How to change the x selector of DKIM?

[stof]

Hi,

I try to create a different dkim selector.

The email is on server A and the website on server B.
But both automatically generate an x selector.

Now on the server where the website is running I want another selector.

Therefore I changed the selector in the exim.dkim.conf file in the folder etc from an x to an y.

After that I restarted exim in the directadmin control panel.

After that I run this script to create a new key:
cd /usr/local/directadmin/scripts
./dkim_create.sh domein.nl

However also that key has the x as selector.

What do I miss here? I miss a step to get it running. Any idea?

Thanks!

 

[Richard G]

Now on the server where the website is running I want another selector.

So why do you want to change the selector, what is the problem you are experiencing with DKIM? Because a selector does not cause issues.

I'm think you might be thinking the wrong way. If you use email on der A, then server B should not send any emails for that domain.
Unless it's unauthenticated php mail but that will go via the hostname.

If you do use authenticated mail on server B, than you should look at the MX page of the domain and deselect the option to "use this server to handle your mail" or something like that and have the MX record point to server A too.

However if you really want to change the x as selecter.... then what you did might not be enough.
First remove the existing DKIM key.
Then:

All directadmin.conf values | Directadmin Docs

DirectAdmin Knowledge Base

docs.directadmin.com

It migh be needed to rebuild exim and exim.conf

After that you should be able to create a new DKIM key with the new selector.

However as said... I have the impression you're trying to fix something with the wrong solution.

 

[Driesp]

Hi there

I would just use the same DKIM key on both servers. This fixes your problem.

Kind regards
Dries

 

[Hetzner DirectAdmin]

To be able to change the selector at install is actually very important:

X marcs the spot and is just to common. All kidding aside now.

I can give you a couple examples of why you would need a separate selector.

One in particular is that if you need to switch between your own DA (because it crashed as a result of your teenage kid spilling chocolate cereal all over your server at 5:40am) then to quickly switch over to your emergency preconfigured backup external provider like MXroute you can just make a few simple less time consuming DNS modifications to point to MXroute.

DKIM records require you to be focused ! Specially if you have multiple domains that you need to repoint while you are trying to get the corn flakes from out of the CPU fan with a small hoover.

I am sure there are other people out there who have much better technical examples of the needs of changing the selector.

But in the mean time,

Is there anyone out there that could provide the exact instructions right after the inital DirecAdmin setup process ends?

I am compiling a "newbie learners guide for Commodore 64 dummies" on DirectAdmin using Hetzer and hope to post it here when complete and i think this initial selector step has some merit.

Thanks so much guys,


ps: An Irish breakfast is always the safer bet !

 

[Hetzner DirectAdmin]

Therefore I changed the selector in the exim.dkim.conf file in the folder etc from an x to an y.

After that I restarted exim in the directadmin control panel.

After that I run this script to create a new key:
cd /usr/local/directadmin/scripts
./dkim_create.sh domein.nl

I wonder if there are conflicts because you did not configure this at the intial install.

I presume you would need to retrospectively change the selector for all the domains you already have with the old DKIM selector?

Personally, I think DirectAdmin should make the default selector da the x selector is just commonly used for such an important element in the transmission of emails.

 

[Richard G]

Is there anyone out there that could provide the exact instructions right after the inital DirecAdmin setup process ends?

What about the doc I linked too? Can't be more exact for instructions.

We're working for years with selector x without any issues. So I don't agree a selector da should be default, then there would be better defaults. But it's working great as it is and easy to change to something custom. The x, not x selector, is used for other elements like X-Spam and stuff like that, but it doesn't disturb the DKIM part. Otherwise we would have had issues already often.

I wonder if there are conflicts because you did not configure this at the intial install.

I don't know what you mean. If you change it right after DA installation then you don't have to adjust anything or maybe just the admin domain record. Unless I didn't understand what you mean.

 

[Hetzner DirectAdmin]

What about the doc I linked too? Can't be more exact for instructions

Apologies, i tried to edit my post and add the screenshot, I am trying this now on a new install as we speak hehe.

If you change it right after DA installation then you don't have to adjust anything

Yes, this must be the best time to do it. Otherwise, I presume there are going to be complications or errors.

Thanks @Richard G

 

[Richard G]

Otherwise, I presume there are going to be complications or errors.

Not necessarily. There are quite easy ways if I remember correctly to fix this afterwards too. But best time is indeed right after installation.

You're welcome.

 

[Hetzner DirectAdmin]

Not necessarily. There are quite easy ways if I remember correctly to fix this afterwards too. But best time is indeed right after installation.

You're welcome.

However also that key has the x as selector.

What do I miss here? I miss a step to get it running. Any idea?

Well i did a new CentOS install and the command provided do not work, DA is still issues x as the selector.

I ran the da build exim file, rebooted and even checked the nano /etc/exim.dkim.conf which reflects the selector to be dax

So I am stumpped, I am betting there is another file that needs to be changed

 

[Hetzner DirectAdmin]

I now tried changing the selector using a fresh Ubuntu 24.04 install, and the selector that shows up on dns is still x.

I wonder if changing the selector in the /etc/exim.dkim.conf actually tells exim to use the custom selector, but that the USER->DNS is simply incorrectly displaying the wrong selector.

Which would suggest emails would spectacularily fail as a result.

 

[Richard G]

I just checked. It's making the change in directadmin.conf then restarting directadmin.
After that, both the da build exim and da build exim_conf to make things work.

After that, the /etc/exim.dkim.conf should be changed.

However. There is a "related" link in that part of the docs which points to here which is more extended:

Version 1.53.0 | Directadmin Docs

DirectAdmin Knowledge Base

docs.directadmin.com

and in there it says you need to edit the exim.dkim.conf file and chattr it and after that build the exim.conf to make things permenantly.

So in that case I wonder what the change in the directadmin.conf is doing if that isn't used for DNS.

Maybe it's a good idea to send in a ticket about this, as the docs are fairly inconsistant now about this.

 

[Hetzner DirectAdmin]

Well, I just reinstalled a fresh CentOS with no install errors. So, I may as well be the guinnea pig on this and test to see if directadmin.conf way works.

I was on the fence about just letting this go, but considering I can have multiple DKIM on my dns, I should try to get this working.

I have taken a OS snapshot now, so I can try this a few times

 

[Hetzner DirectAdmin]

That worked beautifully @Richard G !

nano /usr/local/directadmin/conf/directadmin.conf

add:

dkim_selector=dax #or whichever you like

systemctl restart directadmin

da build exim
da build exim_conf

nano /etc/exim.dkim.conf #Just to be sure it is not back at x