[FR] A feature to enable/disable DKIM sign per domain on user level

[zEitEr]

Hello,

If would be handy to have a feature to enable/disable DKIM sign per domain on user level.

For now users have no possibility to enable/disable DKIM even if they host domains with external NameServers, so they should contact support team either to ask for a help to move/copy TXT records to their NS, or disable DKIM at all.

So please add this feature into web-interface of Directadmin.

I guess the all it should do:

mv dkim.private.key dkim.private.key~off 
mv dkim.public.key dkim.public.key~off

to disable DKIM and

mv dkim.private.key~off  dkim.private.key
mv dkim.public.key~off dkim.public.key

to enable DKIM back.

 

[Justin2501]

Status

Will this FR ever be added?

 

[kevinb]

+1

This use of DKIM is no longer optional. We are working on enabling it for all of our clients that have local name servers. We need the customers with external DNS to be able to enable/disable without having to open a support ticket every time.

Thanks,

Kevin

 

[Wanabo]

Try this guide, https://help.directadmin.com/item.php?id=569
No need to edit exim.conf if you let custom build maintain your exim configuration.

 

[kevinb]

I already have DKIM setup on the servers. This request is to enable/disable it on a per domain basis which is not supported currently.

Try this guide, https://help.directadmin.com/item.php?id=569
No need to edit exim.conf if you let custom build maintain your exim configuration.

 

[zEitEr]

A good try would be to inform John on the matter via tickets, it doesn't seem that John has read the thread, at least he is not in the list of Members who have read this thread as of yet.

 

[DirectAdmin Support]

I've added a very rough work-around so you can disable it on a per-User basis:
https://www.directadmin.com/features.php?id=1937

Pre-release binaries uploading, should there in 20 minutes.

John

 

[DirectAdmin Support]

Just realized per-Domain would be very useful too, in case 1 User has one domain that needs it, and one domain that doesn't.
The domains/domain.com.conf file now also supports it.

John

 

[ditto]

I do not understand the need for this. If some domains use external DNS, then the DKIM key will not create any trouble. Why the need to disable it? It will not be used if the domain has external name servers. I do not see how it can cause any trouble if the key exist on those domains.

 

[SeLLeRoNe]

It actually will cause massive problems.

If your mail server is "telling" to the remote server that he is DKIM signed and the remote server goes and check DNS without find a match you'll have chances that youl'll mail wirll be rejected or marked as spam.

Best regards

 

[ditto]

I don't get it. If the DNS is external, the remote sever will go back to the external server, so I don't see the problem. Because then the local DNS is not used and not seen by any remote server.

 

[Arieh]

I don't get it. If the DNS is external, the remote sever will go back to the external server, so I don't see the problem. Because then the local DNS is not used and not seen by any remote server.

It's your local MAIL server which is signing the outbound e-mails with DKIM, the receiving mail server will see this and check if the DKIM is present in the DNS, which will not be the case if its external, so, your e-mail will be flagged as spam.

 

[ditto]

Sorry. I still do not get it. My local mail server is sending from hostname when emails is sent with php mail script. So that case is never a problem.

All my users is also sending email from my hostname when using SMTP.

I guess I only see the problem in cases where the DNS is external, but mail is local, maybe. But that would not affect my users, because all users only send email with my servers hostname.

By the way, my hostnames is signed with DKIM.

 

[SeLLeRoNe]

THe signer is the domain so, whatever is after the @
If you send as [email protected] and your server is server.example.net your and DKIM is enable your signature would be on example.com, because no matter the server.. is the domain who get signed.

So, if DA is managing your DNS that's fine, DA take care of signing and also on creating the DNS entry when DKIM get enabled, but, if you usee external DNS and you set DKIM=1, DA will still create local DNS and will configure the mail server to sign all the outgoing mail for that domain with DKIM.

Now, when the incoming mailserver will receive the email with the signature, will go and check the DNS, but because the DNS are not managed by DA and you may have forgot to create DKIM relative records on the external DNS Server, it will notice that those DKIM relevant records are not existent, and will mark that email as "pretended to be signed but it was not" and mark it as Spam or even totally reject it.

Hope now it is clear

Best regards

 

[ditto]

@sellerone, please see my previous reply. I am not affected by this.

 

[SeLLeRoNe]

Hi ditto,

i saw your reply, you're not affected because you use DA for DNS, but your post started with "Sorry. I still do not get it." so i just wanted to try to clarify it a little more

Best regards

 

[zEitEr]

By the way all outgoing emails from a domain get signed if a DKIM key is created and can be found in /etc/virtual/domain.com/ folder (domain.com is just an example of domain's name). And it's not only PHP, it can be your phone, pc, etc, which is using Directadmin server to send emails.

And if you use Name Servers of your domain registrar or virtual/dedicated server provider (or any other 3-rd party's) for your domains, they are usually not synced with records in your local DNS on Directadmin server and might miss DKIM public key. That's the case when you need to disable DKIM for a domain or an user.