The website will need to use smtp settings of the email hosting of the domain as the DKIM signature is generated by the MTA (postfix).
Any further thoughts on adding a choice that simply says âAll domainsâ, @Jamie?
I could do that I suppose, but for domains without DNS where would the DKIM DNS record be populated? Do you have domains with offsite DNS hosting?
3 Likes
Maybe like how suggested SPF is displayed.
I think the OP has off-site DNS
Ok I will add an option for âAll domainsâ in the next release.
I take it by this response you realized the answer to this? Adding the âAll Domainsâ option would take away the need for the " Extra domains to sign for" text box and should automate that process - meaning when a new domain is added to the box it would be added to the DKIM domains list and when removed from a box it would be removed from there.
Yes, thatâs the plan. And for domain without DNS hosted by Virtualmin, the DNS records for DKIM would need to be added elsewhere by the admin.
Correct - that is what we currently do - each domain has its own DNS record on its external (from the web serverâs) name servers. Thanks for the clarification. Looking forward to the change/addition.
this might be a silly question, but can these records be exposed via an API (if not already) so this could be used to automate this process for the OP. I appreciate not everyone is going to use this but it is just an idea exposing this data as JSON.
My request to @Jamie is essentially about automating DKIM signing so that it is always enabled by default for new virtual servers and automatically removed when domains are deleted, without requiring manual intervention.
While virtualmin set-dkim --enable can enable DKIM signing, unless I am mistaken, it only applies to existing domains at the time of execution. It does not enforce DKIM signing as a persistent setting for new domains.
For full automation (what I am asking for), Virtualmin would need a mechanism that:
- Automatically enables DKIM signing when a new virtual server is created (ensuring consistency).
- Removes DKIM signing when a virtual server is deleted (keeping things clean).
- Keeps existing domains in sync without manual reconfiguration.
This is why adding it as a template setting or a global option in Virtualmin would be the ideal solutionâensuring that DKIM is always applied correctly without requiring a manual API call or script execution after domain creation.
Does this bring up the question of features vs server template?
Features would be updated live and behave a bit like permissions whereas the server template is only when the server is initially created.
So DKIM will be enabled for new domains already in Virtualmin, as long as they have DNS hosted locally. And it will be removed when the domain is deleted.
The issue here, as I understand it, is that DKIM doesnât get enabled for domains that donât have local DNS. Thatâs what I have added an option to fix in the next release, and it will apply to both existing and new domains.
4 Likes
This topic was automatically closed 8 days after the last reply. New replies are no longer allowed.