are not identical to DKIM signatures).

Hi There,

The Mailu-Project is currently in a bit of a bind! We are short on man-power, and we need to judge if it is possible for us to put in some work on this issue.

To help with that, we are currently trying to find out which issues are actively keeping users from using Mailu, which issues have someone who want to work on them — and which issues may be less important. These a less important ones could be discarded for the time being, until the project is in a more stable and regular state once again.

In order for us to better assess this, it would be helpful if you could put a reaction on this post (use the :smiley: icon to the top-right).

• 👍️ if you need this to be able to use Mailu. Ideally, you’d also be able to test this on your installation, and provide feedback …
• 🎉 if you find it a nice bonus, but no deal-breaker
• 🚀 if you want to work on it yourself!
  We want to keep this voting open for 2 weeks from now, so please help out!

This issue has been automatically marked as stale because it has not had recent activity. It will be closed if no further activity occurs. Thank you for your contributions.

Same here, and workaround doesn't work, I have to delete the domain for adding it on other domain alternative domain.
No stale please.

i guess it would be good while generating DKIM that it takes all alternative domains in to account?

If we want to have each domain (original and alternates) to have its own DKIM, it has to be displayed in the UI (so it can be copied to the DNS) and we should enable controls to remove or update the DKIM for each alternate domain.

I guess we could also sign all alternate domains with the original domain DKIM, but it feels wrong.