When I enable DKIM there are 2 domains in the Extra domains to sign for, but should it not just be the FQDN of server.example.com and the following option makes no difference
virtualmin → System Settings → Virtualmin server configuration → configuration category: SSL settings → Create host default domain with Let’s Encrypt certificate
you’ve not taken into account that server is the first part of the FQDN. Why not just delete it & see if anything fails, TBF I never even bother looking at this options as it just works, but I would guess the developers would not add something if it was required at one point in time. It may now be redundant, but who really cares ? As with all Virtualmin stuff it just works with no interaction from the end user and should be just left alone
you are confused I think As ssl certs and Lets Encrypt have nothing to do with DKIM
Best practice (someone should correct me if I’m wrong) is for the host default domain (the name of the actual server??) to NOT be used for any email or websites – create Virtualmin virtual servers for each domain you wish to support on the server.
my understanding is that you should not use your server hostname to send emails, Joe has mentioned this several times but there is a debate as to whether this is possible now, but currently the advice is not to.
In the above picture there are 2 issues after thinking about it:
server.example.com = should not be used for sending email so should not have a DKIM entry.
web = is effectively a TLD and not a domain name so this is actually an invalid entry.
I’ve stated something that sounds kinda like this many times, but not this.
I have said, and continue to say: You should not name your server the same as a domain name you will be hosting mail for in Virtualmin (or otherwise virtually hosting mail for). It has some of the same words, but it’s roughly the opposite direction (receive vs. send) of what you’re saying.
Your server hostname probably will be somewhere in the mails you send, and it’s supposed to be. It’s how the server identifies itself to other servers.
Edit: The key word here is virtually or virtual. Anything in the virtual map (which is what Virtualmin is managing when you create email domains) should not be the same as the name of the server.
Edit2: I feel like I should explain why this is, so maybe it makes more sense. The virtual map tells Postfix, “Mail for this domain can be relayed to this server”…basically mapping mail @domain.tld to a user @ the hostname of the server. But, if the name of the server is domain.tld and you have @domain.tld in virtual, you are saying, “accept mail for @domain.tld and forward it to @domain.tld”. Now, does that make sense?
@joe what are your thoughts on the DKIM module, by default, adding the 2 domains as above into Extra domains to sign for
I ask this because I don’t think they should be there as you should not be sending emails from your hostname, so they appear to be pointless (specific reasons for each domain also above)
On a related note, there are some tests that now look for a SPF record on the HELO domain (usually the rDNS/hostname) of your server. What are your thoughts?
