Leigh.Jackson

Member
Oct 22, 2019
5
0
1
UK
cPanel Access Level
Reseller Owner
I am hosting sites through Cpanel at example.com. The URLs are all hidden behind URLs hosted by another provider with parked domains and Cname and A record redirects, from example2.com.

When I send emails from within the website I send as if I am [email protected], but the header is showing as from [email protected].

I need to create a DKIM TXT record to provide to the other host to add to their DNS to say I am authorised to send from @example.com.

How can I do this, I can only seem to generate for each of the parked domains, but I want to generate at the root (i.e not at site1.example2.com parked domain, but at example2.com).

Is this even possible in Cpanel or WHM?
 

cPanelLauren

Product Owner
Staff member
Nov 14, 2017
13,296
1,252
313
Houston
Hi @Leigh.Jackson


Is example.com hosted on the cPanel server? If so you should be able to go to cPanel>>Email>>Email Deliverability -> Manage (next to the domain) and generate the DKIM from that interface
 

Leigh.Jackson

Member
Oct 22, 2019
5
0
1
UK
cPanel Access Level
Reseller Owner
example.com is on the CPanel server, but example2.com is not.

I have had my provider generate the DKIM which they have done and I have uploaded to the DNS server, but we now cant find where to change email deliverability to use a different DKIM selector than the default (which is bad DKIM practice anyway)
 

cPanelLauren

Product Owner
Staff member
Nov 14, 2017
13,296
1,252
313
Houston
example.com is on the CPanel server, but example2.com is not.

I have had my provider generate the DKIM which they have done and I have uploaded to the DNS server, but we now cant find where to change email deliverability to use a different DKIM selector than the default (which is bad DKIM practice anyway)
The autogenerated DKIM signature within cPanel will only generate a dkim with the default selector. If your cPanel server is not the authoritative nameserver (i.e., DNS is not hosted there) you wouldn't be able to use the auto generator present in Email Deliverability. You can manually add the DKIM with whichever selector you've chosen at /var/cpanel/domain_keys/
 

Leigh.Jackson

Member
Oct 22, 2019
5
0
1
UK
cPanel Access Level
Reseller Owner
We have manually added the DKIM and selector, but it is still send emails with the default selector. In the email header the from domain is successfully showing as example2.com. But the DKIM is not showing correctly, s is still default as below (partially removed for security reasons). How do we make cpanel use the correct selector? We can not change to default as this is not DMARC compliant and the DNS server is used for multiple sending servers so each must be unique.

v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed;
d=example.com; s=default; h=Date:Message-Id:From:Subject:To:Sender:
Reply-To:Cc:MIME-Version:Content-Type:Content-Transfer-Encoding:Content-ID:
Content-Description:Resent-Date:Resent-From:Resent-Sender:Resent-To:Resent-Cc
:Resent-Message-ID:In-Reply-To:References:List-Id:List-Help:List-Unsubscribe:
List-Subscribe:List-Post:List-Owner:List-Archive;
 

cPanelLauren

Product Owner
Staff member
Nov 14, 2017
13,296
1,252
313
Houston
Hello,


I'm curious why you believe that default is not dmarc compliant? The only specification for DKIM with DMARC I'm aware of is the following in the adkim= section:

“adkim=” This sets the DKIM alignment. It can either be set to “s” for strict or “r” for relaxed. Strict means the DKIM portion of DMARC authentication will only pass if the d= field in the DKIM signature EXACTLY matches the from domain. If it is set to relaxed, messages will pass the DKIM portion of the DMARC authentication if the DKIM d= field matches the root domain of the from address.
When you run the following which DKIM signature do you get back? The custom selector or the default?

Code:
dig txt default._domainkey.domain.tld
dig txt yourselector._domainkey.domain.tld
 

Leigh.Jackson

Member
Oct 22, 2019
5
0
1
UK
cPanel Access Level
Reseller Owner
For the first command
; <<>> DiG 9.11.4-P2-RedHat-9.11.4-9.P2.el7 <<>> txt default._domainkey.example.tld
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 20589
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;default._domainkey.example.tld. IN TXT

;; AUTHORITY SECTION:
. 3600 IN SOA a.root-servers.net. nstld.verisign-grs.com. 2019103100 1800 900 604800 86400

;; Query time: 139 msec
;; SERVER: XX.XXX.XXX.XXX#53(XX.XXX.XXX.XXX)
;; WHEN: Thu Oct 31 12:41:57 GMT 2019
;; MSG SIZE rcvd: 140

For the second command
; <<>> DiG 9.11.4-P2-RedHat-9.11.4-9.P2.el7 <<>> txt myseletor._domainkey.example2.tld
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 40741
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;myselector._domainkey.cbre.tld. IN TXT

;; AUTHORITY SECTION:
. 3600 IN SOA a.root-servers.net. nstld.verisign-grs.com. 2019103100 1800 900 604800 86400

;; Query time: 46 msec
;; SERVER: XX.XXX.XXX.XXX#53(XX.XXX.XXX.XXX)
;; WHEN: Thu Oct 31 12:43:32 GMT 2019
;; MSG SIZE rcvd: 135