[GH-ISSUE #142] DKIM Signing clarification #716

New issue

Closed

opened 2026-03-14 10:19:47 +03:00 by kerem · 2 comments

kerem commented 2026-03-14 10:19:47 +03:00

Owner

Copy link

Originally created by @Flash1232 on GitHub (Apr 14, 2021).
Original GitHub issue: https://github.com/anonaddy/anonaddy/issues/142

Just to make sure this is not some bug with the docker image:

Is it true that the signing.table file as described in SELF-HOSTING.md will sign mail to both *.domain.com as well as the main domain.com aliases? When testing with the docker image I only receive DKIM signed mails when sending to xyz.domain.com. Mails sent to domain.com aliases simply don't have a DKIM signature.

The docker image inserts *.domain.com blabla (github.com/anonaddy/docker@d3573ee4a1/rootfs/etc/cont-init.d/03-config.sh (L272)) into the signing.table file whereas the SELF_HOSTING.md describes to use *@*.domain.com. Is there any difference or do I even need to additionally make a line with just domain.com without prefix asterisk?

Or am I doing something else incorrectly?

PS: There is a related issue in the docker repo: https://github.com/anonaddy/docker/issues/47 .

Originally created by @Flash1232 on GitHub (Apr 14, 2021). Original GitHub issue: https://github.com/anonaddy/anonaddy/issues/142 Just to make sure this is not some bug with the docker image: Is it true that the `signing.table` file as described in [SELF-HOSTING.md](https://github.com/anonaddy/anonaddy/blob/master/SELF-HOSTING.md#spf-and-dkim) will sign mail to both *.domain.com as well as the main domain.com aliases? When testing with the docker image I only receive DKIM signed mails when sending to xyz.domain.com. Mails sent to domain.com aliases simply don't have a DKIM signature. The docker image inserts *.domain.com blabla (https://github.com/anonaddy/docker/blob/d3573ee4a12eb53d65f001cbb46599997129187d/rootfs/etc/cont-init.d/03-config.sh#L272) into the `signing.table` file whereas the SELF_HOSTING.md describes to use `*@*.domain.com`. Is there any difference or do I even need to additionally make a line with just domain.com without prefix asterisk? Or am I doing something else incorrectly? PS: There is a related issue in the docker repo: https://github.com/anonaddy/docker/issues/47 .

kerem closed this issue 2026-03-14 10:19:52 +03:00

kerem commented 2026-03-14 10:19:58 +03:00

Author

Owner

Copy link

@willbrowningme commented on GitHub (Apr 16, 2021):

The signing.table file should have both lines:

*@example.com    default._domainkey.example.com
*@*.example.com    default._domainkey.example.com

The first line signs all emails at the apex domain (example.com) and the second line signs all emails that are subdomains of the apex domain (anything.example.com). Both with the same key.

It seems the docker image needs another line:

${ANONADDY_DOMAIN}    default._domainkey.${ANONADDY_DOMAIN}
*.${ANONADDY_DOMAIN}    default._domainkey.${ANONADDY_DOMAIN}

Also I would have thought the lines in the docker file should be:

*@${ANONADDY_DOMAIN}    default._domainkey.${ANONADDY_DOMAIN}
*@*.${ANONADDY_DOMAIN}    default._domainkey.${ANONADDY_DOMAIN}

Although I don't use Docker so I haven't tested this myself.

In the self-hosting instructions I mention "add this line too" meaning in addition to the one from the tutorial - https://www.linuxbabe.com/mail-server/setting-up-dkim-and-spf

I've moved over to Rspamd recently which can sign emails so I may update the self-hosting docs soon to describe how to use that instead.

