DKIM works only for subdomain

[Flash1232]

I got the whole setup to work with traefik on SwarmPit but there are some issues:
I don't get any logs even though I have APP_DEBUG set to true and DKIM/ DMARC_ENABLE as well. I also have my domain.tld.private and domain.tld.txt files inside /data/dkim/.

Everything seems to work fine including sending and receiving mail via the aliases except there are no DKIM Signatures present on the mails. I don't have any file inside storage/logs other than the .gitignore file (namely, no laravel.log). Also, sometimes after a re-deploy the web interface throws a Gateway Timeout (504) until I re-deploy again (seems to be similar to #48).

EDIT: The Gateway errors were caused by using traefik along with Tecnativa docker-proxy. Resolved.

I set up SPF, DKIM, DMARC and the MX records but I haven't been able to find a way to get the PTR yet. Might this be an issue for DKIM to not work properly?

EDIT 2: PTR created.

One more thing to note is that I am hosting the app on "domain.com" whereas I am using "otherdomain.xyz" for the mail addresses/ aliases.

EDIT 2: I am now hosting everything on "otherdomain.xyz". Configs are different but the issue has been partially resolved. Will follow up on that if I can't get it to work. DKIM headers are only present on mails forwarded for "...@mail.otherdomain.xyz" but not for "...@otherdomain.xyz".

Container logs:

