The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Domainkeys to DKIM - possible? how to?

Discussion in 'E-mail Discussions' started by morrow95, Apr 21, 2011.

  1. morrow95

    morrow95 Well-Known Member

    Joined:
    Oct 8, 2006
    Messages:
    83
    Likes Received:
    0
    Trophy Points:
    6
    I currently have spf and domain keys enabled for all my site accounts and would like to 'upgrade' to DKIM. From what I have found this is not supported directly by cpanel/whm.

    I have found information about something called dkimproxy and have also noticed I have a Mail::DKIM module installed on my server. So, what is the easiest route to go without having issues and without any automated upgrades wiping away my changes?

    Do I install DKIM alongside of domainkeys or do I replace it with? It seems as though if I have DKIM installed then domain keys will pass/not be needed sort of like how spf will also pass for sender id.

    If anyone could point me to some good info I would appreciate it. I have searched and searched, but have yet to find the best and/or clear way of how to go about it.

    For the record I have about 50 some sites between a few ips all of which use my main server ip though for spf validation...
     
  2. jdfalk

    jdfalk Member

    Joined:
    Jan 5, 2010
    Messages:
    7
    Likes Received:
    0
    Trophy Points:
    1
    Location:
    Denver, Colorado
    There's really no good reason to sign with DomainKeys anymore -- hasn't been for years. DKIM is the replacement, and all domain authentication work is being done with DKIM now.

    The most common implementation is OpenDKIM. Googling around a bit, I found these instructions for using OpenDKIM with cPanel: http://techinterplay.com/enabled-dkim-cpanel-server.html.
     
  3. morrow95

    morrow95 Well-Known Member

    Joined:
    Oct 8, 2006
    Messages:
    83
    Likes Received:
    0
    Trophy Points:
    6
    thanks for the reply...

    I actually have that page bookmarked from when I was searching the net about this. The problem lies in ...

    1 - It doesn't show how to do this for multiple sites? In other words, can I just use a comma list for dkim_domain=your_domain_name.com for all my domains? One person listed using dkim_domain=$sender_address_domain instead for multiple...?

    2 - mail._domainkey.rosesource.com.? I'm guessing .rosesource.com isn't needed when adding to the dns?

    3 - Can I keep my domain keys setup or do I need to remove domain keys for all the domains?

    4 - Does it get removed when there are automatic updates?
     
  4. morrow95

    morrow95 Well-Known Member

    Joined:
    Oct 8, 2006
    Messages:
    83
    Likes Received:
    0
    Trophy Points:
    6
    Well, after removing domain keys from the sites I followed the instructions given in the earlier post. Everything went smooth, restarted exim and named, then sent out a test email. No signature. I sent to test emails as well as my own gmail account - nothing - gmail puts it right into the spam folder.

    I first used dkim_domain=$sender_address_domain in exim as I have multiple domains... I then changed this to a specific site and neither did the trick.

    Is there something I'm missing here or does anyone have any suggestions? Really need to get this up and working!
     
  5. morrow95

    morrow95 Well-Known Member

    Joined:
    Oct 8, 2006
    Messages:
    83
    Likes Received:
    0
    Trophy Points:
    6
    well now it is sending the signature... perhaps dns needed a few moments... but now when sending a test email I get :

    result = fail
    Details: body has been altered

    Anyone?
     
  6. cPanelTristan

    cPanelTristan Quality Assurance Analyst
    Staff Member

    Joined:
    Oct 2, 2010
    Messages:
    7,623
    Likes Received:
    21
    Trophy Points:
    38
    Location:
    somewhere over the rainbow
    cPanel Access Level:
    Root Administrator
    Where are you sending it to be tested where it is showing this failure result?
     
  7. morrow95

    morrow95 Well-Known Member

    Joined:
    Oct 8, 2006
    Messages:
    83
    Likes Received:
    0
    Trophy Points:
    6
  8. morrow95

    morrow95 Well-Known Member

    Joined:
    Oct 8, 2006
    Messages:
    83
    Likes Received:
    0
    Trophy Points:
    6
    For whatever reason it appears to be working now... just tried sending to my gmail account in both plain text and html and it works... and tried the again test on that website and it works too...

    weird... whatever was happening it works now and I'm happy with that! Hope others can find the install listed below helpful!
     
