DKIM problems with mailing list

What type of hardware are you using: VPS bought online
What YunoHost version are you running: 12.1.28
Are you in a special context or did you perform specific tweaking on your YunoHost instance ?: no

Describe your issue

My wife has to use a mailing list for our kid’s school class.
She sends her mail (from our yunohost server via familie@myserver.com) to the external mailing list address and this mail gets delivered to all members of this mailing list (with my wife’s mail address as sender and reply-to).

Problem:

Our yunohost mail server rejects the incoming mail from the mailing list (with the identity of my wife’s email).

According to the postmaster of the mailing list, it is the fault of my yunohost server, because the DKIM header of the email should be accepted by our server.

I have the mail DSN settings configured as recommended by Yunohost and did not find any errors.

Does anybody have more experience with DKIM and yunohost?
Thank you in advance

Share relevant logs or error messages

Diagnosis info for admins
ATTENTION: Domain names and IP changed for privacy reasons

Generating Server: et01.maillist-server.net

familie@myserver.com
myserver.com
Remote Server returned ‘553 5.7.1 familie@myserver.com: Sender address rejected: not logged in’

Original header:

Received: from ex01.maillist-server.net (172.20.0.45) by mx01.maillist-server.net (172.20.0.47)

with Microsoft SMTP Server (version=TLS1_2,

cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.2.2562.17; Mon, 13 Oct

2025 09:03:00 +0200

Received: from ex02.maillist-server.net (2001:920:19e7:be0::46) by ex01.maillist-server.net

(2001:920:19e7:be0::45) with Microsoft SMTP Server (version=TLS1_2,

cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.2.2562.17; Mon, 13 Oct

2025 09:03:00 +0200

Received: from et01.maillist-server.net (172.20.0.47) by ex02.maillist-server.net (172.20.0.46)

with Microsoft SMTP Server (version=TLS1_2,

cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.2.2562.17 via Frontend

Transport; Mon, 13 Oct 2025 09:03:00 +0200

Received: from myserver.com (33.333.333.333) by mx01.maillist-server.net (172.20.0.47)

with Microsoft SMTP Server (version=TLS1_2,

cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.2.2562.17; Mon, 13 Oct

2025 09:02:59 +0200

DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=myserver.com; s=mail;

      t=1760338977; bh=csdxKWk77zi0Jlx7EYCv/26gyU0RcuvkxsvK+ICg3pU=;

      h=Date:Subject:References:To:From:In-Reply-To:From;

b=TC+bBOhaSIZ4cliyVhcqQTD3YMMxwXa2IpgqijZz5SEWW9xnVwk2omHGsHnJD4YGh

       JHvgPiEJ5HBI1w78kDGRCHNC59lZp/+dGsRUKQENH2Bm+QU3q9wNtCPanNcpf4D2KF

       Lt+dsZnXAeeVcn4yj7OGZO8cMLZUeustrLY7gTfo=

Message-ID: 27831e4c-d716-4ce2-a1cc-ee800b3dbfb3@myserver.com

Date: Mon, 13 Oct 2025 09:02:57 +0200

MIME-Version: 1.0

Subject: Some subject ?

Content-Language: de-AT-frami

References: b910242a-9156-478b-a126-a90c3b09b65d@myserver.com

To: eltern5b eltern5b@maillist-servergymnasium.de

From: Familie Caliandro familie@myserver.com

In-Reply-To: b910242a-9156-478b-a126-a90c3b09b65d@myserver.com

X-Forwarded-Message-Id: b910242a-9156-478b-a126-a90c3b09b65d@myserver.com

Content-Type: text/plain; charset=“UTF-8”; format=flowed

Content-Transfer-Encoding: 8bit

Return-Path: familie@myserver.com

Received-SPF: Pass (et01.maillist-server.net: domain of familie@myserver.com designates

33.333.333.333 as permitted sender) receiver=et01.maillist-server.net;

client-ip=33.333.333.333; helo=myserver.com;

X-Auto-Response-Suppress: DR, OOF, AutoReply

Reporting-MTA: dns;et01.maillist-server.net
Received-From-MTA: dns;ex01.maillist-server.net
Arrival-Date: Mon, 13 Oct 2025 07:03:00 +0000
Final-Recipient: rfc822;familie@myserver.com
Action: failed
Status: 5.7.1
Diagnostic-Code: smtp;553 5.7.1 familie@myserver.com: Sender address rejected: not logged in
Remote-MTA: dns;myserver.comy

As further detail a DKIM check of my yunohost mail server domain

Bildschirmfoto_2025-10-15_21-56-471578×570 108 KB

This point is intriguing, how the mailing list system can use an identity of sender not on its mail domain. Is it used at smtp level MAIL FROM: ?