v3tc5  [s6-init] making user provided files available at /var/run/s6/etc...exited 0.
v3tc5  [s6-init] ensuring user provided files have correct perms...exited 0.
v3tc5  [fix-attrs.d] applying ownership & permissions fixes...
v3tc5  [fix-attrs.d] done.
v3tc5  [cont-init.d] executing container initialization scripts...
v3tc5  [cont-init.d] 00-fix-logs.sh: executing...
v3tc5  [cont-init.d] 00-fix-logs.sh: exited 0.
v3tc5  [cont-init.d] 01-fix-uidgid.sh: executing...
v3tc5  Switching to PGID 1100...
v3tc5  Switching to PUID 1100...
v3tc5  [cont-init.d] 01-fix-uidgid.sh: exited 0.
v3tc5  [cont-init.d] 02-fix-perms.sh: executing...
v3tc5  Fixing perms...
v3tc5  [cont-init.d] 02-fix-perms.sh: exited 0.
v3tc5  [cont-init.d] 03-config.sh: executing...
v3tc5  Setting timezone to Europe/Paris...
v3tc5  Init PHP extensions
v3tc5  Setting PHP-FPM configuration
v3tc5  Setting PHP INI configuration
v3tc5  Setting OpCache configuration
v3tc5  Setting Nginx configuration
v3tc5  Initializing files and folders
v3tc5  Checking database connection...
v3tc5  Waiting 60s for database to be ready...
v3tc5  Database ready!
v3tc5  Creating AnonAddy env file
v3tc5  Trust all proxies
v3tc5  Copied File [/vendor/fideloper/proxy/config/trustedproxy.php] To [/config/trustedproxy.php]
v3tc5  Publishing complete.
v3tc5  Copying OpenDKIM private key
v3tc5  Setting OpenDKIM configuration
v3tc5  Setting OpenDKIM trusted hosts
v3tc5  Setting OpenDKIM signing table
v3tc5  Setting OpenDKIM key table
v3tc5  Setting OpenDMARC configuration
v3tc5  Setting Postfix master configuration
v3tc5  Setting Postfix main configuration
v3tc5  Setting Postfix milter configuration
v3tc5  Creating Postfix virtual alias domains and subdomains configuration
v3tc5  Creating Postfix recipient access configuration
v3tc5  Checking Postfix hostname
v3tc5  myhostname = mail.ttl.wtf
v3tc5  Creating check_access stored procedure
v3tc5  [cont-init.d] 03-config.sh: exited 0.
v3tc5  [cont-init.d] 04-svc-main.sh: executing...
v3tc5  DB migration
v3tc5  Nothing to migrate.
v3tc5  Clear cache
v3tc5  Application cache cleared!
v3tc5  Configuration cache cleared!
v3tc5  Configuration cached successfully!
v3tc5  Compiled views cleared!
v3tc5  Blade templates cached successfully!
v3tc5  Route cache cleared!
v3tc5  Routes cached successfully!
v3tc5  Broadcasting queue restart signal.
v3tc5  [cont-init.d] 04-svc-main.sh: exited 0.
v3tc5  [cont-init.d] 05-svc-opendkim.sh: executing...
v3tc5  [cont-init.d] 05-svc-opendkim.sh: exited 0.
v3tc5  [cont-init.d] 06-svc-opendmarc.sh: executing...
v3tc5  [cont-init.d] 06-svc-opendmarc.sh: exited 0.
v3tc5  [cont-init.d] 07-svc-postfix.sh: executing...
v3tc5  [cont-init.d] 07-svc-postfix.sh: exited 0.
v3tc5  [cont-init.d] 08-svc-cron.sh: executing...
v3tc5  Fixing crontabs permissions...
v3tc5  [cont-init.d] 08-svc-cron.sh: exited 0.
v3tc5  [cont-init.d] 99-clean.sh: executing...
v3tc5  [cont-init.d] 99-clean.sh: exited 0.
v3tc5  [cont-init.d] ~-socklog: executing...
v3tc5  [cont-init.d] ~-socklog: exited 0.
v3tc5  [cont-init.d] done.
v3tc5  [services.d] starting services
v3tc5  2021/04/10 11:10:06 [notice] 853#853: using the "epoll" event method
v3tc5  2021/04/10 11:10:06 [notice] 853#853: nginx/1.18.0
v3tc5  2021/04/10 11:10:06 [notice] 853#853: OS: Linux 4.14.138-rancher
v3tc5  2021/04/10 11:10:06 [notice] 853#853: getrlimit(RLIMIT_NOFILE): 1000000:1000000
v3tc5  2021/04/10 11:10:06 [notice] 853#853: start worker processes
v3tc5  2021/04/10 11:10:06 [notice] 853#853: start worker process 865
v3tc5  2021/04/10 11:10:06 [notice] 853#853: start worker process 866
v3tc5  2021/04/10 11:10:06 [notice] 853#853: start worker process 867
v3tc5  2021/04/10 11:10:06 [notice] 853#853: start worker process 868
v3tc5  2021/04/10 11:10:06 [notice] 853#853: start worker process 869
v3tc5  2021/04/10 11:10:06 [notice] 853#853: start worker process 870
v3tc5  crond: crond (busybox 1.32.1) started, log level 8
v3tc5  2021/04/10 11:10:06 [notice] 853#853: start worker process 871
v3tc5  2021/04/10 11:10:06 [notice] 853#853: start worker process 873
v3tc5  2021/04/10 11:10:06 [notice] 853#853: start worker process 874
v3tc5  2021/04/10 11:10:06 [notice] 853#853: start worker process 877
v3tc5  2021/04/10 11:10:06 [notice] 853#853: start worker process 884
v3tc5  2021/04/10 11:10:06 [notice] 853#853: start worker process 895
v3tc5  2021/04/10 11:10:06 [notice] 853#853: start worker process 912
v3tc5  2021/04/10 11:10:06 [notice] 853#853: start worker process 927
v3tc5  2021/04/10 11:10:06 [notice] 853#853: start worker process 948
v3tc5  2021/04/10 11:10:06 [notice] 853#853: start worker process 978
v3tc5  [services.d] done.
v3tc5  [10-Apr-2021 11:10:06] NOTICE: fpm is running, pid 849
v3tc5  [10-Apr-2021 11:10:06] NOTICE: ready to handle connections
v3tc5  Apr 10 11:10:07 mail postfix/postfix-script[1471]: starting the Postfix mail system
v3tc5  Apr 10 11:10:07 mail postfix/master[1472]: daemon started -- version 3.5.9, configuration /etc/postfix
v3tc5  crond: USER anonaddy pid 1476 cmd php /var/www/anonaddy/artisan schedule:run --no-ansi --no-interaction --quiet

docker-compose.yml:

