hello, I want to know how to use DKIM selector? When default is used by other server, how to use it?
I work in a media company, we would consider to use 3 to 4 servers to send email. Therefore, we need to set DKIM selector.
Stephen Ho
Hi Stephen
And welcome to the NethServer community!
For any decent answer / solution for your problem, it would help massively if you include a few infos. Most / all of us here do not have mind-reading capabilities!
Such infos should be: Version, Router (Is NethServer your router or a Provider-Box?
What do you intend to use NethServer as? Hardware used for the server or virtualization? How powerful (CPU / RAM / Disks) is the server?
If using NethServer in a larger environment, you can eg use a NethServer as a central mailgateway, and 3-4 other NethServers as mailservers, where the central mailgateway acts as Smarthost for the other mailservers for outgoing traffic, incoming traffic would be “distributed” also by the mailgateway.
My 2 cents
Andy
thanks for your response. we intend to use its as independent mail servers for different kind of mail, e.g. member notice mail, member re-active mail, etc. we do not want to use it as mail gateway. As our group not holding one media only, each branch will have their own business, they do not want to centralize into one mail gateway. In our branch, we use them as mail sending machine, they are responsible to send member notice mail , member re-active mail,…etc. One PC for one purpose. The PC is not update, which is old Corei3, 3 or 4 generation, 4G ram, 500-1T hard disk only. We want to use DKIM selector, because we need to use the same domain name.
Moreover, I do not think using DKIM selector related to PC config, Mail gateway,…etc. it is a technology or a skill, everyone can learn it.
Hi
Seeing as you intend to run several servers in a medium to large environment, I’d strongly suggest to use virtualization. This is 2022, servers directly installed on hardware are - at least in Europe / US - a thing of the past. I have about 30 clients, all use Proxmox as virtualizer and all systems run virtualized.
This gives you several advantages, among them:
- Instant snapshots (eg before a critical upgrade
- Live Backups of all systems (Windows, Linux, BSD, etc)
- Fast Migration between nodes or full High Availability.
- Hardware independence.
- VMs do not need to handle eg RAID, this is handled by Proxmox.
- Several more features…
A sample of using virtualisation - even for the Cloud!:
A friend of mine works in Germany, at a NOC (Network Operating Center) for the regional government. In 2010, they had about 60 servers there, all 19" Rack versions from HP.
Since a few years, they switched to 10 powerful servers running Proxmox, In this cluster, the 60 servers are still running, albeit all virtualised.
Much less work, far higher availability, less costs and energy usage (also cooling!), also much more stable. And a lot of savings!
One really BIG advantage is the option to create “neutral” VMs which can be allocated to a duty. Like MS-SQL. Create a clean Master. If any department needs a new SQL, or even just a server for testing, it can be cloned from the “master”, and be ready in a couple of minutes. Even using scripting, this would not be possible using real hardware underneath - it would take MUCH longer!
Mail-Concept / DKIM
DKIM is strongly dependent on correct setup of the mailserver, including DNS, IPs but also SPF, SMTP helo, and several other stuff…
For your concept, you would need at least several static IPs, all with correct name-lookups (Reverse DNS / PTR).
On a “normal” NethServer (eg: single domain) setting DKIM is fairly easy, the greatest challenge is often the DNS Interface of your DNS-Provider…
See here for more Info:
https://wiki.nethserver.org/doku.php?id=email_protection_resources
And don’t hesitate to ask questions if you’re stuck!
Our Motto here is:
The only dumb questions are those not asked!
My 2 cents
Andy
Thanks for your information, all you said we all known. We use old PC because we do not want to waste for them. This is the main reason and the great reason. Is it OK? no need to speak a lot and a lot to support your point. We have our own DNS server, no need to worry about us.
finally, thanks for you to reply to my post but cannot give us any worthily information.
Thanks
If you activate DKIM…
the selector is default by default.
You can check it by sending a mail to a different mail server (eg. Google Mail) and check the header.
Within the configuration dialog, you get a DNS record to paste into your DNS-Server like
default._domainkey IN TXT ( "v=DKIM1; k=rsa; " "p=abcdgefg" "hijklmn" ) ; ----- DKIM key default for yourdomain.de
1 Like
You need to configure it manually without UI by using a custom template:
the link is lost.
Thanks mrmarkuz. If the service is running now, can I changed the selector and then generate the key again?
or where is the location of key? Can I I change it manually?
I search the web page, but I cannot find the template about DKIM selector. Would you tell me what is its topic?
I don’t know much about how opendkim works but I think you can generate keys as you like (the key file name is the selector name) and configure them in /etc/opendkim/KeyTable and /etc/opendkim/SigningTable.
To make the changes permanent you’ll need to create a custom template that adds your selectors and keys to the config files.
In /etc/opendkim/keys/
You need to create it, it doesn’t exist yet.
First step is to make it work by changing the config files, adding keys for other selectors and restart the service. Then we can think about how to make it persistent by creating a custom template.
Thank you very much. I would study it.
1 Like