On a test system the generated DKIM records look like this:
202409._domainkey IN TXT ( "v=DKIM et cetera)
Is that 202409 automatic from when I installed this (meaning September) or did I/can I set it somewhere? And if it is automatic and date related is there some way to change it every few months (or something already at work that will do that)?
In Virtualmin → Email Settings → Domainkey Identified Mail, when you enable DKIM, you have the option to specify a value for selector - else a default (e.g. 202409 that you have) in the format of yyyymm is used.
Thank you. Is that “before you install the first mail domain”? It does not seem to be editable for me (which makes sense since it would be signing all outgoing mail this way so it/I would have to add new DNSes at the same time).
No, this is just as you enable DKIM. This is independent of the number of domains that are installed. You can enable or disable DKIM in Virtualmin whenever you wish to do so, but you get to specify the selector of the DKIM record only once - when you enable DKIM for the first time.
I don’t remember enabling DKIM purposefully at any point (that doesn’t mean that I didn’t). You mean that this is a server-wide setting right (and not something I setup each time, per virtual server)? I don’t see anything in the Post-Installation Wizard. Do you know at which step would I have been confronted with using the default or something else?
Right thanks, I see how it works now (no matter how it ended up being the year and month the server was installed).
For anyone else that finds themselves here, when you go to “Email Settings”, “DomainKeys Identified Mail”, and then check “No” to “Signing of outgoing mail enabled?” and save, virtualmin will immediately update all of the DNS records to remove the dkim stuff for all sites that have it enabled.
When you check “Yes” again, it will allow you to type in that box some new DKIM name you like better ie, the part before the dot here:
202409._domainkey IN TXT ( "v=DKIM et cetera)
When you click “Save” it will update all those DNSes back again.
To be clear the selector name format is not important, cpanel uses default._domainkey.
I guess having a date format is good to know when it was first added or changed.
For the record, once its set it stays set so it would be the date that DKIM was added to the server, not the date that DKIM was enabled for the Virtual Server (or the date that the Virtual Server itself was created… not that anyone would notice or care).
Some consider it best practice to update DKIM keys every few months. I’m not sure if that’s really necessary but using something with the date in it would certainly be helpful in determining when “3 months are up” which is why I originally asked if something was automatically setup to cycle these.
I use part of the hostname as selector in a DKIM record. Doing so helps when multiple DKIM records have to be assigned to the same domain. One can then tell at a glance which DKIM record corresponds to the server which is being used to send out mail.
We often need to send out mail from localhost as well as some other host from the same virtual server and having cryptic selectors in DKIM records can get confusing. Using a part of the hostname makes it easier to understand which DKIM record is for which host.
For example
vps01._domainkey IN TXT ( "v=DKIM et cetera)