Exim4u and DMARC

> Hi everyone,
>
> I'm currently giving DMARC a try and I'm wondering how to use it
> within my setup.
>
> The domains that are hosted on my exim4u based installation all use
> mail.foo.tld as their imap and smtp server.
> That is because I require my customers to use SSL/TLS connections and
> this way I only have to manage one central certificate.
>
> All domains have their SPF records and hostname.foo.tld has a valid
> DKIM record.
> So far so good.
>
>
> But: DMARC (as far as I understand the whole process) seems to check
> each _domain_'s DKIM, right?
> And the way exim4u works (again: as far as I understand it) it's the
> server's DKIM that used to sign outgoing mail.
>
> I signed up for dmarcian.com's DMARC reports -a service that collects
> and analyzes your DMARC reports- and it tells me that all domains
> (but foo.tld) lack DKIM signature.
>
> I've set the DMARC policy to "none" for every domain so that
> shouldn't be a major problem for now.
> Still I'm wondering if there's a way to setup exim4u to sign mails
> using the domain's DKIM, not the server's.
>
>
> Has anyone experience using DMARC? With or without exim4u?
> Am I missing something?
> Any tips or hints are highly appreciated.
>
>
> thanks,
> Mika
>
> _______________________________________________
> users mailing list
> [hidden email]
> https://exim4u.org/mailman/listinfo/users

> Hi,
>
> If you send an email from any of your domain but foo.tld to a gmail
> account and have a look at the message header received in the gmail
> account, does the header report DKIM success such as:
>
> Authentication-Results: mx.google.com;
>         dkim=pass (test mode) header.i=@anybutfoo.tld;
>         spf=pass (google.com: domain of [hidden email]
> </user/SendEmail.jtp?type=node&node=4023739&i=0> designates
>         92.132.12.72 as permitted sender)
>
> Thomas

> On Tue, 17 May 2016 10:21:57 +0200
> Kreuder <[hidden email]
> </user/SendEmail.jtp?type=node&node=4023739&i=1>> wrote:
>
>  > Hi everyone,
>  >
>  > I'm currently giving DMARC a try and I'm wondering how to use it
>  > within my setup.
>  >
>  > The domains that are hosted on my exim4u based installation all use
>  > mail.foo.tld as their imap and smtp server.
>  > That is because I require my customers to use SSL/TLS connections and
>  > this way I only have to manage one central certificate.
>  >
>  > All domains have their SPF records and hostname.foo.tld has a valid
>  > DKIM record.
>  > So far so good.
>  >
>  >
>  > But: DMARC (as far as I understand the whole process) seems to check
>  > each _domain_'s DKIM, right?
>  > And the way exim4u works (again: as far as I understand it) it's the
>  > server's DKIM that used to sign outgoing mail.
>  >
>  > I signed up for dmarcian.com's DMARC reports -a service that collects
>  > and analyzes your DMARC reports- and it tells me that all domains
>  > (but foo.tld) lack DKIM signature.
>  >
>  > I've set the DMARC policy to "none" for every domain so that
>  > shouldn't be a major problem for now.
>  > Still I'm wondering if there's a way to setup exim4u to sign mails
>  > using the domain's DKIM, not the server's.
>  >
>  >
>  > Has anyone experience using DMARC? With or without exim4u?
>  > Am I missing something?
>  > Any tips or hints are highly appreciated.
>  >
>  >
>  > thanks,
>  > Mika
>  >
>  > _______________________________________________
>  > users mailing list
>  > [hidden email] </user/SendEmail.jtp?type=node&node=4023739&i=2>
>  > https://exim4u.org/mailman/listinfo/users
>
>
> _______________________________________________
> users mailing list
> [hidden email] </user/SendEmail.jtp?type=node&node=4023739&i=3>
> https://exim4u.org/mailman/listinfo/users
>
>
> ------------------------------------------------------------------------
> If you reply to this email, your message will be added to the discussion
> below:
> http://users.exim4u.org/Exim4u-and-DMARC-tp4023738p4023739.html
> To unsubscribe from Exim4U General Discussion, click here
> <
> NAML
> <http://users.exim4u.org/template/NamlServlet.jtp?macro=macro_viewer&id=instant_html%21nabble%3Aemail.naml&base=nabble.naml.namespaces.BasicNamespace-nabble.view.web.template.NabbleNamespace-nabble.naml.namespaces.BasicNamespace-nabble.view.web.template.NabbleNamespace-nabble.view.web.template.NodeNamespace&breadcrumbs=notify_subscribers%21nabble%3Aemail.naml-instant_emails%21nabble%3Aemail.naml-send_instant_email%21nabble%3Aemail.naml>
>

