Change default key length for DKIM

[LoadFactor]

The default cypher for cPanel's DKIM on my servers is k=rsa; which is a 512 bit key.

Google is listing this as a DKIM fail with
dkim=policy (weak key)
Is there any way to change the default key length so that all generated keys are 2048?

 

[cPRex]

Hey there! That's odd to me as cPanel keys have been at least 1024 with the 2048 option since version 11.50:

Set larger DKIM keys.

The current 768 bit key can be considered to be too short. It would be nice to have control over the size of the DKIM keys that are set for cPanel accounts

features.cpanel.net

Can you check the files mentioned here to see if they have been adjusted on your machine? https://support.cpanel.net/hc/en-us...can-I-generate-a-1024-bit-DKIM-key-in-cPanel-

 

[LoadFactor]

The DKIM.pm file was not altered. As it turns out, my sample was all on some very old accounts and the keys were ancient!

Second question: is there a way to regenerate keys for all accounts in one go?

 

[akhand]

Hey there! That's odd to me as cPanel keys have been at least 1024 with the 2048 option since version 11.50:

Set larger DKIM keys.

The current 768 bit key can be considered to be too short. It would be nice to have control over the size of the DKIM keys that are set for cPanel accounts

features.cpanel.net

Can you check the files mentioned here to see if they have been adjusted on your machine? https://support.cpanel.net/hc/en-us...can-I-generate-a-1024-bit-DKIM-key-in-cPanel-

Hey Sir I want To Want How To Setup PTR In 2022 And Also I did not Find Edit Dns In New Update Help Me Plss Sir

 

[LoadFactor]

Hey Sir I want To Want How To Setup PTR In 2022 And Also I did not Find Edit Dns In New Update Help Me Plss Sir

Your request is unrelated to this. Is it that hard to start your own thread?? PRT is managed by your hosting provider, not cPanel.

 

[akhand]

Your request is unrelated to this. Is it that hard to start your own thread?? PRT is managed by your hosting provider, not cPanel.

i am the owner of server and also i did not to start Cpanel thread and also this problem come after Cpanel update

 

[quietFinn]

@akhand
if you want to ask a question open a new thread instead of hijacking threads that have nothing to do with your question.

 

[LoadFactor]

i am the owner of server and also i did not to start Cpanel thread and also this problem come after Cpanel update

The title of this thread is "Change default key length for DKIM" and has nothing to do with PTR, yet here you are, asking a PTR question. The way the forum is set up can be a little confusing. Create a new question by typing a title after the "new thread" button.

Even if you own the server, the PTR is set by your provider. Most data centers have a place where you can do this, somewhere in the area where you list IP addresses. For example on OVH the screen looks like this:

 

[cPRex]

@LoadFactor - I don't have an easy automated way to do that all at once. The closest thing I would have would be the API tools, which would let you remove all the keys and then add them:

Remove domains' DKIM records

This function removes the DomainKeys Identified Mail (DKIM) records on the DNS server for one or more domains.

api.docs.cpanel.net

Add domains' DKIM record keys

This function installs existing keys for use in a DomainKeys Identified Mail (DKIM) record. This is useful if you do not want the system to generate keys for DKIM records. **Note:** * This function does **not** update the local DNS server's records. * If the local DNS server is authoritative...

api.docs.cpanel.net

 

[LoadFactor]

b) write a shell script

 

[cPRex]

Always an option!!