DKIM strength when set to "strong (4096)" in the Server Config > Mail section generates false DKIM key records. I noticed them failing at the receiving end (google, outlook etc.). Set it back to 2048 and all was fine. When I checked the 4096 key on http://dkimcore.org/c/keycheck at the bottom with Check a DKIM Core Key Record I got this: Running this on the latest git-stable ISPConfig Version: 3.1dev on up to date Ubuntu 16.04 server.
I just tested this and i get valid dkim-records and dns-records with 4096 byte. You can run amavisd-new showkeys and compare the output with the public-key in your dns. And please check, that the field type of the data column in the dns_rr table in your database is TEXT
Indeed it does not show the same key when I do 'amavisd-new showkeys' for a test domain. Why is that? I did already restart amavis, any other services that need to pick it up? I do see the correct data in the ISPC server config under the domain's DKIM settings, I have copy pasted the key from there to DNS (it's external for me), when I do # dig +short mail._domainkey.domain.nl txt I get the correct one from DNS. So I guess amavisd-new is the culprit. Any idea? And shouldn't ISPC reload the related services for DKIM keys when they're created anew?
OK, figured it out. I had /var/lib/amavis (and its subfolders) loaded in RAM (in a ramdisk). Apparently amavis or ispconfig does not like that. Not sure why, to be honest. It sped up the mail-handling by a lot, which is why I did that.
I've /var/lib/amavis/tmp on a ram-disk. Is there any reason why you store /var/lib/amavis on a ram-disk?
Just the fact that I have about 6 GB of very fast RAM doing nothing I put in it what I can, whatever gets read and written faster is OK. I like the difference in speed, and the fact it saves disk IO. I use this tool: https://github.com/graysky2/anything-sync-daemon rather than tmpfs because it auto-syncs.
Amavis uses tmp during a scan so there is no need to put the whole amavis into a ram-disk. Reallay 6GB? Did you receive mails with such a big size? I think 500MB is always enough.
I got a server with 8GB. The whole thing, with about ~20 domains with mail/sites on it, takes up only about 1.8 GB of that RAM still, even after I've tweaked it almost every place I could find to have it cache in memory more. Maybe because I only use nginx, no apache, but still, it's a waste to not have as much IO in RAM as possible. I expected linux to do better with that than it actually does when you ask it to, but it's just *not* using up the RAM. I already disabled swap, because even there it would still go take up some of it, even while I had it to 1 in sysctl.
I noted that in Ubuntu 17.04 and may be above, swap will be disabled by default and replace with file/directory.