The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

How to do a graceful DKIM key rollover?

Discussion in 'E-mail Discussions' started by davidsev, Oct 27, 2011.

  1. davidsev

    davidsev Registered

    Joined:
    Oct 11, 2008
    Messages:
    1
    Likes Received:
    0
    Trophy Points:
    1
    Hi.

    I'm about to move a site from one VPS to a better one, and both are running cPanel.

    One of the things I'm not sure about is DKIM, I've looked around and there doesn't seem to be any guidance on how to do this with cPanel. As I see it I have two options, copy the current keys or make new keys.

    If I copy the current keys, can I just click enable, copy /var/cpanel/domain_keys over, and then fix the DNS? Will that break anything / is there anything else I'd need to do?

    If I let cPanel make new keys, how do I change the selector? If I change the exim config will it just get nuked next time something changes? cPanels support of DKIM seems to be some what lacking in options and configurability.

    Sorry if this has been covered before, I searched google and these forums and didn't find much beyond basic setup instructions.
     
  2. cPanelTristan

    cPanelTristan Quality Assurance Analyst
    Staff Member

    Joined:
    Oct 2, 2010
    Messages:
    7,623
    Likes Received:
    21
    Trophy Points:
    38
    Location:
    somewhere over the rainbow
    cPanel Access Level:
    Root Administrator
    Just to clarify, you are talking about domainkeys or DKIM? They are not the same protocols and EDGE (11.31) supports DKIM right now, while all production tiers on 11.30 support domainkeys. As such, which are you actually using, domainkeys or DKIM?

    If you are going to use the WHM > transfers area from an 11.30 to another 11.30 machine, it should copy over the settings you already have for the zones and keep the existing domainkeys. If that isn't the case, that would be considered an issue and require a bug report (http://go.cpanel.net/bugs).
     
  3. cPanelKenneth

    cPanelKenneth cPanel Development
    Staff Member

    Joined:
    Apr 7, 2006
    Messages:
    4,461
    Likes Received:
    22
    Trophy Points:
    38
    cPanel Access Level:
    Root Administrator
    For both DKIM and DomainKeys, you should retain the existing keys rather than generate new ones. If you generate new ones that immediately invalidates any signed mail in transit. There are likely other problems that could occur if you generate new keys.
     
Loading...

Share This Page