Maintain dkim configuration after disable domain

Discussion in 'General' started by Leandro Helou, May 12, 2020.

  1. Leandro Helou

    Leandro Helou New Member

    Hello all!
    First of all, sorry for my english. I've been hanging around with a problem that I can't solve

    I have a server (SERVER1) with ISPCONFIG3.1 for my domain on which I have DKIM and DMARC working correctly.
    Then I have another server (SERVER2) also with ISPCONFIG3.1 with some apps that send emails with the domain.

    Is there any chance to configure DKIM in SERVER2 for

    I tried to create the domain from the panel and enable DKIM (which works perfect) but then I have the problem that the mails sent from SERVER2 do not reach the correct mailserver since it believes that the domain is local.

    When disabling the domain from the ISPCONFIG panel, the DKIM configuration is lost.

    Maybe some way to keep DKIM settings even if domain is disabled from dashboard?

    Thanks in advance.

  2. Jesse Norell

    Jesse Norell ISPConfig Developer Staff Member ISPConfig Developer

    Not with the ISPConfig interface.

    Just to clarify,SERVER1 and SERVER2 are each a standalone ISPConfig install, not members of the same (multi-server) installation?

    A quick solution would seem to be just have the apps send through SERVER1 via smtp; enable authentication for them and you'll have the additional advantage of authenticated sender headers, which provides better mail delivery through spam scanners.

    If there's really a need to do what you're trying, setup on SERVER2 with dkim as you have done, then make a copy of /var/lib/amavis/dkim/ and /var/lib/amavis/dkim/ and copy the DNS-Record shown in the Email domain section. If you check you'll find:
    # grep /etc/amavis/conf.d/60-dkim
    dkim_key('', 'default', '/var/lib/amavis/dkim/');
    Note that 'default' is the dkim selector, and matches the subdomain name in your DNS-Record - that will have to be different for SERVER1 and SERVER2.

    Now delete the email domain on SERVER2 again, and restore /var/lib/amavis/dkim/ and /var/lib/amavis/dkim/ from your copies. Add a dkim_key entry to /etc/amavis/conf.d/99-local (or some other conf.d file - do NOT put it back in the 60-dkim file), changing the 'default' selector to 'server2' or something. Restart amavis.

    Now go to SERVER1 and add a new DKIM record in DNS matching the 'server2' selector above. You can not use the DKIM button for this, add a TXT record as admin (or there is a workaround in to accomplish this as a user, but it's simpler as admin) with 'server2._domainkey' as the subdomain name, and the 'v=DKIM1; t=s; p=....." as the value.

    Then test it out... and hope you are actually running amavis, not rspamd. :)
    Last edited: May 12, 2020
  3. Leandro Helou

    Leandro Helou New Member

    Yes!, forgot to mention that, all both are standalone servers.

    I'm going to try this, it's something similar to what I had already tried, only I had not added the dkim_key in 99-local.

    Thank you so much for your time, Jesse!

Share This Page