How to enable DKIM / SPF for server domain?

N

neemama

Verified User
Joined
Jun 12, 2013
Messages
17
Hello everyone,

I am running a website with "mydomain.com".
Directadmin is accessable via "server.mydomain.com".
Info mails from directadmin are sent via [email protected]

How ever, those mails have do DKIM / SPF validation and always cause DMARC repots.

How can I add DKIM/SPF for that mail / domain?

Thanks!
 
if mydomain.com pointed to server by NS then:
from admin level in DNS administration there should be DNS zone for server.mydomain.com
if there is no such zone - you can add records to mydomain.com but for subdomain "server" inside it.
----
if domain not pointed to server with NS - you must add this records at the server where domain pointed be NS (maybe it domain registrar panel, if you using domain registrar NSs and manage DNS zones in it's cabinet).
 
Thanks for the quick reply.

In the DNS administration I have all my domains listed.
One of them is "server.mydomain.com".
When I click on it, I have several DNS records.
Here I can add DKIM/SPF but I will have to manually create them from SSH console?
 
Last edited:
Check if your directadmin.conf has the setting either 1 or 2 according to your wishes:

All directadmin.conf values | Directadmin Docs

DirectAdmin Knowledge Base
docs.directadmin.com
If you have it at 2 and restart DA, you can create the DKIM record from the dns manager in that domain.

It should normally already have a default SPF record. Don't you have that?
 
The setting uses value "2".

As admin -> Server Manager -> DNS Administration I will have my two domains:
mydomain.com
server.mydomain.com
Click to expand...

mydomain.com has the SPF and DKIM entry
server.mydomain.com only has the SPF entry.
With server.mydomain.com I can there click on "add record" and select "TXT" but it will only give me the options "Plain, DMARC, SPF".

If I log in as the customer who is owner of "mydomain.com" I can go to E-Mail Manager -> E-Mail Accounts.
There I have DKIM enabled (or atleast on the right side I can press "Disable DKIM").
But does seem to only work for "mydomain.com" and all it's subdomains but not for "server.mydomain.com".
How ever, has admin if I go into "User Tab -> E-Mail Manager -> E-Mail Accounts" it tells me "I do not own that domain".
 
neemama said:
server.mydomain.com only has the SPF entry.
Click to expand...
Ah oke, sorry, my mistake. If you have that as seperate domain (like most of us probably) then it can only be done via the e-mail manager in DA or else via commandline.

In this case you can use the commandline options.

Login via SSH as root and issue this command
/usr/local/directadmin/scripts/dkim_create.sh server.mydomain.com

For others reading or encountering this thread with the same issue..... in a similar way you can also add DKIM to all domains not having one yet.
Check this under 1, 2 and 3 for the 3 options and commands needed:

Version 1.38.0 | Directadmin Docs

DirectAdmin Knowledge Base
www.directadmin.com
 
Richard G said:
Ah oke, sorry, my mistake. If you have that as seperate domain (like most of us probably) then it can only be done via the e-mail manager in DA or else via commandline.

In this case you can use the commandline options.

Login via SSH as root and issue this command
/usr/local/directadmin/scripts/dkim_create.sh server.mydomain.com

For others reading or encountering this thread with the same issue..... in a similar way you can also add DKIM to all domains not having one yet.
Check this under 1, 2 and 3 for the 3 options and commands needed:

Version 1.38.0 | Directadmin Docs

DirectAdmin Knowledge Base
www.directadmin.com
Click to expand...

Thank you, that worked and the DKIM entry can be seen now.

Can I now also somehow send a mail via DA as admin through [email protected] to validate DKIM/SPF? :)
 
Well.... might be hard. I'm not sure it's really effective. I never had issues with sending mail.
But you might find this thread interesting.

dkim not working for Server's Hostname

Hi, On my server dkim is enabled for all DirectAdmin domains and this is working fine. However, when sending an email directly from my Server's Hostname like: echo "This is a test." | mail -s Testing [email protected] the message is being sent from my servers hostname server.domain.com but...
forum.directadmin.com forum.directadmin.com
(last post has a solution) and this one:

Configure DKIM for host.domain.com email addresses

Hi Brent. Yes, I have my email address set for root as you described. Were you going to suggest that I temporarily stick an external address in there (like a gmail or icloud address) so I can check for DKIM signatures when the server emails me? I'll try that. :) Update: There is no DKIM...
forum.directadmin.com forum.directadmin.com

for 2 different solutions to make it work.
 
