| | SYSTEM INFORMATION||
|----------------------|---------------------------|
| OS type and version | Rocky Linux 8.10 |
| Webmin version | 2.111 |
| Usermin version | 2.010 |
| Virtualmin version | 7.20.1 |
| Theme version | 21.10 |
| Package updates | All installed packages are up to date |
SYSTEM INFORMATION
OS type and version
REQUIRED
Webmin version
REQUIRED
Virtualmin version
REQUIRED
Webserver version
REQUIRED
Related packages
SUGGESTED
I’m moving a mailserver to a new system. I have a DKIM question. I see the private key is in the default location. Can someone help me with the location of the public key?
I wish to copy the private and public keys to the new server instead of editing all the zone files. In some cases, DNS is hosted elsewhere and working to get those domains updated is often times a huge pain. I’m hoping to not need to make those changes.
Also, on the first system I set up, I screwed up and didn’t change the identifier to something different and when moving that, I would like to fix, yes, DNS and change that name. Fortunately there are not a lot of domains on that system. I think I may have control of them all.
Thanks!
And a side note: So many things have been added and improved. Fail2ban is a good example. In my first check, it seems to be functioning perfectly out of the box! Nice work folks! Thank you very much.
This is probably not relevant to you, but in some circumstances you might want to have a new signing key (if you had any reason to believe the old system or key was compromised, for example), in which case you wouldn’t move the old one over. Changing keys is not particularly disruptive (though you do want to make sure your outgoing queue is empty, since anything signed with the old key will no longer be deliverable after updating your DNS with a new key). But, that means if for some reason you can’t copy the old DKIM record to the new system, it isn’t a tragedy. Just make a new keypair. DKIM signed mail is validated by by the public key in your DNS DKIM TXT record, which you can update at any time.
It’s also possible to have multiple keys so multiple servers can have their own keys, but that’s slightly more involved, and I don’t think Virtualmin has UI support for it.
My wish is to move the existing private key to the new server. It needs to match the public key. If I simply copy the old existing private key over /etc/opendkim/keys/default.private what causes Virtualmin to generate a matching public key? Is it automatic each time I open the DKIM interface? Otherwise, I would need to copy the public key over into Virtualmin as well. I have no idea where that key resides in the file structure.
Thank you Calport! I had not tested disabling DKIM before. This is the solution! I’ve now diff’d the DNS configs and public keys and they all match between the old and the new. That was basically easy!
Absolutely calport. A lot has been going on behind the scenes. This new system install on Rocky Linux is very polished vs. a couple of years or so ago. Meanwhile, back to the configs.