<!-- gh-comment-id:821276394 --> @willbrowningme commented on GitHub (Apr 16, 2021): The `signing.table` file should have both lines: ``` *@example.com default._domainkey.example.com *@*.example.com default._domainkey.example.com ``` The first line signs all emails at the apex domain (example.com) and the second line signs all emails that are subdomains of the apex domain (anything.example.com). Both with the same key. It seems the docker image needs another line: ``` ${ANONADDY_DOMAIN} default._domainkey.${ANONADDY_DOMAIN} *.${ANONADDY_DOMAIN} default._domainkey.${ANONADDY_DOMAIN} ``` Also I would have thought the lines in the docker file should be: ``` *@${ANONADDY_DOMAIN} default._domainkey.${ANONADDY_DOMAIN} *@*.${ANONADDY_DOMAIN} default._domainkey.${ANONADDY_DOMAIN} ``` Although I don't use Docker so I haven't tested this myself. In the self-hosting instructions I mention "add this line too" meaning in addition to the one from the tutorial - https://www.linuxbabe.com/mail-server/setting-up-dkim-and-spf I've moved over to Rspamd recently which can sign emails so I may update the self-hosting docs soon to describe how to use that instead.

kerem commented 2026-03-14 10:20:03 +03:00

Author

Owner

Copy link

@Flash1232 commented on GitHub (Apr 16, 2021):

In the self-hosting instructions I mention "add this line too" meaning in addition to the one from the tutorial - https://www.linuxbabe.com/mail-server/setting-up-dkim-and-spf

Oh right, I got confused as I am using the docker image and just assumed this would be already present.

I've moved over to Rspamd recently which can sign emails so I may update the self-hosting docs soon to describe how to use that instead.

That would be great, and thanks for your work here! It is much appreciated :).

<!-- gh-comment-id:821329759 --> @Flash1232 commented on GitHub (Apr 16, 2021): > In the self-hosting instructions I mention "add this line too" meaning in addition to the one from the tutorial - https://www.linuxbabe.com/mail-server/setting-up-dkim-and-spf Oh right, I got confused as I am using the docker image and just assumed this would be already present. > I've moved over to Rspamd recently which can sign emails so I may update the self-hosting docs soon to describe how to use that instead. That would be great, and thanks for your work here! It is much appreciated :).

kerem referenced this issue 2026-03-14 11:37:29 +03:00

[GH-ISSUE #716] [Feature Request] Responding to calendar invites doesn't use the alias #1064

Sign in to join this conversation.

No Branch/Tag specified

Branches Tags

master

v1.5.0

v1.4.1

v1.4.0

v1.3.8

v1.3.7

v1.3.6

v1.3.5

v1.3.4

v1.3.3

v1.3.2

v1.3.1

v1.3.0

v1.2.3

v1.2.2

v1.2.1

v1.2.0

v1.1.0

v1.0.9

v1.0.8

v1.0.7

v1.0.6

v1.0.5

v1.0.4

v1.0.3

v1.0.2

v1.0.1

v1.0.0

v0.14.1

v0.14.0

v0.13.13

v0.13.12

v0.13.11

v0.13.10

v0.13.9

v0.13.8

v0.13.7

v0.13.6

v0.13.5

v0.13.4

v0.13.3

v0.13.2

v0.13.1

v0.13.0

v0.12.3

v0.12.2

v0.12.1

v0.12.0

v0.11.2

v0.11.1

v0.11.0

v0.10.1

v0.10.0

v0.9.1

v0.9.0

v0.8.10

v0.8.9

v0.8.8

v0.8.7

v0.8.6

v0.8.5

v0.8.4

v0.8.3

v0.8.2

v0.8.1

v0.8.0

v0.7.5

v0.7.4

v0.7.3

v0.7.2

v0.7.1

v0.7.0

v0.6.2

v0.6.1

v0.6.0

v0.5.0

v0.4.0

v0.3.0

v0.2.13

v0.2.12

v0.2.11

v0.2.10

v0.2.9

v0.2.8

v0.2.7

v0.2.6

v0.2.5

v0.2.4

v0.2.3

v0.2.2

v0.2.1

v0.2.0

v0.1.6

v0.1.5

v0.1.4

v0.1.3

v0.1.2

v0.1.1

v0.1.0

Labels

Clear labels   

bug

  

pull-request

Mirrored from GitHub Pull Request

No labels

bug

pull-request

Milestone

Clear milestone

No items

No milestone

Projects

Clear projects

No items

No project

Assignees

Clear assignees

No assignees

1 participant

Notifications

Subscribe

Due date

The due date is invalid or out of range. Please use the format "yyyy-mm-dd".

No due date set.

Dependencies

No dependencies set.

Reference

starred/anonaddy#716

No description provided.