SOLVED [CPANEL-20425] DKIM for main server hostname

Mads Nordholm

Active Member
Jun 7, 2015
26
2
3
Thailand
cPanel Access Level
Root Administrator
Hi,

I was trying to set up a DKIM record for my main server hostname today, but that doesn't really seem to be possible through the WHM interface. This post on the feature request board seems to back that theory: https://features.cpanel.net/topic/dkim-for-hostname

So, does anybody know about a workaround for this issue?

It must be possible to set this up manually, but I am just not sure which services on the server actually need to be configured for this to work. If anybody could point me in the right direction, I would be very grateful.
 

cPanelMichael

Administrator
Staff member
Apr 11, 2011
47,904
2,220
463
It must be possible to set this up manually, but I am just not sure which services on the server actually need to be configured for this to work. If anybody could point me in the right direction, I would be very grateful.
Hello,

The DKIM record is added in the DNS zone, so you can simply setup the DNS entry through the "Edit a DNS Zone" option in Web Host Manager.

Thank you.
 

Mads Nordholm

Active Member
Jun 7, 2015
26
2
3
Thailand
cPanel Access Level
Root Administrator
The DKIM record is added in the DNS zone, so you can simply setup the DNS entry through the "Edit a DNS Zone" option in Web Host Manager.
Thank you. That's great, but how do I generate a valid DKIM entry for the main hostname? For all other domains it's done automatically by cPanel just by ticking a checkbox, but how would I go about doing this for the main hostname?
 

cPanelMichael

Administrator
Staff member
Apr 11, 2011
47,904
2,220
463
Hello,

You can temporarily add the following entry to /var/cpanel/users/nobody as a workaround:

Code:
DNS=hostname.domain.com
Then, run this command:

Code:
/usr/local/cpanel/bin/dkim_keys_install nobody
Thank you.

Note: Internal case CPANEL-20425 is open to address an issue where the above workaround is no longer valid as of cPanel & WHM version 70. I'll update this thread with more information on the status of this case as it becomes available.

Update: This is fixed in in cPanel & WHM version 74.0.9:
  • Fixed case CPANEL-20425: Restore unofficial technique for signing mail from hostname with DKIM
 
Last edited:

max_payne

Active Member
Feb 1, 2013
33
1
6
cPanel Access Level
Root Administrator
Hello,

You can temporarily add the following entry to /var/cpanel/users/nobody as a workaround:

Code:
DNS=hostname.domain.com
Then, run this command:

Code:
/usr/local/cpanel/bin/dkim_keys_install nobody
Thank you.
Wont simply adding a TXT entry in WHM>>Edit DNS Zone (granted you are using your own private nameservers) for the hostname subdomain create a DKIM record for it? So essentially, you would go to the DNS zone file for domain.com and create the following:

hostname TXT "<dkim record>"

Please correct me if I am wrong here.
 

cPanelMichael

Administrator
Staff member
Apr 11, 2011
47,904
2,220
463
Yes, you can add the zone entry manually if you prefer. However, you must also ensure the key is properly generated, so the workaround is often easier.

Thank you.
 

max_payne

Active Member
Feb 1, 2013
33
1
6
cPanel Access Level
Root Administrator
Thanks. Although if you need a DKIM record set up for your hostname then you are likely doing things wrong. It is likely a PHP mail sending script that is sending as user or [email protected]. Enable SMTP authentication instead for your mail sending script. If you are running WordPress then enable the 'WP SMTP' plugin to automatically configure all mail sending scripts/plugins to send as a real email address instead of as an address with the hostname specified. This should prevent you from requiring DKIM records for the hostname in the first place.
 
  • Like
Reactions: Spork Schivago

Mads Nordholm

Active Member
Jun 7, 2015
26
2
3
Thailand
cPanel Access Level
Root Administrator
Thanks for the input. You are of course right that there should be no DKIM record for the host. I was having an issue with cPanel system emails ending up in my spam folder, and I thought it would be worth a try to add a DKIM record. Turns out my PTR record was wrong, and that fixed the issue for me.

Thanks for the input in this thread.
 
  • Like
Reactions: ruzbehraja

nootkan

Well-Known Member
Oct 25, 2006
146
9
168
Hello,

You can temporarily add the following entry to /var/cpanel/users/nobody as a workaround:

Code:
DNS=hostname.domain.com
Then, run this command:

Code:
/usr/local/cpanel/bin/dkim_keys_install nobody
Thank you.
Michael, when you say temporarily do you mean to remove the DNS=hostname.domain.com line from /var/cpanel/users/nobody after running the /usr/local/cpanel/bin/dkin_keys_install nobody command?
 

cPanelMichael

Administrator
Staff member
Apr 11, 2011
47,904
2,220
463
Michael, when you say temporarily do you mean to remove the DNS=hostname.domain.com line from /var/cpanel/users/nobody after running the /usr/local/cpanel/bin/dkin_keys_install nobody command?
Yes, the goal is to simply have the DKIM record generated for the hostname, so you can remove the entry after making the edit.

