FQDN name change not reflected in DKIM

mailserver
(HF) #1

As per title, when the FQDN is changed the DKIM keys are not updated, and still holds the ‘old’ FQDN.

responsible code:
/etc/e-smith/events/nethserver-mail-server-update/S40nethserver-mail-create-opendkim-key

snippet:

if ((! -f “/etc/opendkim/keys/default.private”) || (! -f “/etc/opendkim/keys/default.txt”)) {
system ("/usr/sbin/opendkim-genkey -b 2048 -D /etc/opendkim/keys/ -d $domainName") == ‘0’||
die “[ERROR] Opendkim cannot create correctly keys: $?”;
}

The code checks if there are DKIM keys and if not, generate the keys. Since there is a FQDN change, there are keys so no new ones are generated.

By removing the old key manually and executing S40nethserver-mail-create-opendkim-key mannually, new and correct keys are generated.

HTH

(Stéphane de Labrusse) #2

AFAIK we decided to simplify the DKIM signature and we use only one key to sign all the outgoing emails, why:

  • If you change the FQDN, no changes to propagate to the dns server
  • When you create the domain mail, the key is already available, no need to save the settings and open again the domain menu to display the key
  • Since the same server is used to send for several domains, the same key could be used

So in short for me, it is a normal behaviour

(HF) #3

FYI

The FQDN changed from mydomain.com to yourdomain.com, the text key still contains mydomain.com.

(Stéphane de Labrusse) #4

that is just comment, what is important is the key file inside

(HF) #5

Ok, my little brain thought to report it :wink: