dkim selector in mail domain

Discussion in 'Developers' Forum' started by pyte, Feb 6, 2023.

  1. pyte

    pyte Well-Known Member HowtoForge Supporter

    Hi,
    i've just tested DKIM with ISPConfig and created the DKIM with the mail domain form. However the interface accepts the DKIM even if the "DKIM Selctors" field is empty. This results in a .err zone as the entry gets created as "._domainkey.domain.tld" which is invalid.

    The section in mail_domain.tform.php:
    Code:
    'dkim_selector' => array (
                'datatype'      => 'VARCHAR',
                'formtype'      => 'TEXT',
                'default'       => 'default',
                'value'         => 'default',
                'width'  => '20',
                'maxlength' => '63',
                'validators' => array (  0 => array (   'type' => 'REGEX',
                        'regex' => '/^[a-z0-9]{0,63}$/',
                        'errmsg'=> 'dkim_selector_error'),
                ),
            ),
    
    Shouldn't the regex be "/^[a-z0-9]{1,63}$/" to match at least 1 character or number?
     
  2. michelangelo

    michelangelo Active Member

    Good catch!

    That kind of selector shouldn't be possible.

    If I recall correctly then leading digits are also not allowed in the selector which would be possible with this regex as well, as well as dots are actually allowed but also not usable.
     
  3. pyte

    pyte Well-Known Member HowtoForge Supporter

    So we may should do it like this:
    Code:
    ^[a-z][a-z0-9]{1,63}$
    it has to begin with a letter after that it can be digits and letters and it must be between 1 and 63 characters

    I'll create a issues and a merge request for it then

    MR: https://git.ispconfig.org/ispconfig/ispconfig3/-/merge_requests/1692
     
    Last edited: Feb 6, 2023
    ahrasis, Th0m and till like this.
  4. pyte

    pyte Well-Known Member HowtoForge Supporter

    I will update this to follow the RFC. I couldn't find any other mentioning about it.

     
  5. pyte

    pyte Well-Known Member HowtoForge Supporter

    I've decided to go with this, to be as much compliant with the RFCs listed above as possible:
    Code:
    'regex' => '/^(?=.*[a-z])[a-z0-9]{1,63}$/',
    The selector can start with a number but must at least contain a letter and has to be between 1 and 63 characters long. This should work in most cases. Thoughts and ideas are welcome. If there is an obscure case that does not work with this please let me know.

    Note: This does not support "-" signs, but i've never saw one in the wild that uses one within a selector either.
     
    ahrasis likes this.

Share This Page