How to create multiple dkim records for 1 domain in Ispconfig?

Discussion in 'General' started by PatFoo, Apr 19, 2024.

  1. PatFoo

    PatFoo New Member

    I've spent the better part of the day looking through the forums (and google) and trying the suggestions I have found without success.
    Is it possible to create multiple dkim records for 1 domain within Ispconfig?
    And if yes, how?
    My ultimate goal is to mimic what Mailchimp is doing as pictured below so my customer
    can use their own [email protected] when sending from my email server.
    I appreciate any suggestions.
    Thanks in advance,
  2. till

    till Super Moderator Staff Member ISPConfig Developer

    What you posted above are CNAME records and not DKIM records. CNAME records are basically records that point a specific subdomain to another record or zone. To create a CNAME record, click on the CNAME icon of the DNS zone.
    ahrasis likes this.
  3. PatFoo

    PatFoo New Member

    Greetings Till,
    The CNAME image I posted above is an example of how Mailchimp directs customers to their DKIM records.
    By sharing a CNAME that points to a DKIM record.

    Maybe this forum thread would be helpful to understand what I am hoping to achieve

    I have read that it is possible to have multiple DKIM records with different Selectors for the same mail domain, but as far as I can tell you can only create 1 DKIM pair using the IspConfig control panel.

    My question remains the same...

    Is it possible to create (or use) multiple DKIM key pairs within IspConfig for a single domain?

    If yes, how can it be done?

    I have tried creating/generating new DKIM pairs using a different DKIM-Selector, but the new pair and selector just replaces the original pair (which is what it is supposed to do) - it does not add a 2nd key pair with the new selector.

    Thanks in advance for your time,

  4. till

    till Super Moderator Staff Member ISPConfig Developer

    This is about creating CNAME records for TXT records; I answered that already in post #2. Such a setup is used to hand out just one specific name for the key so you can exchange it in the background or if external mailservices like mailchimp or others sign your mail. So if you want to achieve what's explained in that proxmox post, you will find the answer in my post #2 about creating a cname record.

    No, as Rspamd and Amavis will sign your emails with exactly one private key for each domain. But you can have multiple DNS TXT records for DKIM, e.g. when you want to allow other mail services to sign your mail as well (and in case these other services do not provide a dkim record that you can refer to using cnames, see post #2) To add another selector with its pub key, go to the DNS zone, click on the TXT button to add a new TXT records, set hostname to e.g.:


    and the txt field to e.g.:

    v=DKIM1; t=s; p=MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqaBVhhHolYxVOl3................

    But be careful to not create new DKIM keys for amavis/rspamd in the email domain, as this will remove records for external services at the moment:
    Last edited: Apr 20, 2024
    ahrasis and PatFoo like this.
  5. till

    till Super Moderator Staff Member ISPConfig Developer

    Btw, that's what customers always get by default when using an ISPConfig server for email sending. DKIM keys are always exclusively for the customer domain, there is no general key used for multiple domains or the whole server, you do not need any additional keys nor CNAME records for that. Just create customerdomain.tld as mail domain, save it, go back and create the DKIM key pair under the customer domain. Then create a new mailbox [email protected]. The customer then uses username [email protected] and the password of this mailbox in his email sending application to send emails. The emails are then send under his domain and signed with the DKIM key of his domain.
    ahrasis likes this.
  6. PatFoo

    PatFoo New Member

    Thank you.

Share This Page