DKIM creates invalid signatures

When I enable the DKIM feature, all servers with mail enabled will get the DKIM DNS record, which is fine.
But when signing outgoing email, the signatures look like this: DKIM-Signature: v=1; a=rsa-sha256; c=simple/simple; d=*; s=2017; t=1483626058; …
By having that * in d=, the remote servers try to get the 2017._dkim record from the * domain, which of course fails, thus leading the messages to fail DKIM validation.
How come Virtualmin does not put the sender domain name in the d parameter?

DomainKeys Identified Mail → Additional domains to sign for

then you need to write the specific domain(s) you need…

then, if you mean that any user domain should send its own d=

i don’t suggest this, even if should be possible…

I suggest one ssl certified mail server for any user… unless the users explicitly want a personal certified email server (eg. through which they send emails

BUT I don’t get the reason…

anyway, this issue happens when you don’t directly control your DNS, but you use external provider


1) you control your DNS, set up just one mail server for anyone and edit the default DNS for any vhost by

2) you control your DNS and the proper mail server with its own domain

3) you don’t control your DNS but you need to specify Additional domains to sign for

Did not get notifications from Virtualmin forum for some reason.
Anyway, why should I need to write each domain manually in the config? It actually signs every mail from all domains already, it’s just that it writes d=* in the signature, * does not resolve to anything, that has nothing to do with my DNS, which btw Virtualmin also controls.

Whatever, I uninstalled opendkim and removed all /etc/dkim* config files, and reinstalled it via Virtualmin. Works now, d= is properly set.