GreenArrow Engine
Change Log
- Historic (Pre-4.200.0) Change Log
Getting Started
- GreenArrow Concepts
- Hardware Requirements
- Supported Linux Distributions
- SSH Access
- Co-Existing With Other Software
- Firewall Configuration
- Installation Guide
- Email Concepts and Terminology
- Docker
FAQs
- Know Before You Buy
- - Administration and Configuration
  - Authentication
  - Bounce Management
  - Clustering, HA, and Containerization
  - Encryption
  - Complaint FBLs
  - Installation
  - IP Warming
  - Message Submission
  - Mail Routing and Traffic Shaping
  - Pricing, Account Relationship, and Support
  - Proxy Servers
  - Queue Management
  - Reporting, Monitoring and Logging
  - Security & Access Control
  - Software Updates
  - System Requirements
  - Throughput
- Chrome Mixed Content Compatability Guide
- GreenArrow Engine and AWS
- Common Error Messages
- Message Delivery
- Modifications and Customizations
- Pausing and Dumping Queues
- Direct Database Access
- Getting Started with Email Injection
- Creating a Drop Route
- Time Zones
- First Steps After Installing
- GreenArrow Components
- Getting Started with Event Notification
- Logging SMTP Sessions in GreenArrow
- Find Message Delivery Attempt Information
- Time Synchronization Services
- Ticket Portal Guide
- Internally Created Messages
Configuration
- Configuration File
- General Settings
- Performance Tuning
- Adding a New Domain
- Adding a New IP Address
- Adding A New Whitelabeled Cloud Domain
- IPs Authorized to Relay
- License Key
- URL Domains
- Secret Constants
- Processing Events on Dedicated Servers
- Managing GreenArrow Monitor SeedList
- Proxy Protocol
- Replace Content Domain
- Link Replacements
User Management
- Two-Factor Authentication
- Users for Email Injection
Email Authentication
- DKIM
- SPF and Sender ID
- Configuring a New From Address Domain
- Email Authentication for ESPs
Injecting Mail
- SimpleMH Injection
- Raw Injection
- - Raw Injection Headers
  - PHPMailer Raw Injection Example
- Injecting Mail with HTTP Submission API
- Local Injection Options
- Message Archive
- QMQP
- QMQP Streaming Protocol
- Speed Considerations
- Obscured Email Addresses
Delivering Mail
- VirtualMTAs
- Throttling
- - Updating Throttle Settings on the Command Line
  - Updating Throttle Settings in SQL
- Dynamic Delivery
- Retry Schedule
- Internal DNS Cache
- Recipient MX Selection
- Pausing Domains
Incoming Email
- Incoming Email Domains
- Aliased Incoming Email Domains
- Bounce Mailboxes
- Spam Complaint Mailboxes
- Email Forwarders
- SMTP AUTH and POP3 Email Users
- DNSBLs and RBLs
Bounces and Spam Complaints
- Bounce Processor Concepts
- Bounce Processor Configuration
- Spam Complaint Processor
- Feedback Loops
- - Yahoo's transition from ReturnPath
- Lite Bounce Processor
Reporting
- Send Statistics Overview Page
- Send Statistics Pages
- Send Statistics Integration
- Dynamic Delivery Statistics
- Disk Queue Summary
- Stats API
- Local Delivery Attempt Status Messages
- Remote Delivery Attempt Error Messages
- hvmail_report Command
- Delivery Attempt Log (Deprecated)
- Delivery Attempt Message Formats
- Delivery Event Processed Logfile Format
- Remote Delivery Status Log
- hvmail_generate_email_report Command
- hvmail_get_possible_spamtrap_hits Command
- Service Logs
- GreenArrow Status Command
- Remote Connections
- Disk Queue Messages
Event Notification System
- Types of Events
- Events Table Maintenance
- Event Processor
- Testing The Event Notification System
- Legacy Event Notification
GreenArrow Cluster
- GreenArrow Proxy
- GreenArrow Configuration
- Cooperative Throttling
- SMTP Connection Proxying
- Instance Drain
- Kubernetes Reference Architecture
- Sync Config
- Troubleshooting
GreenArrow Cloud
- Routes API
Network Services
- HTTP Server
- PostgreSQL
- POP3 Server
- SMTP Services
- Disabling SMTP-AUTH Username Logging
- TLS Certificate Configuration
- TLS Encryption for SMTP
- Legacy Services
- - Legacy Recursive DNS Server
Server Management and Backups
- Administering GreenArrow Without root Access
- GreenArrow Updates
- GreenArrow Downgrades
- Convert CentOS to Alma Linux
- Debian Updates
- PostgreSQL 16 Update
- Server Management
- System Administration
- Persistence Path Mode
- Managed Backups
- Unmanaged Backups
- Restoring Backups
- - Recover from Database Corruption
- Server Migrations
- Server Monitoring
- Metrics Server Integration
- fail2ban Integration
- Stopping and Starting GreenArrow Engine
- greenarrow Command
- Bounce Recovery
- - December 2020 Gmail Outages
- Disk Usage
- - Delete SimpleMH Clicks and Opens
- Troubleshooting Disk Space Issues
- Moving GreenArrow to a New Partition
- Email Address Retention
- High Availability Cluster
- - High Availability Cluster Administration
  - Self Managed High Availability Clusters
- Legacy Maintenance Commands
APIs
- Stats API
- - Send Status API
  - Disk Queue Summary API
- HTTP Submission API
- Configuration API
- Running Custom Code During Delivery Attempts
Third Party Integrations
- Amazon SES Integration
- Interspire Email Marketer Integration
- Ongage Integration
- Oracle Cloud Infrastructure Email Delivery Integration
- SendGrid Integration
- SMTP Relay Service Integration
Support Contact Info

Authentication

Table of Contents
Does GreenArrow Software Support DKIM, DMARC, and SPF Authentication Mechanisms?
- Sending Mail
- Receiving Mail
How Is DKIM Signing Managed?
Does the MTA support MTA-STS?

Does GreenArrow Software Support DKIM, DMARC, and SPF Authentication Mechanisms?

Sending Mail

GreenArrow Engine currently supports DKIM signing outbound mail, and supports the ability to sign with multiple domains if desired.

Support for SPF and DMARC for outbound mail is independent of GreenArrow, as both are implemented through DNS TXT records.

GreenArrow does not require that email be SPF authenticated or DKIM signed or pass DMARC to be delivered via SMTP.

Receiving Mail

GreenArrow Engine does not currently support SPF, DKIM, or DMARC validation on inbound messages.

How Is DKIM Signing Managed?

There are a number of options available in GreenArrow Engine for managing DKIM keys:

The DKIM Keys API.
The dkim_key directive.
The PowerMTA DKIM signing compatibility directives.
The DKIM Keys UI

Per-message signing behavior can be controlled with:

The X-GreenArrow-DKIM header. This enables behavior such as having multiple DKIM signatures on a single email, and/or choosing specific selectors.
The X-DKIM-Options header processed by the PowerMTA DKIM signing compatibility system, enabled with the pcompat_process_x_dkim_options_header directive.

Configuration options available include:

Specifying an entirely new default DKIM signing behavior. For example, this can be used to cause all email to be signed with an infrastructure domain name in addition to the RFC5322.From domain.
Support for DKIM header over-signing to guard against DKIM Replay attacks.
Support for ignoring headers when DKIM signing.
Control over DKIM canonicalization.

Does the MTA support MTA-STS?

Not at this time, but support will be added. If you need it, please contact us.

Administration and Configuration

Bounce Management

Copyright © 2012–2026 GreenArrow Email