Richard G said:
Well.... might be hard. I'm not sure it's really effective. I never had issues with sending mail.
But you might find this thread interesting.

dkim not working for Server's Hostname

Hi, On my server dkim is enabled for all DirectAdmin domains and this is working fine. However, when sending an email directly from my Server's Hostname like: echo "This is a test." | mail -s Testing [email protected] the message is being sent from my servers hostname server.domain.com but...
forum.directadmin.com forum.directadmin.com
(last post has a solution) and this one:

Configure DKIM for host.domain.com email addresses

Hi Brent. Yes, I have my email address set for root as you described. Were you going to suggest that I temporarily stick an external address in there (like a gmail or icloud address) so I can check for DKIM signatures when the server emails me? I'll try that. :) Update: There is no DKIM...
forum.directadmin.com forum.directadmin.com

for 2 different solutions to make it work.
Click to expand...

Well I found a way to send a mail as [email protected]
How ever, neither DKIM nor SPF are valid (according to e.g. mail-tester.com).

Could this be because I also set DNS entries for "mydomain.com" via my domain provider, so I would have to add the DKIM and SPF entries there?

However, I already have entries there for "mydomain.com". How to add entries for "server.mydomain.com" especially since the name for the DKIM entry always is "x._domainkey"? :D

@Edit: I added the spf record for "server.mydomain.com" to my domain provider. That validates the SPF record for mails from "[email protected]". Not sure how to add the DKIM entry now as well though since both (domain.com and server.domain.com) share the same DNS-Entries and both need "x._domainkey" as entry name.
 
Last edited:
neemama said:
Could this be because I also set DNS entries for "mydomain.com" via my domain provider, so I would have to add the DKIM and SPF entries there?
Click to expand...
The DKIM is generated on the server but they are checked via DNS. So if you don't use your own nameservers, you indeed need to copy the according DNS records to your domain provider.

You could check if the DKIM and SPF for mydomain.com is the same for server. mydomain.com then in that case (if I'm not mistaken) you might just need to add a server A record to your external DNS. Not 100% sure.

I would check first if the DKIM key is not the same. If not, just add another one, with trailing dots like this:
x._domainkey.server.mydomain.com.
and then add the DKIM key for the server. But again, not 100% sure if this will work, you have to test. I never work with external DNS so thats why I'm not sure.
 
Richard G said:
The DKIM is generated on the server but they are checked via DNS. So if you don't use your own nameservers, you indeed need to copy the according DNS records to your domain provider.

You could check if the DKIM and SPF for mydomain.com is the same for server. mydomain.com then in that case (if I'm not mistaken) you might just need to add a server A record to your external DNS. Not 100% sure.

I would check first if the DKIM key is not the same. If not, just add another one, with trailing dots like this:
x._domainkey.server.mydomain.com.
and then add the DKIM key for the server. But again, not 100% sure if this will work, you have to test. I never work with external DNS so thats why I'm not sure.
Click to expand...

Yep according to google this is how it should work (x._domainkey.server.mydomain.com).
So far it doesn't. I read that DKIM validation can take up to 48h (although the SPF validation worked instantly).
So I will wait a bit and see if it starts to work :)

I already tried verifying the generated DKIM key itself. That one seems to be valid.
 
neemama said:
(x._domainkey.server.mydomain.com).
Click to expand...
Did you remember to use the trailing dot behind the .com? Because that is very important.
So it should be x._domainkey.server.mydomain.com. with the dot behind it.

Probably you did it this way, but as you can see from the other threads, it seems one has to do manual adjustments for the hostname DKIM to start working.
 
Richard G said:
Did you remember to use the trailing dot behind the .com? Because that is very important.
So it should be x._domainkey.server.mydomain.com. with the dot behind it.

Probably you did it this way, but as you can see from the other threads, it seems one has to do manual adjustments for the hostname DKIM to start working.
Click to expand...

Hmm my domain providers interface automatically changes "x._domainkey.server.bestmail.ws." to "x._domainkey.server" when ever I press enter.
It worked with the SPF entry though.

DKIM still doesn't get validated for now. I guess I will stop here since this is only relevant for personal use (e.g. when [email protected] sends an update e-mail to myself).
 
Oke it's good. I brought it to the attention of the DA team and with a bit of luck, they will take a look at the solutions and might be putting them in one of the next versions. So then this issue will be fixed automatically.
 
You must log in or register to reply here.
Back
Top