Control Web Panel
WebPanel => E-Mail => DKIM => Topic started by: Vinayak on March 09, 2023, 04:59:12 PM
-
Any documentation or know how for implementing 2048 bit DKIM keys by default on Control Web Panel servers?
National Institute of Standards and Technology (NIST) recommends 2048 bit keys for DomainKeys Identified Mail (DKIM), so does a client of mine on a CWP VPS dedicated to this client only.
So is there a way to make 2048 bit DKIM keys installed by default on all accounts?
-
Have you looked at OpenDKIM?
https://www.linuxtechi.com/configure-domainkeys-with-postfix-on-centos-7/ (https://www.linuxtechi.com/configure-domainkeys-with-postfix-on-centos-7/)
-
My question is not about installing and configuring DKIM, my question is about how to implement 2048 bit DKIM keys by default on Control Web Panel servers.
-
The takeaway from that tutorial I linked to was to use opendkim-genkey with the -b bits option:
-b bits
(--bits=n) Specifies the size of the key, in bits, to be generated. The upstream
default is 1024 which is the value recommended by the DKIM specification, but in
Debian the default is 2048 based on more current recommendations such as those from
NIST 800-177.
So,
opendkim-genkey -b 2048
is what you are looking for...
-
When setting up an account/domain, what part/script of CWP handles generation and setting up of DKIM?
I would like CWP to automatically generate/implement 2048 bit DKIM keys by default.
Also is there a way to replace all existing 1024 bit records with 2048 bit DKIM keys?
-
Here's a shot in the dark, since I am sticking with the default 1024 for the time being.
/etc/opendkim.conf
MinimumKeyBits (integer)
Establishes a minimum key size for acceptable signatures. Signatures with smaller key sizes, even if they otherwise pass DKIM validation, will me marked as invalid. The default is 1024, which accepts all signatures. A value of 0 causes the default to be used.
-
So is there a way to make 2048 bit DKIM keys installed by default on all accounts?
I have try over Postfix Mail Manager and did'nt work.
So I had to edit dns settings on my Domain registar.
I am using PhPMailer for emails from my website, so I found the related answer here:
https://medium.com/@djaho/how-to-create-dkim-keys-and-use-them-with-phpmailer-a6003449c718 (https://medium.com/@djaho/how-to-create-dkim-keys-and-use-them-with-phpmailer-a6003449c718)
There is a section where You can find procedure and use it over SSH on your server (if you have access) to generate the DKIM 2048
There are the two command lines which you can use to generate a 2048 bit password protected private key file and a (non-password protected) public key file.