> Hi,
>
> If you send an email from any of your domain but foo.tld to a gmail
> account and have a look at the message header received in the gmail
> account, does the header report DKIM success such as:
>
> Authentication-Results: mx.google.com;
>         dkim=pass (test mode) header.i=@anybutfoo.tld;
>         spf=pass (google.com: domain of [hidden email]
> </user/SendEmail.jtp?type=node&node=4023739&i=0> designates
>         92.132.12.72 as permitted sender)
>
> Thomas

> On Tue, 17 May 2016 10:21:57 +0200
> Kreuder <[hidden email]
> </user/SendEmail.jtp?type=node&node=4023739&i=1>> wrote:
>
>  > Hi everyone,
>  >
>  > I'm currently giving DMARC a try and I'm wondering how to use it
>  > within my setup.
>  >
>  > The domains that are hosted on my exim4u based installation all use
>  > mail.foo.tld as their imap and smtp server.
>  > That is because I require my customers to use SSL/TLS connections and
>  > this way I only have to manage one central certificate.
>  >
>  > All domains have their SPF records and hostname.foo.tld has a valid
>  > DKIM record.
>  > So far so good.
>  >
>  >
>  > But: DMARC (as far as I understand the whole process) seems to check
>  > each _domain_'s DKIM, right?
>  > And the way exim4u works (again: as far as I understand it) it's the
>  > server's DKIM that used to sign outgoing mail.
>  >
>  > I signed up for dmarcian.com's DMARC reports -a service that collects
>  > and analyzes your DMARC reports- and it tells me that all domains
>  > (but foo.tld) lack DKIM signature.
>  >
>  > I've set the DMARC policy to "none" for every domain so that
>  > shouldn't be a major problem for now.
>  > Still I'm wondering if there's a way to setup exim4u to sign mails
>  > using the domain's DKIM, not the server's.
>  >
>  >
>  > Has anyone experience using DMARC? With or without exim4u?
>  > Am I missing something?
>  > Any tips or hints are highly appreciated.
>  >
>  >
>  > thanks,
>  > Mika
>  >
>  > _______________________________________________
>  > users mailing list
>  > [hidden email] </user/SendEmail.jtp?type=node&node=4023739&i=2>
>  > https://exim4u.org/mailman/listinfo/users
>
>
> _______________________________________________
> users mailing list
> [hidden email] </user/SendEmail.jtp?type=node&node=4023739&i=3>
> https://exim4u.org/mailman/listinfo/users
>
>
> ------------------------------------------------------------------------
> If you reply to this email, your message will be added to the discussion
> below:
> http://users.exim4u.org/Exim4u-and-DMARC-tp4023738p4023739.html
> To unsubscribe from Exim4U General Discussion, click here
> <
> NAML
> <http://users.exim4u.org/template/NamlServlet.jtp?macro=macro_viewer&id=instant_html%21nabble%3Aemail.naml&base=nabble.naml.namespaces.BasicNamespace-nabble.view.web.template.NabbleNamespace-nabble.naml.namespaces.BasicNamespace-nabble.view.web.template.NabbleNamespace-nabble.view.web.template.NodeNamespace&breadcrumbs=notify_subscribers%21nabble%3Aemail.naml-instant_emails%21nabble%3Aemail.naml-send_instant_email%21nabble%3Aemail.naml>
>