My old DKIM key was only 1024 bits so I updated it to 2048. I went through all the step correctly and the system generated a new key. I used a different selector in the process.
I use external DNS and updated it accordingly. This was done a couple months ago.
For some reason the system is signing messages using the old selector and 1024 bit key. Anyone got any ideas?
Thanks
Ok so I checked the config file for DKIM
/etc/opendkim.conf
The selector is set to the new value - it’s “2017”
The old one is “2012” and for some reason that’s what is being used on outgoing e-mail for every domain. All of these domains are set to use the global default key (2017 selector).
Any help is appreciated.
Can anyone help? I have scoured everywhere looking for some insight.
Ok it appears when updating the selector in the admin it does not change it in this file:
/etc/dkim-keytable
So essentially even though a new key was created the old selector remained.
I manually changed the selector to the new one and everything works now.
Apologies for the necro but I just had this issue in the current version of Webmin [1.900] where changing selector is not updated in /etc/dkim-keytable.
After changing it manually and restarting opendkim with sudo service opendkim restart the correct selector is now being specified and my email is working correctly.
Thanks so much for posting your solution.
You should open a bug about this, unlike the forums the bugs receive much more attention and fixing them will help everyone.