Hi all,
Ok, I'd like to get dkim working on my email.
Followed the directions on https://www.virtualmin.com/documentation/email/dkim and got it set up ok.... and included all the additional domains I use for email, but it didn't work in testing.
After a bit of research.... it looks like I need to add the dkim key as a txt record on cloudflare since I use them for dns.
I tried to enter it on cloudflare like this:
the type input: txt the name imput: 2016._domainkey the content input:
"v=DKIM1; k=rsa; t=s; p=MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA7wKS3sPexcFy6" "ZrsIHS1ZAI/XqMwy1gGBFx8VHN//doC+IX7IgBFNJtfZH4Oiw5zVLbaPu///o52VwPF4R2kJwur3qfQ8" "rdHtnNHCJUUSspFWNIqmRVFcpXUP0K241o/sNdBPPOIJ6lhEJp583J+m1LwxPxJZcrxUCvXVgNfQb2n0" "mM1q5AD9zw3EZ7YOxPDuvHuUjR8s2paNT5gmOTms/m5HG4J9uIdOTKlZ40B8rByps2vHMeloeflKbSDq" "XrA0puTA2VmNHKPouLxA+qgHEZ2JUTko0pBhAnybrkVScSct2ztwKXi+lWUAQ9Cq7Ny/vHYUGzNXe6UH" "IzlCYPzIQIDAQAB"
I get an error from cloudflare saying:
"Invalid TXT record. Record may only contain printable ASCII"
so I took out the line breaks and it accepted it.
However, when I run some dkim checkers, there are problems, I get an 'unknown: DKIM1' on one, and a "p has to be defined" on another, so I figure that maybe I've got something wrong.
Just occurred to me... are each of those items in quotes additional domain names? Maybe I should just have one per domain for each domain's dns in clouldflare?
Or... looking at the headers in the emails I send, it looks like the "received from" is always my server's system hostname no matter what email address I'm sending from.
Do I just need a dkim for that one hostname?
And once I set that up on cloudflare, I leave dkim enabled, but turn off the dns in virtualmin since I have it on cloudflare, correct?
Or am I going in the wrong direction here? :)
Thanks for any help!
Chris
Ok, got this figured out - I had to take out all the line breaks and quotes and it worked :)
Next challenge....
I have two servers, one for web and the other for email.
I set dkim up on the email server, but it looks like the the 'check' is checking the web server (it's going to 'mydomain.com' for the check, the web server, I think, and doesn't find it, so it's tagged "invalid").
Sooo.... should I somehow point the dns for the domain key to the mail server, like this?
2016._domainkey.mydomain.com > mail server ip
or do that without the selector? (assuming the first dot would not be included)
domainkey.mydomain.com > mail server ip
Or am I going totally astray with that?
Oh.... rather than point, I just tried using the same public key made on the mail server on the site/dns for the webserver - that worked :)
So I guess the place to check for the private key match is embedded in the public key?
Chris