GreenArrow Engine
Change Log
- Historic (Pre-4.200.0) Change Log
Getting Started
- GreenArrow Concepts
- Hardware Requirements
- Supported Linux Distributions
- SSH Access
- Co-Existing With Other Software
- Firewall Configuration
- Installation Guide
FAQs
- Chrome Mixed Content Compatability Guide
- GreenArrow Engine and AWS
- Common Error Messages
- Message Delivery
- Modifications and Customizations
- Pausing and Dumping Queues
- Direct Database Access
- Getting Started with Email Injection
- Creating a Drop Route
- Time Zones
- First Steps after Install
- GreenArrow Components
- Logging SMTP Sessions in GreenArrow
Configuration
- Configuration File
- General Settings
- Performance Tuning
- Adding a New Domain
- Adding a New IP Address
- Adding A New Whitelabeled Cloud Domain
- IPs Authorized to Relay
- License Key
- URL Domains
- Convert PowerMTA® Configuration
- Secret Constants
- Processing Events on Dedicated Servers
- Managing GreenArrow Monitor SeedList
- Proxy Protocol
- Replace Content Domain
- Link Replacements
User Management
- Two-Factor Authentication
- Users for Email Injection
Email Authentication
- DKIM
- SPF and Sender ID
- Adding a New From Address Domain
- Email Authentication for ESPs
Injecting Mail
- SimpleMH Injection
- Raw Injection
- - Raw Injection Headers
  - PHPMailer Raw Injection Example
- Injecting Mail with HTTP Submission API
- Local Injection Options
- QMQP
- QMQP Streaming Protocol
- Speed Considerations
- Obscured Email Addresses
Delivering Mail
- VirtualMTAs
- Throttling
- - Updating Throttle Settings on the Command Line
  - Updating Throttle Settings in SQL
- Dynamic Delivery
- Retry Schedule
- Internal DNS Cache
- Recipient MX Selection
- Pausing Domains
Incoming Email
- Incoming Email Domains
- Aliased Incoming Email Domains
- Bounce Mailboxes
- Spam Complaint Mailboxes
- Email Forwarders
- SMTP AUTH and POP3 Email Users
- DNSBLs and RBLs
Bounces and Spam Complaints
- Bounce Processor Concepts
- Bounce Processor Configuration
- Spam Complaint Processor
- Feedback Loops
- - Yahoo's transition from ReturnPath
- Lite Bounce Processor
Reporting
- Send Statistics Overview Page
- Send Statistics Pages
- Send Statistics Integration
- Dynamic Delivery Statistics
- Disk Queue Summary
- Stats API
- Local Delivery Attempt Status Messages
- Remote Delivery Attempt Error Messages
- hvmail_report Command
- Delivery Attempt Log (Deprecated)
- Delivery Attempt Message Formats
- Delivery Event Processed Logfile Format
- Remote Delivery Status Log
- hvmail_generate_email_report Command
- hvmail_get_possible_spamtrap_hits Command
- Service Logs
- GreenArrow Status Command
- Remote Connections
- Disk Queue Messages
Event Notification System
- Types of Events
- Events Table Maintenance
- Event Processor
- Legacy Event Notification
GreenArrow Cluster
- GreenArrow Proxy
- GreenArrow Configuration
- Cooperative Throttling
- SMTP Connection Proxying
- Troubleshooting
Network Services
- HTTP Server
- PostgreSQL
- POP3 Server
- SMTP Services
- Disabling SMTP-AUTH Username Logging
- TLS Certificate Configuration
- TLS Encryption for SMTP
- Legacy Services
- - Legacy Recursive DNS Server
Server Management and Backups
- Administering GreenArrow Without root Access
- GreenArrow Updates
- GreenArrow Downgrades
- Convert CentOS to Alma Linux
- Debian Updates
- PostgreSQL 16 Update
- Server Management
- System Administration
- Persistence Path Mode
- Managed Backups
- Unmanaged Backups
- Restoring Backups
- - Recover from Database Corruption
- Server Migrations
- Server Monitoring
- StatsD Integration
- fail2ban Integration
- Stopping and Starting GreenArrow Engine
- greenarrow Command
- hvmail_init Command
- Bounce Recovery
- - December 2020 Gmail Outages
- Disk Usage
- - Delete SimpleMH Clicks and Opens
- Troubleshooting Disk Space Issues
- Moving GreenArrow to a New Partition
- Email Address Retention
- High Availability Cluster
- - High Availability Cluster Administration
  - Self Managed High Availability Clusters
APIs
- Stats API
- - Send Status API
  - Disk Queue Summary API
- HTTP Submission API
- Configuration API
- Running Custom Code During Delivery Attempts
Third Party Integrations
- Amazon SES Integration
- Interspire Email Marketer Integration
- Ongage Integration
- SendGrid Integration
- SMTP Relay Service Integration
Support Contact Info

DKIM

GreenArrow Engine can digitally sign outgoing messages using DKIM.

Every DKIM key is uniquely identified by its domain name / selector combination. There can be multiple DKIM keys for the same domain name, as long as each of these keys as a unique selector. Similarly, there can be multiple DKIM keys using the same selector, as long as each of those keys is for a unique domain. The remainder of this section is GreenArrow-centric, but if you’d like to learn more about DKIM in general, the DKIM.org website provides a good overview of this technology, and the advantages of using it.

This page’s child pages contain details on how to configure DKIM within GreenArrow Engine:

GreenArrow Engine’s Default DKIM Signing Behavior

GreenArrow Engine’s default behavior when selecting which DKIM key to use for signing is to first check a message for a Sender header. If a Sender header is present, GreenArrow Engine will attempt to sign the message using that domain’s default selector. If a Sender header is not present, GreenArrow Engine will attempt to sign the message using the domain in the From address.

This default behavior can be changed by inserting an X-GreenArrow-DKIM Header into an individual email, or applying it as a setting within GreenArrow itself. See the X-GreenArrow-DKIM Header page for details.

The default selector name that’s used when you create a new DKIM key with GreenArrow Engine is literally, default.

Selecting a Cryptographic Hash

GreenArrow performs DKIM signing using the sha256 cryptographic hash by default but also supports sha1. You can specify which hash to use by updating the /var/hvmail/control/dkim/hashfunc configuration file. For example, to restore the default of sha256, run:

echo sha256 > /var/hvmail/control/dkim/hashfunc

We recommend using sha256, both because it’s cryptographically stronger and because RFC 8301 removed sha1 support from DKIM.

Email Authentication

Creating a New DKIM Key

Copyright © 2012–2024 GreenArrow Email