DKIM Issues / Comments


I thought I’d checkout the new support for DKIM in Virtualmin (Since the dashboard was advertising the new feature) But I have a couple of issues.

First, I checked the help link in Virtualmin on the DKIM page, not much there, just a description of what it is. Ok, so it must be simple right, lets just enable it. Oops, just keeps saying there was an error (with no description).

So I had a look on here and found the documentation and found: “Do NOT enter default, as this can trigger a bug in the current Virtualmin release which deletes the /etc/default directory!” Ouch!

Well now that’s clever, because can you guess what the default value for the DKIM selector is… yes it’s “default”. With no alert or mention on the page (or the help page) that this could be an issue.

So anyway I went with the recommendation in the documentation to use the year as the selector so now it set to “2010” DKIM enabled without error. Except it’s enabled globally for all domains/virtual hosts, one of my domains has an address I use as the from address for error messages sent from many servers, none of which will be using domain keys. So can I exclude this… ? I could probably remove the extra TXT records form DNS but I’m sure next time I altered the DKIM settings it would be back… hmmm… have to think about that.

So now it’s working, I think, but I noticed in DNS that the TXT record for DKIM includes “t=y” which flags to recipients that I am only testing DKIM effectively saying do DKIM on this email but don’t inforce the result. So how do I get rid of that… again I could edit the TXT DNS record manually but as before I’m sure my changes would be over-written when ever I used the DKIM settings page. This test mode isn’t even mentioned in Virtualmin or in the documentation so unless you were either poking around in DNS you wouldn’t possibly notice.

I am very pleased to see DKIM support in Virtualmin as it is otherwise moderately tricky to setup, and I don’t like making too many custom settings on a Virtualmin or similar server as it tends to lead to unforeseen conflicts down the line. So this is an excellent addition that on the whole works just fine, just needs a little manual intervention in places at the moment.

If there is something I’m missing please let me know.

Otherwise can I make a couple of suggestions:

  • First the default selector should not be “default” if this is going to cause an issue. I would guess that this part of the default config on the DKIM milter so maybe a warning displayed on the page stating that ‘the value “default” is not safe to use at this time, please change it’ would be appropriate.

  • When enabling DKIM on outbound email either a notice is displayed to confirm you want it all domains, or the ability to select which domains get enabled.

  • the ability to select/deselect the testing flag, possibly on a per-domain basis

  • Either more of the documentation in the help link on Virtualmin or a link on the help page to the online documentation page (where it exists) for more info.

I would like to +1 everything Graeme says above…