Force DKIM to less than 255 characters?
- Thread starter thewitt
- Start date
ikkeben
Verified User
Better look for another dns provider, mostly if so this is not the only part that has lack off some... "a format that meets RFC standards"
The key size DKIM you have to set lower, don't know where now. search for it in forum or web. But not so good...
Last edited:
I wish it were that simple I have 140 domains registered there. We've only recently had requests to support DKIM records, and I have 20 or so domains with shorter records so they are fine. I will likely have to search for third party DKIM record generators in the interim.
OK, follow up question. I can generate a 255 character DKIM record at https://tools.socketlabs.com/dkim/generator, but I need to store my Private Key somewhere on my SMTP server. Where would that go in Directadmin?
Richard G
Verified User
In the DNS records, it's a DNS TXT record. You also need a validator.
Or get a second ip (or VPS 5 euro per month which has a ipv4 and you can use with Directslave) so you can use your own DNS server.
I'm not using DirectAdmin's DNS, and I won't host my own. I've done this in the past, and unless you have multiple physical devices, any outage that impacts your "DNS machine" will impact all of the domains that use your DNS services. I have three virtual servers with failover now for the domains that I host, but hosting the DNS server is not something I want to add to the mix.
My question is really with regards to where do put the Private Key and Public Key files so that the SMTP server will use these when sending email so they get the proper DKIM record.
I've been able to generate a 256 character DKIM1 record, but I need this record to be used on outgoing email. I've already loaded it into my DNS providers TXT record for the domain.
Richard G
Verified User
As far as I can see, they are residing in the /etc/virtual/domain.com folders like this example:
/etc/virtual/somedomain.nl/dkim.private.key
/etc/virtual/somedomain.nl/dkim.public.key
I presume that is what you're looking for?
I replaced those two files, but something is still incorrect it seems. When I send the email, I get the following DKIM validation error in the header:
dkim=fail reason="key not found in DNS"
When I do a DNS TXT record query, I show the correct DKIM record as the 255 character one I generated. The entry has a 5 minute TTL so I'm pretty sure the validator would have been able to find the record in the DNS entry itself.
Still more digging to do on my end I'm afraid.
dkim=fail reason="key not found in DNS"
When I do a DNS TXT record query, I show the correct DKIM record as the 255 character one I generated. The entry has a 5 minute TTL so I'm pretty sure the validator would have been able to find the record in the DNS entry itself.
Still more digging to do on my end I'm afraid.
Richard G
Verified User
It has to be in local dns too so in Directadmin users DNS record.
I moved a test domain to my DNS servers - not something I consider a production server, but it does let me use the DirectAdmin panel. I deleted my 255 character DKIM files, disabled and enabled DKIM for this domain and sent another test email. In the process I also added a DMARC TXT record - unrelated, but it confirms that my new DNS entries are being used.
This time the mail passed DMARC but still failed DKIM with the same error.
I switch to a different receiving email account and it passed this time... This is the OOB DKIM support. It appears that my first receiving email DKIM validator (iCloud.COM) caches domain DKIM information for some period of time, as it did NOT check the new DKIM record. It did check the DMARC record, but not the new DKIM record.
I'll change it again back to the 256 char record and use another email account... see if this time it all works. I'm only putting this here for completeness for anyone else searching. I've got to work on other things now, but I'll test the 256 char version later and post the results when I do to see if I can force that DKIM record to be used.
This time the mail passed DMARC but still failed DKIM with the same error.
I switch to a different receiving email account and it passed this time... This is the OOB DKIM support. It appears that my first receiving email DKIM validator (iCloud.COM) caches domain DKIM information for some period of time, as it did NOT check the new DKIM record. It did check the DMARC record, but not the new DKIM record.
I'll change it again back to the 256 char record and use another email account... see if this time it all works. I'm only putting this here for completeness for anyone else searching. I've got to work on other things now, but I'll test the 256 char version later and post the results when I do to see if I can force that DKIM record to be used.