G'day All,
There's been a feature request outstanding for 5 years about this, which is unfortunately all too common for cPanel's handling of feature requests...
https://features.cpanel.net/topic/dkim-support-for-custom-selector
The current validation process for DKIM before signing outgoing email (added in v78 I believe) has exacerbated the problem, since even kludgy workarounds directly via exim.conf are now ineffective.
Previously, overriding the "dkim_selector = default" statement was enough to solve the issue, but now a full validation is performed with a DNS lookup before signing is allowed. Even if the dkim_selector value is changed within exim.conf, the validation is still performed against default._domainkey in the authoritative DNS zone no matter what value is set for dkim_selector in exim.conf.
We have many clients who send via our servers and also via external cPanel based servers. Both ourselves and the external services are limited by cPanel's implementation to use only the "default" selector.
To allow DKIM signing by ourselves and the external services, separately named DKIM selectors are required. It's obviously not possible to create two default._domainkey records in the one zone.
The need for DKIM selector naming is explained very well in the "What is a DKIM selector" section of...
http://www.dkim.org/info/dkim-faq.html
This feature request is not a luxury item by any means. It's a basic feature of DKIM itself. The fact that cPanel still doesn't comply with the basic idea of the system is truly frustrating.
Come on cPanel, please!
In the interim, if anybody has a workaround that *truly* is functional since the introduction of the extra pre-validation, please do share.
Best regards,
LBJ
There's been a feature request outstanding for 5 years about this, which is unfortunately all too common for cPanel's handling of feature requests...
https://features.cpanel.net/topic/dkim-support-for-custom-selector
The current validation process for DKIM before signing outgoing email (added in v78 I believe) has exacerbated the problem, since even kludgy workarounds directly via exim.conf are now ineffective.
Previously, overriding the "dkim_selector = default" statement was enough to solve the issue, but now a full validation is performed with a DNS lookup before signing is allowed. Even if the dkim_selector value is changed within exim.conf, the validation is still performed against default._domainkey in the authoritative DNS zone no matter what value is set for dkim_selector in exim.conf.
We have many clients who send via our servers and also via external cPanel based servers. Both ourselves and the external services are limited by cPanel's implementation to use only the "default" selector.
To allow DKIM signing by ourselves and the external services, separately named DKIM selectors are required. It's obviously not possible to create two default._domainkey records in the one zone.
The need for DKIM selector naming is explained very well in the "What is a DKIM selector" section of...
http://www.dkim.org/info/dkim-faq.html
This feature request is not a luxury item by any means. It's a basic feature of DKIM itself. The fact that cPanel still doesn't comply with the basic idea of the system is truly frustrating.
Come on cPanel, please!
In the interim, if anybody has a workaround that *truly* is functional since the introduction of the extra pre-validation, please do share.
Best regards,
LBJ