Domainkeys to DKIM - possible? how to?

morrow95

Well-Known Member
Oct 8, 2006
184
10
168
I currently have spf and domain keys enabled for all my site accounts and would like to 'upgrade' to DKIM. From what I have found this is not supported directly by cpanel/whm.

I have found information about something called dkimproxy and have also noticed I have a Mail::DKIM module installed on my server. So, what is the easiest route to go without having issues and without any automated upgrades wiping away my changes?

Do I install DKIM alongside of domainkeys or do I replace it with? It seems as though if I have DKIM installed then domain keys will pass/not be needed sort of like how spf will also pass for sender id.

If anyone could point me to some good info I would appreciate it. I have searched and searched, but have yet to find the best and/or clear way of how to go about it.

For the record I have about 50 some sites between a few ips all of which use my main server ip though for spf validation...
 

morrow95

Well-Known Member
Oct 8, 2006
184
10
168
thanks for the reply...

I actually have that page bookmarked from when I was searching the net about this. The problem lies in ...

1 - It doesn't show how to do this for multiple sites? In other words, can I just use a comma list for dkim_domain=your_domain_name.com for all my domains? One person listed using dkim_domain=$sender_address_domain instead for multiple...?

2 - mail._domainkey.rosesource.com.? I'm guessing .rosesource.com isn't needed when adding to the dns?

3 - Can I keep my domain keys setup or do I need to remove domain keys for all the domains?

4 - Does it get removed when there are automatic updates?
 

morrow95

Well-Known Member
Oct 8, 2006
184
10
168
Well, after removing domain keys from the sites I followed the instructions given in the earlier post. Everything went smooth, restarted exim and named, then sent out a test email. No signature. I sent to test emails as well as my own gmail account - nothing - gmail puts it right into the spam folder.

I first used dkim_domain=$sender_address_domain in exim as I have multiple domains... I then changed this to a specific site and neither did the trick.

Is there something I'm missing here or does anyone have any suggestions? Really need to get this up and working!
 

morrow95

Well-Known Member
Oct 8, 2006
184
10
168
well now it is sending the signature... perhaps dns needed a few moments... but now when sending a test email I get :

result = fail
Details: body has been altered

Anyone?
 

morrow95

Well-Known Member
Oct 8, 2006
184
10
168
For whatever reason it appears to be working now... just tried sending to my gmail account in both plain text and html and it works... and tried the again test on that website and it works too...

weird... whatever was happening it works now and I'm happy with that! Hope others can find the install listed below helpful!
 

morrow95

Well-Known Member
Oct 8, 2006
184
10
168
Well, I added the dns stuff to the rest of my sites... I have been testing them by sending email to a gmail account of mine. For whatever reason only one account goes into my gmail inbox... the rest of my sites go directly to gmails spam folder.

I viewed the original source of one of the emails and it appears to pass fine and looks exactly like the one which works correctly... I can't figure this one out... here is a snippet from an email that goes to gmails spam folder :

Received-SPF: pass (google.com: domain of [email protected] designates xx.xxx.xxx.xxx as permitted sender) client-ip=xx.xxx.xxx.xxx;
Authentication-Results: mx.google.com; spf=pass (google.com: domain of [email protected] designates xx.xxx.xxx.xxx as permitted sender) [email protected]; dkim=pass [email protected]
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
d=mysite.com; s=mail; h=Message-ID:Date:From:MIME-Version:
To:Subject:Content-Type:Content-Transfer-Encoding; bh=(the key goes here)

Everything looks exactly the same as the one which goes to the inbox minus the fact the domain is different... why the heck is this going to the spam folder in gmail!?
 

cPanelTristan

Quality Assurance Analyst
Staff member
Oct 2, 2010
7,607
42
348
somewhere over the rainbow
cPanel Access Level
Root Administrator
At this point, you'll have to ask gmail why they are doing this for the other domain:

https://mail.google.com/support/bin/answer.py?answer=17205

Gmail is the only source that can explain why they are filtering the domain in that manner, especially since they are passing the other domain from the same machine and not this one.
 

jdfalk

Member
Jan 5, 2010
7
0
51
Denver, Colorado
Everything looks exactly the same as the one which goes to the inbox minus the fact the domain is different... why the heck is this going to the spam folder in gmail!?
DKIM isn't a free pass past the spam filters (and it was never intended to be.) Google still looks at other features of the message, and other sending practices. What a DKIM signature does do is give Google (and other mailbox providers who verify DKIM) a reliable identifier, the d= string, to use when calculating reputation or other sending characteristics.

Over time, Google's system will see that messages with that d= string are not reported as spam by Gmail users, so they'll get placed in the inbox instead.

A couple of good articles on domain reputation:

Searching for Truth in DKIM, part 3 of 5
Domain Reputation: What It Means for Email Senders
 

k-planethost

Well-Known Member
Sep 22, 2009
199
11
68
Athens Greece
google is the best free mailserver even if the ip is blacklisted they send the emails.
also if the domain keys and spf are disabled for a domain they dont blacklist the ip
contact gmail for this issue
yahoo is useless in this case
when cPanel/WHM rebuilds exim, the edits to the exim.conf may be wiped out. You will want to create a backup copy of your edited exim.conf. Then you can create a script (bash/perl/etc) at /scripts/postupcp to copy your custom config back after a cPanel upcp is run.
or You can try setting up attributes (chattr +iA /etc/exim.conf) to avoid the configured from wiping out in the next rebuild.
or wait until cpanel implement dkim on following versions
 

vanessa

Well-Known Member
PartnerNOC
Sep 26, 2006
833
28
178
Virginia Beach, VA
cPanel Access Level
DataCenter Provider
I've just written an updated tutorial on enabling DKIM on a server with multiple domains:

Using DKIM with Exim and cPanel :: The cPanel Admin

Cpanel developers said that this should be in 11.32, but the above workaround implements dkim flawlessly and can be used until this support is introduced into cPanel.