agentj
agentj copied to clipboard
DKIM for base domain
Describe the bug
AgentJ web URL can, and often is, different than the mail domain. Default no-reply address use the web domain so in a classic setup it doesn't match the configured DKIM key which is only generated for manually created domains. The result is validation mails which a bad DKIM signature
To Reproduce
- install AgentJ on a different domain than the mail domain (eg
web.domain.coopif mail domain isdomain.coop) - create a domain and keep the default no-reply mail (
[email protected]) - send a mail to a protected email with an external server
- examine DKIM signature of validation mail
Expected behavior
All mails sent from/via AgentJ must have a correct DKIM signature
- when an instance is started for the first time, a DKIM key should be generated
- corresponding public key should by local and super admins (with a DNS-ready format)
- maybe we should be able to regenerate this key (only super admin)
- maybe there should be a form somewhere to generate key from whatever domain we need (by super admin: visible for everyone, by local admin: only in their domain)
Additional context
@ctresvaux (also @sparunakian maybe) I would need some insights to better understand the situation here:
- in which cases are the no-reply addresses used? only for the authentication requests (as explained in the interface) or also to send other emails (alerts, reports)?
- do we agree that all the emails sent with a domain managed by AgentJ have a valid DKIM signature?
- can we consider to change the default email address to use the one of the created domain instead of the AgentJ web domain? It seems to me that it would solve the main issue here
- It is used for auth requests, alerts and reports
- Yes
- Yes, good idea!