Remote Server returned ‘553 5.7.1 [familie@myserver.com](mailto:familie@myserver.com): Sender address rejected: not logged in’

If the mail is trace of mail sent from mailing list, yunohost server did require an smtp login authentication for familie@myserver.com user what of course can not be done by mailing list server.

Still I am not sure to catch the whole picture…

How looks like other mails from this mailing list relayed to you wife mailbox ?

Regards

Mails sent by others through the list arrive without any problems (because they don’t try to fake our “myserver.de” domain identity).

I have tested it again, here are the mail.log information of my server.
It is obvious, that my server rejects the mailinglist’s e-mail:

  2025-10-17T20:32:57.377775+02:00 myserver postfix/smtpd[2836]: connect from mail1.schoolserver.de[193.xxx.xxx.xx]
  2025-10-17T20:32:57.428518+02:00 myserver postfix/smtpd[2836]: Anonymous TLS connection established from mail1.schoolserver.de[193.xxx.xxx.xx]: TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (3072 bits) server-digest SHA256
  2025-10-17T20:32:57.825478+02:00 myserver postfix/smtpd[2836]: C977740D5A: client=mail1.schoolserver.de[193.xxx.xxx.xx]
  2025-10-17T20:32:57.826671+02:00 myserver postsrsd[2842]: srs_forward: <prvs=378198d22=schulleitung@04121277.schoolserver.de> rewritten as <SRS0=2LcT=42=04121277.schoolserver.de=prvs=378198d22=schulleitung@myserver.de>
  2025-10-17T20:32:57.826811+02:00 myserver postsrsd[2842]: srs_forward: <SRS0=2LcT=42=04121277.schoolserver.de=prvs=378198d22=schulleitung@myserver.de> not rewritten: Domain excluded by policy
  2025-10-17T20:32:57.845188+02:00 myserver postfix/cleanup[2841]: C977740D5A: message-id=<08b27d3170ea47d2983c3279f88453ff@04121277.schoolserver.de>
  2025-10-17T20:32:57.926507+02:00 myserver opendkim[1021]: C977740D5A: mail1.schoolserver.de [193.xxx.xxx.xx] not internal
  2025-10-17T20:32:57.926630+02:00 myserver opendkim[1021]: C977740D5A: not authenticated
  2025-10-17T20:32:58.062700+02:00 myserver opendkim[1021]: C977740D5A: DKIM verification successful
  2025-10-17T20:32:58.062878+02:00 myserver opendkim[1021]: C977740D5A: s=s01 d=bwl.de a=rsa-sha256 SSL 
  2025-10-17T20:32:58.820787+02:00 myserver postfix/qmgr[1579]: C977740D5A: from=<SRS0=2LcT=42=04121277.schoolserver.de=prvs=378198d22=schulleitung@myserver.de>, size=754815, nrcpt=1 (queue active)
  2025-10-17T20:32:58.865528+02:00 myserver dovecot: lda(familie@myserver.de)<2846><o5GlMtqL8mgeCwAAjr1VEg>: sieve: msgid=<08b27d3170ea47d2983c3279f88453ff@04121277.schoolserver.de>: stored mail into mailbox 'INBOX'
  2025-10-17T20:32:58.866860+02:00 myserver postfix/pipe[2845]: C977740D5A: to=<familie@myserver.de>, relay=dovecot, delay=1.4, delays=1.4/0.01/0/0.04, dsn=2.0.0, status=sent (delivered via dovecot service)
  2025-10-17T20:32:58.866980+02:00 myserver postfix/qmgr[1579]: C977740D5A: removed
  2025-10-17T20:33:03.843996+02:00 myserver postfix/smtpd[2836]: disconnect from mail1.schoolserver.de[193.xxx.xxx.xx] ehlo=2 starttls=1 mail=1 rcpt=1 data=1 quit=1 commands=7

I will test now SPF set to softfail: ~all (it was on fail -all).

If even this does not work, I will (temporary) add the schools IP and domain to my spf record to force my server to accept them.

You didn’t mention the app you are using for this.
Anyway, you have to be authenticated on your server to send from it so it doesn’t (likely) be rejected by some email servers. Though yunohost allows anonymous sending, emails with accounts have to authenticate.

App? You mean Postfix/Dovecot or my mail client(s) like Thunderbird (desktop, K-9mail/fairmail(mobile), Roundcube (yunohost).

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.