Thank you.
 

allpar

Well-Known Member
Sep 16, 2005
53
3
158
I got: Cpanel::DnsUtils:608: Empty dns zone host2.domain.com at /usr/local/cpanel/bin/dkim_keys_install line 27, <$socket> line 3.
 
Last edited by a moderator:

cPanelMichael

Administrator
Staff member
Apr 11, 2011
47,904
2,220
463
Hello,

Ensure you create a valid DNS zone for your server's hostname first.

Thank you.
 

cPanelMichael

Administrator
Staff member
Apr 11, 2011
47,904
2,220
463
Hello Everyone,

Good news going forward! cPanel & WHM version 78 is tentatively set to include a new Email Deliverability option in Web Host Manager that will allow administrators to more easily detect and solve email delivery issues. Included with this feature is a tool that will check if the DKIM record for the server's hostname exists, and if not, provide an option to automatically add the record (as long as the parent domain resolves to the cPanel server). More information about this feature will be published on cPanel Releases once version 78 is closer to publication.

Thank you.
 

ribo

Well-Known Member
Oct 15, 2015
74
4
58
Greece
cPanel Access Level
Root Administrator
Hello Everyone,

Good news going forward! cPanel & WHM version 78 is tentatively set to include a new Email Deliverability option in Web Host Manager that will allow administrators to more easily detect and solve email delivery issues. Included with this feature is a tool that will check if the DKIM record for the server's hostname exists, and if not, provide an option to automatically add the record (as long as the parent domain resolves to the cPanel server). More information about this feature will be published on cPanel Releases once version 78 is closer to publication.

Thank you.
Is cPanel & WHM version 78 with Email Deliverability option will solve email delivery issues(to spam folders) for hotmail and yahoo accounts?
 

cPanelMichael

Administrator
Staff member
Apr 11, 2011
47,904
2,220
463
Is cPanel & WHM version 78 with Email Deliverability option will solve email delivery issues(to spam folders) for hotmail and yahoo accounts?
Hi @ribo,

The feature on it's own won't prevent email delivery issues to remote mail providers such as Hotmail or Yahoo. However, what it will do is make it easier to detect and implement the changes that are often required to ensure email delivery to remote mail servers succeeds.

Thank you.
 

The Old Man

Well-Known Member
Feb 24, 2016
70
13
58
UK
cPanel Access Level
Root Administrator
Thanks for this, much appreciated.

I've been setting up SPF, DKIM and DMarc for my virtual hosts (all work great except for when my forums send email via Sparkpost and they always fail the SPF check! Grr), and I noticed a lot of cPanel notifications sent from my VPS to my off-server personal Gmail address were being marked as spam 550-5.7.1 by Gmail and so came here looking for a fix.

"Why is this message in Spam? It seems to be a fake "bounce" reply to a message that you didn't actually send.

I see from my WHM that 78.0.11 is available to install, so hopefully this will fix the issue.
 
  • Like
Reactions: cPanelMichael

cPanelMichael

Administrator
Staff member
Apr 11, 2011
47,904
2,220
463
I see from my WHM that 78.0.11 is available to install, so hopefully this will fix the issue.
Keep in mind the upgrade to cPanel & WHM version 78 itself isn't what will reduce the chance of SPAM blacklisting. It simply makes it easier for administrators and cPanel users to enable the options (e.g. DKIM, SPF) that are often required to ensure email delivery to remote mail servers succeeds.

Thank you.
 
  • Like
Reactions: The Old Man

The Old Man

Well-Known Member
Feb 24, 2016
70
13
58
UK
cPanel Access Level
Root Administrator
Thanks, understood.

Will have to put this on hold for now. My upgrade stopped after updating the upgrade page after 20 minutes and now I can't access my WHM at all. My websites appear to still be live though.

Aha, another few minutes and WHM is alive, responding and telling me I need to reboot my server to complete the upgrade. Thank heavens!
 
Last edited:

cPanelMichael

Administrator
Staff member
Apr 11, 2011
47,904
2,220
463
Will have to put this on hold for now. My upgrade stopped after updating the upgrade page after 20 minutes and now I can't access my WHM at all.
Feel free to open a support ticket if you'd like us to help troubleshoot why that happened and make sure the update succeeds on the next attempt.

Thank you.