LayLow
(HF)
1
As per title, when the FQDN is changed the DKIM keys are not updated, and still holds the ‘old’ FQDN.
responsible code:
/etc/e-smith/events/nethserver-mail-server-update/S40nethserver-mail-create-opendkim-key
snippet:
…
if ((! -f “/etc/opendkim/keys/default.private”) || (! -f “/etc/opendkim/keys/default.txt”)) {
system ("/usr/sbin/opendkim-genkey -b 2048 -D /etc/opendkim/keys/ -d $domainName") == ‘0’||
die “[ERROR] Opendkim cannot create correctly keys: $?”;
}
…
The code checks if there are DKIM keys and if not, generate the keys. Since there is a FQDN change, there are keys so no new ones are generated.
By removing the old key manually and executing S40nethserver-mail-create-opendkim-key mannually, new and correct keys are generated.
HTH
stephdl
(Stéphane de Labrusse)
2
AFAIK we decided to simplify the DKIM signature and we use only one key to sign all the outgoing emails, why:
- If you change the FQDN, no changes to propagate to the dns server
- When you create the domain mail, the key is already available, no need to save the settings and open again the domain menu to display the key
- Since the same server is used to send for several domains, the same key could be used
So in short for me, it is a normal behaviour
1 Like
LayLow
(HF)
3
FYI
The FQDN changed from mydomain.com to yourdomain.com, the text key still contains mydomain.com.
stephdl
(Stéphane de Labrusse)
4
that is just comment, what is important is the key file inside
1 Like
LayLow
(HF)
5
Ok, my little brain thought to report it
1 Like