  9. morrow95

    morrow95 Well-Known Member

    Joined:
    Oct 8, 2006
    Messages:
    83
    Likes Received:
    0
    Trophy Points:
    6
    Well, I added the dns stuff to the rest of my sites... I have been testing them by sending email to a gmail account of mine. For whatever reason only one account goes into my gmail inbox... the rest of my sites go directly to gmails spam folder.

    I viewed the original source of one of the emails and it appears to pass fine and looks exactly like the one which works correctly... I can't figure this one out... here is a snippet from an email that goes to gmails spam folder :

    Received-SPF: pass (google.com: domain of support@mysite.com designates xx.xxx.xxx.xxx as permitted sender) client-ip=xx.xxx.xxx.xxx;
    Authentication-Results: mx.google.com; spf=pass (google.com: domain of support@mysite.com designates xx.xxx.xxx.xxx as permitted sender) smtp.mail=support@mysite.com; dkim=pass header.i=@mysite.com
    DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
    d=mysite.com; s=mail; h=Message-ID:Date:From:MIME-Version:
    To:Subject:Content-Type:Content-Transfer-Encoding; bh=(the key goes here)

    Everything looks exactly the same as the one which goes to the inbox minus the fact the domain is different... why the heck is this going to the spam folder in gmail!?
     
  10. cPanelTristan

    cPanelTristan Quality Assurance Analyst
    Staff Member

    Joined:
    Oct 2, 2010
    Messages:
    7,623
    Likes Received:
    21
    Trophy Points:
    38
    Location:
    somewhere over the rainbow
    cPanel Access Level:
    Root Administrator
    At this point, you'll have to ask gmail why they are doing this for the other domain:

    https://mail.google.com/support/bin/answer.py?answer=17205

    Gmail is the only source that can explain why they are filtering the domain in that manner, especially since they are passing the other domain from the same machine and not this one.
     
  11. jdfalk

    jdfalk Member

    Joined:
    Jan 5, 2010
    Messages:
    7
    Likes Received:
    0
    Trophy Points:
    1
    Location:
    Denver, Colorado
    DKIM isn't a free pass past the spam filters (and it was never intended to be.) Google still looks at other features of the message, and other sending practices. What a DKIM signature does do is give Google (and other mailbox providers who verify DKIM) a reliable identifier, the d= string, to use when calculating reputation or other sending characteristics.

    Over time, Google's system will see that messages with that d= string are not reported as spam by Gmail users, so they'll get placed in the inbox instead.

    A couple of good articles on domain reputation:

    Searching for Truth in DKIM, part 3 of 5
    Domain Reputation: What It Means for Email Senders
     
  12. k-planethost

    k-planethost Well-Known Member

    Joined:
    Sep 22, 2009
    Messages:
    199
    Likes Received:
    4
    Trophy Points:
    18
    Location:
    Athens Greece
    google is the best free mailserver even if the ip is blacklisted they send the emails.
    also if the domain keys and spf are disabled for a domain they dont blacklist the ip
    contact gmail for this issue
    yahoo is useless in this case
    when cPanel/WHM rebuilds exim, the edits to the exim.conf may be wiped out. You will want to create a backup copy of your edited exim.conf. Then you can create a script (bash/perl/etc) at /scripts/postupcp to copy your custom config back after a cPanel upcp is run.
    or You can try setting up attributes (chattr +iA /etc/exim.conf) to avoid the configured from wiping out in the next rebuild.
    or wait until cpanel implement dkim on following versions
     
  13. vanessa

    vanessa Well-Known Member
    PartnerNOC

    Joined:
    Sep 26, 2006
    Messages:
    817
    Likes Received:
    22
    Trophy Points:
    18
    Location:
    Virginia Beach, VA
    cPanel Access Level:
    DataCenter Provider
    I've just written an updated tutorial on enabling DKIM on a server with multiple domains:

    Using DKIM with Exim and cPanel :: The cPanel Admin

    Cpanel developers said that this should be in 11.32, but the above workaround implements dkim flawlessly and can be used until this support is introduced into cPanel.
     
Loading...

Share This Page