DKIM works for Roundcube but not Snappymail

I like the UI of SnappyMail (nextcloud app), but I’ve found from testing with dkimvalidator.com that emails sent with SnappyMail lack DKIM while those sent from Roundcube have valid DKIM.

I’m puzzled, because I assumed that both Roundcube and SnappyMail were just UI wrappers on top postfix. Any reason why SnappyMail would lack DKIM?

EDIT: Turns out the problem was ipv6

I have snappy mail and can confirm if I send from it to dkimvalidator the DKIM signiture is valid. Snappy mail uses the same mail system as roundcube

SnappyMail

2.36.0

An advanced fork of RainLoop

Simple, modern & fast web-based email client

Sponsor


:warning: New 2.36.1 version is available.

ReleasesUpdate

System

Average load past minute 0.31298828125
Average load past 5 minutes 0.2021484375
Average load past 15 minutes 0.12255859375

PHP optional extensions

Extension Loaded
PHP 8.0.30 :heavy_check_mark:
PHP 64bit :heavy_check_mark:
APCu :heavy_check_mark:
cURL :heavy_check_mark:
Fileinfo :heavy_check_mark:
iconv :heavy_check_mark:
intl :heavy_check_mark:
LDAP :x:
redis :x:
Tidy :x:
uuid :x:
Zip :heavy_check_mark:
Phar :heavy_check_mark:
Contacts database: :heavy_check_mark:
- pdo_mysql :x:
- pdo_pgsql :x:
- pdo_sqlite :heavy_check_mark:
Crypt: :heavy_check_mark:
- Sodium :heavy_check_mark:
- OpenSSL 3.0.2 15 Mar 2022 :heavy_check_mark:
- XXTEA :x:
- GnuPG :x:
Image processing: :heavy_check_mark:
- GD :heavy_check_mark:
- Gmagick :x:
- Imagick :heavy_check_mark:

That’s strange, then. I have SnappyMail 2.36.1 and status checks say everything is up to date:

All system services are running.
SSH disallows password-based login.
System software is up to date.
Mail-in-a-Box is up to date. You are running version v68.
? The disk has 11.35 GB space remaining.
System memory is 50% free.

Login as admin in Nextcloud. Go to SnappyMail Admin Panel.
In Domains click on your domain box.somedomain.com
SMTP>> DO not check use_PHP_mail

See the images


Those are the settings I have, too.

Under SnappyMail extensions, the only extension I have is “Nextcloud”.
Do you have anything else, like “X-Originating-IP” or “Use From-Address-Account for smtp”?

That is correct:
Installed Extensions
Nextcloud
:gear:
:ballot_box_with_check:
2.35
Integrate with Nextcloud v20+
2.35 :wastebasket:

There is no sense dkim not working. Send yourself a message from snappy mail to gmail that you own>> go to show original and see if DKIM is PASS. There are some dkim validators online which might show false positives.

Gmail agrees with the validator.
When I send from roundcube it says “dkim=pass”
When sent from SnappyMail it shows "dkim=none; dkim-atps=neutral’’

Copy and paste both headers and send them by DM to me.
Did you inspect the headers are they identical?
In terms of Recived by: authenticated user and bla bla bla.

DKIM Inspector - dmarcian

Inspect your dkim both for box.youdomain.com and yourdomain.com see if there are any errors.
The default selector is mail

Thanks for sending the headers.
I tested and compared with mine and the only difference is this part:

Received: from box.somedomain.com (localhost [127.0.0.1]) by box.somedomain.com (Postfix) with ESMTP id E41B1854E3 for <someuser@gmail.com>; Fri, 24 May 2024 17:34:05 +0200 (CEST)
MIME-Version: 1.0

Look at the bottom of your SnappyMail headers it seems it has a problem with IPV6 and your localhost prefers an IPV6 address. Mine preffers IPV4 (not sure why, maybe because my POSTFIX config is set to IPV4 only outbound).

Try setting this to 127.0.0.1 instead of localhost in SnappyMail Admin Panel.
In Domains SMTP>> SERVER

If this dosen’t work. Edit main.cf to prefer Outbound IPV4.
sudo nano /etc/postfix/main.cf
insert:

smtp_address_preference = ipv4
#smtp_balance_inet_protocols = yes
smtp_mx_address_limit = 0
inet_protocols = all

sudo systemctl restart postfix

I see you are running MIAB on a dual stack instance (both IPV4 and IPV6).

If this doesn’t do the trick you can research how to make your box prefer IPV4 for localhost.
Cheers

Oh, IPv6 was indeed the problem. Those steps didn’t stop SnappyMail from using ipv6 so I disabled ipv6 altogether by adding these lines to /etc/sysctl.conf

net.ipv6.conf.all.disable_ipv6 = 1
net.ipv6.conf.default.disable_ipv6 = 1
net.ipv6.conf.lo.disable_ipv6 = 1

and

sudo sysctl -p

to apply the changes.

And now DKIM is valid. Thanks for the help!

Glad to help! But that is so inelegant to disable the entire IPV6 when you have a dual stack instance and can communicate with ipv6 capable servers.
The problem is name resolving prefers IPv6.

Thus consider editing

sudo nano /etc/gai.conf

uncomment:
For sites which prefer IPv4 connections change the last line to

precedence ::ffff:0:0/96 100
Reenable IPV6 as per your instructions.
and restart:
ping localhost
Should give you 127.0.0.1
Read here: routing - Ubuntu defaults to IPv6, should default to IPv4 - Server Fault
Or if you are happy with this, so be it.

:+1: Did that. It works, too. So maybe that implies an IPv6 bug in SnappyMail… in any case, glad to have DKIM working.