I have to configure DKIM on NS7 but I must use an externally generated .PEM file.
I went to email settings screen and find the button to DKIM (should be easy to find, inside the configure screen and not outside! But that’s a CX option)
But how can I change the PEM file ?
Once I have enabled it , it show a self generated key.
I already have one, so I need to replace self generated PEM file with my own PEM file.
How to do it?
If DKIM is deactivated, it doesn’t include a signature.
You can, AFAIK, reacitivate DKIM and then have the option to create a new DKIM signature / key.
Make a config backup before doing this…
Or even a full backup first. You can implement the DKIM change right after the full backup.
Here is one of the great advantages of virtualization: A snapshot and Backup to PBS (Proxmox Backup Server) will save your Back in a critical situation.
Hi Andy
I have 2 domains : domain.tld and hostname.domain.tld
I start testing because here is before 6am so I can afford enable/disable things.
I enabled DKIM and went to CLI. found the /etc/opendkim directory and found several utils there.
I replace the defaults.private file content with old PEM file (the old pem file has public and private so I keep just private key on default.private) and restarted opendkim service with systemctl
I even tested the new config with:
[root@agulhao keys]# /usr/sbin/opendkim-testkey -d domain.com.br -k ./default.private -s default -x /etc/opendkim.conf
opendkim-testkey: ./default.private: WARNING: unsafe permissions
But I still cannot get good answer from GUI about DKIM.
I still can find where change DKIM PEM file on GUI.
I still have problems with DKIM
BTW: It’s a normal config to have 2 domains (domain.tld and hostname.domain.tld) ??
ohh… wait… something changed…
I think something else update by himself… I just got ok for my DKIM test on NS7 GUI.
I went to mail-tester.com and it’s fine.
I just document this on other threadd (about vacancy message and will post here too…sorry double post but I prefer the other find it in 2 place instead of save 120bytes of disk space)
I’ll document here and later try to edit WIKI about it.
If you wanna to have DKIM using an OLD PEM file, you can try enabling it using the three dots at right of each domain.
My config has 2 domains configurated: domain.tld and hostname.domain.tld
I change domain.tld only. Don’t worry, you can disable it if it do not work.
After choose option Configure DKIM, I saved it even the DKIM key is not what I wanna to use (private is not show, but public is shown to update/create TXT record on DNS)
So I went to CLI to replace it.
I went into /etc/opendkim and on default.private I put the old DKIM private key (my .PEM file has the public and private key, I removed the public part!)
and restarted the opendkim service: systemctl restart opendkim
after a few minutes tested it on NS7 GUI and reported as ok for DKIM so I went to mail-tester.com site and verify it!
I got a 10/10 (even my message miss a HTML version or my reverse DNS is not ok)
Now I’ll fix those problems.
Great you got it working, and if mail-tester.com gives you a 10/10, you won’t have issues sending mail to “tough” places, eg Gmail, Apple & others are known to be “fussy” about mail, DNS and associated settings.
Thank you by your continued support.
I’ve created an wiki account and updated info about DKIM and how to test them.
I also removed an useless section (double how to test it pointing to a 404 link smtp2go or something like that) and updated with info about use of external generated/already existing DKIM pem file.
Linux is Open Source, has always been, will always remain so.
My helping here is part of all this, including your documenting and improving stuff.
My Motto:
Don’t bitch about Open Source.
If you can, help!
Not everyone’s a coder,
some are good documenters,
others again find bugs in unexpected places.
Everyone can contribute!
