Configuring DKIM and DMARC with Office 365

Hello.

Apologies if this has been answered somewhere already or if I'm missing something obvious.

I'm trying to configure DKIM and DMARC for an Office 365 customer of ours. ISPConfig doesn't seem to support using the DKIM template to create a CNAME DKIM, which is required for use with Office 365 DKIM signing. I can set it up manually as a CNAME but then I'm not allowed to setup a DMARC record manually as a TXT and using the DMARC preset fails to save as it doesn't detect the manually configure DKIM.

This ISPConfig isn't hosted by us, fyi.

Any advice would be great, thank you.

 

Just validated this and it seems right. If you use a CNAME record to point to your DKIM record the validation that ISPConfig is doing right now does not work.

The file in question is interface/web/dns/dns_dmarc_edit.php lines 229-236:

Code:

                // DMARC requieres at least one active dkim-record...
                $sql = "SELECT * FROM dns_rr
                                        LEFT JOIN dns_soa ON (dns_rr.zone=dns_soa.id)
                                        WHERE dns_soa.origin = ? AND dns_rr.name LIKE ? AND type='TXT' AND data like 'v=DKIM1;%' AND dns_rr.active='Y'";
                $temp = $app->db->queryAllRecords($sql, $soa['origin'], '%._domainkey%');
                if (empty($temp)) {
                        if (isset($app->tform->errorMessage )) $app->tform->errorMessage = '<br/>' . $app->tform->errorMessage;
                        $app->tform->errorMessage .= $app->tform->wordbook['dmarc_no_dkim_txt'].$email;
                }

 

Issue: https://git.ispconfig.org/ispconfig/ispconfig3/-/issues/6575
@till Any other idea than removing that one validation part entirely?

 

If i find a little time this week and my tests are successful I will open a MR to get this fixed soon. I guess it will cause a issue for me sooner or later too anyways

 

Thanks both

I'll keep an eye on the git.

 

FYI https://git.ispconfig.org/ispconfig/ispconfig3/-/merge_requests/1804