DKIM Support Added To Nodes Successfully - 11.28.52-RELEASE_50725


Active Member
Dec 24, 2010
Portland, Oregon
cPanel Access Level
Root Administrator

I'm usually helping people at WHT, but thought I would share this here as well.

I'm honestly not sure if this is old news by now, but I've been reading up here, especially This DKIM thread.

I've put together a workaround process to support DKIM signatures. It has worked in QA, and I just moved it to the production nodes today. I am running 11.28.52-RELEASE_50725.

Involves a bit of manual zone tweaking, a few unexpected tricks in cPanel "Email Authentication" and some tedious time spent in exim.conf, exim.conf.localopts and verifying your MAILHELO and /etc/mail_reverse_dns. The only downside is that you have to give up DomainKeys Signatures if you want support for DKIM.

2010-12-24 16:14:43 H=localhost.localdomain ( [] Warning: Sender rate 23.0 / 1h

2010-12-24 16:14:44 1PWHmV-0001L9-UI <= [email][email protected][/email] H=localhost.localdomain ( [] P=esmtpa A=dovecot_login:[email protected] S=1206 [email protected].com

[b]2010-12-24 16:14:44 1PWHmV-0001L9-UI Message signed with DKIM: DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;; s=default; h=Message-ID: Date: Subject:From:To: [/b]
        bh=Ikg14KprzypYlejwPLa35vaNVzy198CRaqAFEDIficw=; b=NNpIAwZgPcYrL

2010-12-24 16:14:44 1PWHmV-0001L9-UI => [email][email protected][/email] R=lookuphost T=remote_smtp []
2010-12-24 16:14:44 1PWHmV-0001L9-UI Completed

Thank you for using the verifier,

The Port25 Solutions, Inc. team

Summary of Results
SPF check:          pass
DomainKeys check:   neutral
DKIM check:         pass
Sender-ID check:    pass
SpamAssassin check: ham

DKIM check details:
Result:         pass (matches From: [email protected])
ID(s) verified:
Canonicalized Headers:
    message-id:<[email protected]m>'0D''0A'
    from:"N.W.'20'Technology'20'Group"'20'<[email protected]>'0D''0A'
    to:[email protected]'0D''0A'
    reply-to:[email protected]'0D''0A'
 [b]   dkim-signature:v=1;'20'a=rsa-sha256;'20'c=relaxed/relaxed;'20';'20's=default;'20'h=Message-ID:Date:Subject:From:To:'20'Reply-To:MIME-Version:Content-Type:Content-Transfer-Encoding;'20'bh=Ikg14KprzypYlejwPLa35vaNVzy198CRaqAFEDIficw=;'20'b=[/b]
Some adjustments to /etc/exim.conf:
  driver = smtp
  dkim_selector = default
  dkim_canon = relaxed
  dkim_private_key = /usr/local/cpanel/etc/exim/dkim.key
  dkim_domain =
  interface = ${if exists {/etc/mailips}{${lookup{$sender_address_domain}lsearch*{/etc/mailips}{$value}{}}}{}}
  helo_data = ${if exists {/etc/mailhelo}{${lookup{$sender_address_domain}lsearch*{/etc/mailhelo}{$value}{$primary_hostname}}}{$primary_hostname}}
I haven't had the time to go through ALL of the threads, so there may be a better workaround for this, I'm not sure. BUT, I'm now running this on three production environments, and Yahoo and the other freebies don't seem to be treating my clients' emails as SPAM anymore.

If this is of interest to anyone who would like to try it, just kick me an email. If this is of interest to enough people I will post a step-by-step. I am not employed by cPanel, I accept no responsibility for the outcome, yadda-yadda-yadda, so back up all your files before changing anything.

And, if this or something similar has been done already, great at least I was able to do it without any documentation or outside help. :)