I would be nice if you could enable/generate DKIM for Virtualmin domains without it being dependent on the internal DNS and Mail services.
I currently use both external DNS an Mail (Google Apps), but since there is still mail generated and shipped from my server, I would like to utilize the DKIM feature. Apparently with the BIND and User Mail modules disabled, DKIM fails… Ideally it should still allow you to generate DKIM for your domains, but alert the user that they will need to manually insert the records into their external DNS service. (and as such display the generated record for copying)
I know I can manually do all of this from shell, but would be far more optimal to just use VM’s built-in functionality. I couldn’t imagine it being a big change to allow it…
I had to ask Jamie about this one, but he says it’s possible to do this. He says that on the DKIM page, you can enter the names of domains without local DNS in the “Additional domains to sign for” field.
After DKIM has been enabled, the records to add on the remote DNS server can be copied from the “DNS records for additional domains” box.
Just a follow up, it works great. However if I may make a suggestion: The current canonicalization algorithm is simple/simple, I propose that it is considered to change the default to relaxed. It’s more friendly with common modifications like added whitespace. (For example, Google Apps also uses relaxed/relaxed)
Reference: http://www.elandsys.com/resources/sendmail/dkim.html
Mail servers sometimes modify email in transit. This can invalidate the domainkeys signature. dkim-milter supports two canonicalization algorithms. The simple algorithm tolerates almost no modification. The relaxed algorithm tolerates common modifications such as white-space replacement and header line re-wrapping.
Note there are three keys in quotes. My DNS provider does not like this.
How should this be entered in to a TXT record?
Thanks
EDIT: Ok for whatever reason Virtualmin put quotes around each line in the text box… Also the name above 2012._domainkey is the hostname. The key is everything in quotes and typical would be in the record like this:
The quotes are not always in dns controlpanels and so on very much differences here.
sometimes also the domain must be written in this line (2015._domainkey_domainname) then sometimes with a dot/preiod at the end sometimes no.
The interfaces GUI’S they are using are programmed very different…
I will try with 1024 dkim and with / before the quotes… Now, the domains hosting is under updating this zone of website and I can’t view the DNS…!
I’ve inserted 2015._domainkey.donagest.com without domain because I’ve used without domain for subdomain (third level).
For the security, Apache 2.4.7 is too unsecure? I’ve fear to update the server… I’m not a system engineer… I’m self-taught…!
For the IPv6, I’ve read that Digital Ocean have problem with email on IPv6 and I’ve disabled this… To exclude this problem…!
FOR OTHER SECURITY ISSEUS TEST WITH THE LINKS A HAVE POSTED.
If You can’t handle those, please take some (online) courses readings.
While if you’re going public online without such knowledge of your server hmm (SYSADMIN basic must have knowledge) Is if driving a car without driver license dangerous for others on the road / www to)
IF insecure : Then it is possible some taking over your box to hurt infrastructure while using your box for hacking…