version: '3.3'
services:
  anonaddy:
    image: anonaddy/anonaddy:latest
    labels:
      traefik.enable: 'true'
      traefik.http.routers.anonaddy.entrypoints: web-secured
      traefik.http.routers.anonaddy.rule: Host(`anonaddy.domain.com`)
      traefik.http.routers.anonaddy.tls: 'true'
      traefik.http.routers.anonaddy.tls.certresolver: dnschallenge
      traefik.http.services.anonaddy.loadbalancer.server.port: '8000'
    environment:
      ANONADDY_ADDITIONAL_USERNAME_LIMIT: '3'
      ANONADDY_ADMIN_USERNAME: anonaddy
      ANONADDY_ALL_DOMAINS: otherdomain.xyz
      ANONADDY_BANDWIDTH_LIMIT: '104857600'
      ANONADDY_DNS_RESOLVER: 127.0.0.1
      ANONADDY_DOMAIN: otherdomain.xyz
      ANONADDY_ENABLE_REGISTRATION: 'false'
      ANONADDY_HOSTNAME: mail.otherdomain.xyz
      ANONADDY_LIMIT: '200'
      ANONADDY_NEW_ALIAS_LIMIT: '10'
      ANONADDY_RETURN_PATH: bounces@otherdomain.xyz
      ANONADDY_SECRET: [REDACTED]
      APP_DEBUG: 'true'
      APP_KEY: base64:[REDACTED]
      APP_URL: https://anonaddy.domain.com
      DB_DATABASE: anonaddy
      DB_HOST: db
      DB_PASSWORD: anonaddy
      DB_USERNAME: anonaddy
      DKIM_ENABLE: 'true'
      DMARC_ENABLE: 'true'
      LISTEN_IPV6: 'false'
      LOG_IP_VAR: http_x_forwarded_for
      MAIL_FROM_ADDRESS: anonaddy@otherdomain.xyz
      MAIL_FROM_NAME: AnonAddy
      MEMORY_LIMIT: 256M
      OPCACHE_MEM_SIZE: '128'
      PGID: '1100'
      POSTFIX_DEBUG: 'true'
      POSTFIX_SMTPD_TLS: 'false'
      POSTFIX_SMTP_TLS: 'false'
      PUID: '1100'
      REAL_IP_FROM: 0.0.0.0/32
      REAL_IP_HEADER: X-Forwarded-For
      REDIS_HOST: redis
      TZ: Europe/Paris
      UPLOAD_MAX_SIZE: 16M
    ports:
     - '25:25'
    volumes:
     - /home/rancher/anonaddy:/data
    networks:
     - default
     - traefik
    logging:
      driver: json-file
  db:
    image: mariadb:10.5
    environment:
      MYSQL_ALLOW_EMPTY_PASSWORD: 'yes'
      MYSQL_DATABASE: anonaddy
      MYSQL_PASSWORD: anonaddy
      MYSQL_USER: anonaddy
    volumes:
     - /tmp/db:/var/lib/mysql
    networks:
     - default
    logging:
      driver: json-file
  redis:
    image: redis:4.0-alpine
    networks:
     - default
    logging:
      driver: json-file
networks:
  default:
    driver: overlay
  traefik:
    external: true

[willbrowningme]

As mentioned in anonaddy/anonaddy#142 I think the following file -

docker/rootfs/etc/cont-init.d/03-config.sh

Line 272 in d3573ee

*.${ANONADDY_DOMAIN} default._domainkey.${ANONADDY_DOMAIN}

should perhaps look like this:

  echo "Setting OpenDKIM signing table"
  cat > /etc/opendkim/signing.table <<EOL
*@${ANONADDY_DOMAIN}    default._domainkey.${ANONADDY_DOMAIN}
*@*.${ANONADDY_DOMAIN}    default._domainkey.${ANONADDY_DOMAIN}
EOL

Is anyone able to test this?

[Flash1232]

Thanks so much for your answer! I'll try it myself and let you know.

[Flash1232]

Your suggested change works perfectly, thank you so much! I've gone forward a made a quick PR for it: #51.

Just on a sidenote: I noticed it is quite verbose to test DKIM/ DMARC/ SPF stuff manually. Is there any possibility to send emails from the anonaddy cli to any given email address? This would come in handy as there exist services to verify DKIM/ DMARC setup E2E when you send a test mail to a designated endpoint (e.g. https://dkimvalidator.com/).

[crazy-max]

@willbrowningme Thanks for pointing this out

@Flash1232 #51 has been merged, thanks.

[willbrowningme]

@Flash1232 you can send an email from the command line by first entering Laravel tinker:

# Make sure you are in the web app root directory 
php artisan laravel tinker

and then you can run:

Mail::raw("Hi there,\n\nHow are you?\n\nBye", function($message) {$message->to('hi@example.com')->from('me@mydomain.com')->subject('Hello!');});

You can customise the above, might be worth having a look at the Laravel mail documentation too.

[Flash1232]

Thanks for your response :)

That's cool, gonna take a look at that. For now I just tested by choosing "Reply to" at some random aliases.

PS: I saw the Traefik example in the examples folder of the repo but, unfortunately, it lacks some specifics about how to integrate the ACME part with Postfix's SMTPD TLS. Well I did this and it seems to work quite nicely except for some weird smtpd_scache error. If I find time to fix that I'll gladly contribute my setup so that it's easier to get rollin' feature-completeish right away.

Thanks again!

[crazy-max]

@Flash1232

PS: I saw the Traefik example in the examples folder of the repo but, unfortunately, it lacks some specifics about how to integrate the ACME part with Postfix's SMTPD TLS. Well I did this and it seems to work quite nicely except for some weird smtpd_scache error. If I find time to fix that I'll gladly contribute my setup so that it's easier to get rollin' feature-completeish right away.

Sure feel free to send a PR to enhance our examples!