DKIM Enable in cPanel overwrites any existing DKIM DNS records without warn

[batfastad]

Hi everyone

I've been running DKIM for a few years for several customers and because this feature had never been present in cPanel. For my DKIM domains I route all outbound mail through a private postfix relay VPS (through an SSH tunnel) instead of using cPanel to send mail.
On my the private relay I had opendkim doing the signing of the outbound mail and had the DNS records setup in WHM. It worked really well.

I realised that there were now some DKIM options under "Email Authentication". So I enabled DKIM on my personal test cPanel and my existing DKIM records in DNS appear to have been replaced. Without warning.

I assumed that the "Enable" button would provide further options to enable it on a per-domain basis and provide the private keys.
Not that it would enable it globally for all domains in that cPanel, overwriting any existing DNS records.

The reason I assumed that it wouldn't overwrite the existing DKIM DNS records is that there's an checkbox to "Overwrite Existing Entries" in the SPF section directly below.

You should be able to enable/disable DKIM on a per-domain basis through cPanel.
You should be given an option to overwrite existing DNS records, making it consistent with the SPF options on the same page.
An ADSP DNS record should (optionally) be created per RFC 5617

Anyone else discovered this the hard way?

Cheers, B

[MPqO]

Hi everyone

I've been running DKIM for a few years for several customers and because this feature had never been present in cPanel. For my DKIM domains I route all outbound mail through a private postfix relay VPS (through an SSH tunnel) instead of using cPanel to send mail.
On my the private relay I had opendkim doing the signing of the outbound mail and had the DNS records setup in WHM. It worked really well.

I realised that there were now some DKIM options under "Email Authentication". So I enabled DKIM on my personal test cPanel and my existing DKIM records in DNS appear to have been replaced. Without warning.

I assumed that the "Enable" button would provide further options to enable it on a per-domain basis and provide the private keys.
Not that it would enable it globally for all domains in that cPanel, overwriting any existing DNS records.

The reason I assumed that it wouldn't overwrite the existing DKIM DNS records is that there's an checkbox to "Overwrite Existing Entries" in the SPF section directly below.

You should be able to enable/disable DKIM on a per-domain basis through cPanel.
You should be given an option to overwrite existing DNS records, making it consistent with the SPF options on the same page.
An ADSP DNS record should (optionally) be created per RFC 5617

Anyone else discovered this the hard way?

Cheers, B

Related:

http://forums.cpanel.net/f43/cpanel-...ed-280441.html

You're right. The way DKIM is implemented is really weird. REALLY weird.

[batfastad]

Yeah I thought it was completely bizarre to overwrite the DNS records, especially for domains that are configured for external mail.

I just wanted to check that what I was seeing was the designed behaviour.

Cheers, B

[justintoxicated]

Yeah I thought it was completely bizarre to overwrite the DNS records, especially for domains that are configured for external mail.

I just wanted to check that what I was seeing was the designed behaviour.

Cheers, B

Well maybe check this out DomainKeys Identified Mail (DKIM) Signatures - Unlock The Inbox

[batfastad]

Well maybe check this out DomainKeys Identified Mail (DKIM) Signatures - Unlock The Inbox

Right, I understand how it works and how to construct a DKIM record. I've been doing it manually for years! I just thought it was strange the way cPanel would overwrite existing DNS records without any warning.

Or do you mean the part where it says...

it's time to look for a different software package that is up to date with current email standards

Cheers, B

[MPqO]

Well maybe check this out DomainKeys Identified Mail (DKIM) Signatures - Unlock The Inbox

The way cpanel DKIM (and SPF) is implemented still suffer.
This is nice but doesn't fix the issue.

Sent from my HTC Desire using Forum Runner

[cPOfficianado]

Hi,

For my DKIM domains I route all outbound mail through a private postfix relay VPS (through an SSH tunnel) instead of using cPanel to send mail. On my the private relay I had opendkim doing the signing of the outbound mail and had the DNS records setup in WHM. It worked really well.

That sounds like a lot of work, what kind of time delays or mail queue backups resulted from this? I use Exim to send to larger lists.

Do you think the current implementation would work if the only account/domain on the cPanel setup is a mail server, and I turn it on? I'm interested in seeing how it may affect delivery rates, as mine have been very poor lately, though if I check through senderscore or emailreach I'm fine.

Thanks,
cPO

[cPanelTristan]

Hello,

If you believe the current implementation could be changed to account for this, I'd suggest posting a feature request to give the option to rewrite the existing entries or not like SPF has. Feature requests can be posted at Feature Requests for cPanel/WHM

Thanks!