TLDR: OVH SMTP servers sign DKIM ONLY when sending from: actualmailboxaddress@domain BUT NOT when sending from: aliasaddress@ or forwarderaddress@ which are all also configured on this domain I am completely hosting at OVH infrastructure (MX, zimbra-starter), but WHY NOT?! who can help? thanks.
hello OVH community, first time posting here, even though I already had quite a number of oddities.
anyhow, today topic is, enabling and using DKIM (and SPF) for one of my domains (all complete hosted at ovh infrastructure). domain is simply a domain name , the MX plan is active for it, inside the MX plan there is the DKIM logo highlighted in green and all set properly activated, also the API pages show that DKIM is set and activated, and nslookup for the SPF record (TXT type DNS) and for the selectors (DKIM) are all there and working.
> https://help.ovhcloud.com/csm/en-gb-dns-zone-dkim?id=kb_article_view&sysparm_article=KB0058238
I have created one zimbra starter mailbox, on this domain, with its mailboxaddress@simpledomain.tld and the webmail and also imap and SMTP all work fine.
then in the classical OVH customer control center (manager) or what its name is, going into my domain names properties in the emails tab there , function: manage email-forwarders, i have a few forwarders123@ on my domain there, and some pointing to this mailboxaddress123@ object. so far so good.
mails to the forwarders arrive properly inside the mailbox (checked via imap and webmail) and also in the OVH manager in the zimbra area I see the mailbox properties there and I added for example an alias at that place aliasaddress123@ which is also being shown inside the zimbra-webmailer just fine.
My problem and task is: sending smtp emails (almost always only via an SMTP client, here thunderbird) outbound and making sure the DKIM signature gets applied to the mail being sent.
I tried with sending emails to my other external mailbox at some other provider, that also checks and handles the mailheaders and shows DKIM validity inside the receiving thunderbird and also by sending to webservice dkimvalidator-dot-com, and I have observed that the OVH smtp outgoing mailservers apparently only apply DKIM signatures ONLY and exactly then, when sending (via SMTP, thunderbird) as the original from: mailboxaddress@ mailadress
DKIM in the smtp sending mailheaders do NOT get applied and created at all! (only the SPF stuff being left and used and visible in mailheaders thats all) when sending (smtp, thunderbird) as one of my forwarders123@ or my alias123@ from: mailadresses.
obviously, I am always using the account mailboxaddress123@ for logging/authenticating at the OVH smtp mailservers (465, SSL, all okay)
I can ALWAYS send and use all my forwarders and aliases mailadresses in emails outgoing, (multiple identities inside thunderbird) that always, works, the OVH smtp mailservers always accept my mails, but the DKIM stuff only gets applied when using the actual mailboxaddress123@ as the identity (from: .... ) thats how I understand it.
On my other mail/domain providers I never had such shortcomings or issues.
besides this, even when using and creating DKIM headers fine, the receiving thunderbird outside of OVH complains that DKIM via OVH does NOT sign the subject line/property. This is also degraded compared to my other provider, where the subject also gets treated and handled by DKIM.
I also have DKIM verifier extension installed inside thunderbird, that also displays these DKIM situation in colors.
I am ALWAYs sending with SMTP / AUTH (thunderbird, vis SSL/465, via the OVH mailservers as stated in the DOCs etc.)
> https://help.ovhcloud.com/csm/en-gb-mx-plan-thunderbird-windows-configuration?id=kb_article_view&sysparm_article=KB0052141
> https://help.ovhcloud.com/csm/en-gb-dns-zone-dkim?id=kb_article_view&sysparm_article=KB0058238
As far as I understood DKIM so far, is that its supposed to be valid for the whole domain, its being configured with DNS entries in the domain and I had thought smtp mailservers would apply and make use of the DKIM stuff automatically when actually sending AUTHed via the proper mailservers that are configured for the domain and the mailbox accounts.
How to make this actually happen for all the emails being sent with proper AUTH for a domain at OVH with DKIM enabled?
Thanks in advance for helping or thanks for enhancing the situation @ ovh infrastructure.
21940 
03.04.2023 11:19
Hello,
In short, DKIM means authenticated.
In order to authenticate you provide the credentials of a mailbox.
If the "From" address is different than the login/password provided to the SMTP server, I can understand that the server will not authenticate that piece of e-mail. Otherwise OVH would declare spoofed e-mail as genuine.
Thanks for the response.
Obviously, the customer, me, is always AUTHing to the SMTP server, so this is no spam or abuse or scam problem or situation whatsoever. so my other email provider allows all my addresses in general and adds the AUTHed or actually sending/from address via DKIM "header.i" tag/entry in the mail headers. wonder why OVH makes this so hard and odd.
I would really like to see all these specific specifications and oddities and shortcomings or specialties
can not switch to OVH with emails when the SMTP system is behaving like it does at OVH :( too bad.
the zimbra free, with adding aliases there all manually, can send DKIM signed stuff also by seleting from the drop-down-list for the "from: ...." addresses.
but the SMTP AUTH method with an smtp client e.g. moziilla-thunderbird, can NOT send with sending from an alias or forwarder address, even though a proper SMTP AUTH login is being used of course.
this is seriosly flawed and degraded. also the the DKIM stuff OMMITs the subject: line and doesnt include it in the DKIM signature process. all my other providers can DKIM properly for many years. can not switch over to OVH in any way.
way too many problems in very basic stuffs dealing with domains, emails etc.