Opened 3 years ago

Last modified 2 weeks ago

#11487 assigned Feature/Enhancement Request

add dkim signing for all outgoing email

Reported by: https://id.mayfirst.org/jamie Owned by: https://id.mayfirst.org/jamie
Priority: Medium Component: Tech
Keywords: dkim email-deliverability Cc:
Sensitive: no

Description

We may be able to improve deliverability by using dkim on cleaveland, rustin, gil and paulo.

See also #10499 for the use of spf.

See https://www.digitalocean.com/community/tutorials/how-to-install-and-configure-dkim-with-postfix-on-debian-wheezy for a basic tutorial.

Change History (6)

comment:1 Changed 3 years ago by https://id.mayfirst.org/jamie

  • Owner set to https://id.mayfirst.org/jamie
  • Status changed from new to assigned

comment:2 Changed 3 years ago by https://id.mayfirst.org/jackrabbit

Curious about this. Will we be adding DKIM authentication to our mail servers? Right now spam score for sent email from civi aren't so great.

comment:3 Changed 3 years ago by https://id.mayfirst.org/jamie

This might not happen, at least in the short term.

With DKIM, we need to sign each message based on the From address - since we have thousands of different from addresses for email going through our bulk relay servers.

For groups with a dedicated virtual server, one option would be to have email delivered locally (and we can configure a local dedicated server to dkim sign your messages) and then the dedicated mosh can relay via postfix to our relay servers.

comment:4 Changed 18 months ago by https://id.mayfirst.org/jamie

As a first step - we can set this up on our mail.mayfirst.org servers.

With OpenDKIM - you can specify which domains should be signed - and OpenDKIM will ignore messages not included in the list and sign ones that it can.

So, first I'll setup things manually for the mayfirst.org domain on gil and paulo.

The second step is to figure out how regular members can turn it on via the control panel.

Then, we can address implementation on our bulk relay servers.

comment:5 Changed 17 months ago by https://id.mayfirst.org/jamie

  • Keywords email-deliverability added

comment:6 Changed 2 weeks ago by https://id.mayfirst.org/jamie

I think it will be more flexible if we setup a dedicated opendkim server, so paulo, gil and the bulk relay servers can all use the same opnedkim servers rather than manage opendkim themselves.

Then, we can experimentally configure gil and paulo to use them first, and if successful add to cleveland (watch load) and if it works, add rustin.

Please login to add comments to this ticket.

Note: See TracTickets for help on using tickets.