The intention is to only send mail from the host to external destinations, not receive it. Why would we need to make a mail username for the recipient locally?
This was not a migration from another hosting platform. We just happen to have both cPanel and Virtualmin servers in our cluster, and have been gradually moving away from cPanel.
I actually think that cyberndt’s suggestion to disable mail functions for the virtual server then add that domain name to the server’s global DKIM settings as within “Extra domains to sign for” will work fine. I noticed that the DKIM DNS record for the server’s primary key pair is identical to the DKIM DNS record within a virtual server when mail functions are active, which would mean that the same key pair is shared across the whole system anyway. That would pose two questions:
- Why would the key pair be shared across all virtual servers? Does that not potentially allow two different unrelated virtual servers on the same system to forge authentic mail for a different virtual server?
- If the key pair really is shared across all virtual servers, why could there not be an “All domains” option under “Domains to sign for by default” regardless of mail/DNS functions being enabled on a virtual server basis?
I’ve asked our client to publish the server’s primary DKIM DNS record for their domain name, which they have. After which I sent a test email via a terminal, it got signed, and they received it without issue. Thanks cyberndt!