Hi, i've just tested DKIM with ISPConfig and created the DKIM with the mail domain form. However the interface accepts the DKIM even if the "DKIM Selctors" field is empty. This results in a .err zone as the entry gets created as "._domainkey.domain.tld" which is invalid. The section in mail_domain.tform.php: Code: 'dkim_selector' => array ( 'datatype' => 'VARCHAR', 'formtype' => 'TEXT', 'default' => 'default', 'value' => 'default', 'width' => '20', 'maxlength' => '63', 'validators' => array ( 0 => array ( 'type' => 'REGEX', 'regex' => '/^[a-z0-9]{0,63}$/', 'errmsg'=> 'dkim_selector_error'), ), ), Shouldn't the regex be "/^[a-z0-9]{1,63}$/" to match at least 1 character or number?
Good catch! That kind of selector shouldn't be possible. If I recall correctly then leading digits are also not allowed in the selector which would be possible with this regex as well, as well as dots are actually allowed but also not usable.
So we may should do it like this: Code: ^[a-z][a-z0-9]{1,63}$ it has to begin with a letter after that it can be digits and letters and it must be between 1 and 63 characters I'll create a issues and a merge request for it then MR: https://git.ispconfig.org/ispconfig/ispconfig3/-/merge_requests/1692
I've decided to go with this, to be as much compliant with the RFCs listed above as possible: Code: 'regex' => '/^(?=.*[a-z])[a-z0-9]{1,63}$/', The selector can start with a number but must at least contain a letter and has to be between 1 and 63 characters long. This should work in most cases. Thoughts and ideas are welcome. If there is an obscure case that does not work with this please let me know. Note: This does not support "-" signs, but i've never saw one in the wild that uses one within a selector either.