Author Topic: How to setup DKIM for domain using remote DNS servers  (Read 4114 times)

0 Members and 1 Guest are viewing this topic.

Offline
**
How to setup DKIM for domain using remote DNS servers
« on: April 19, 2022, 01:17:07 PM »
Hi

I have a domain using email services only from my server.

Domain DNS and hosting is in GoDaddy

When I try to add DKIM to this domain using DKIM manager, I get a success message.

But I dont know what record to add in DNS? If I check the local DNS record for that domain, I dont see any DKIM record added.

Please help

Offline
****
Re: How to setup DKIM for domain using remote DNS servers
« Reply #1 on: April 19, 2022, 08:09:28 PM »
You need to copy the records over to godaddy, who hosts your actual DNS.   You should create the TXT records for SPF, DKIM and any other  pertinent records, and give them the same values as the ones on your CWP server.
Google Hangouts:  rcschaff82@gmail.com

Offline
**
Re: How to setup DKIM for domain using remote DNS servers
« Reply #2 on: April 20, 2022, 05:39:03 AM »
Thank you. But where will be the record data to copy from? Particularly DKIM

You need to copy the records over to godaddy, who hosts your actual DNS.   You should create the TXT records for SPF, DKIM and any other  pertinent records, and give them the same values as the ones on your CWP server.

Offline
****
Re: How to setup DKIM for domain using remote DNS servers
« Reply #3 on: April 21, 2022, 12:11:51 AM »
admin/index.php?module=dns_list_zones

Find the domain you want the records for, then click edit recoreds.

For DKIm, you are looking for the record "default._domainkey"
Google Hangouts:  rcschaff82@gmail.com

Offline
*
Re: How to setup DKIM for domain using remote DNS servers
« Reply #4 on: April 26, 2022, 05:51:20 AM »
Hi  rcschaff82@gmail.com,

It seems that you are the guru here and I have some issues with DKIM validation.
Would you be so kind to advise what should I do? Thank you in advance.

I have two errors.
Here is the first one:

96
of 100
MailGenius Score

We've found 2 thing(s) you can do to avoid landing in the spam folder and increase security.

However, there are several other factors that go into deliverability such as domain reputation, list hygiene etc., which play a large role when inboxing. You can be authenticated and follow best practices, but if recipients mark your emails as spam, they'll be classified as spam.
Test Failed - Your DKIM key has errors.

Severity of the problem: High
Why is this important?

Publishing a DKIM key will will reduce the likelihood of your messages being blocked or ending up in the spam folder. It will also prevent spoofing by adding a digital signature to your email headers.
Problems you can fix:
(-2 points) Your email is not properly authenticated with DKIM.
Solution:
Update your DNS records with the correct public DKIM key.
The public key, represented by the p= tag, on your DKIM DNS record is unverified or revoked.

Existing DKIM Signature Header:

    Version: 1
    Domain: roinro.com
    Algorithm: rsa-sha256
    Algorithm_type: relaxed/simple
    Selector: default


Existing DNS Records:

    default._domainkey.roinro.com. 300 IN TXT v=DKIM1; k=rsa; d=roinro.com; p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCw9S+PJ4CBpLq7zwX8EEFc9LYk0cUn2rXkHlWuVX5HuzeUxIOOZolbZelK08OQUudcXX5W3Sd8titOKEQJ+EEqaMqFlirdN2xBv5KJDPqxqBhjXM4vH08/klnRxT/69NHg2DrWTSXNLb6D1MVojyfCiWSGbOu56uhz9zIoSeslLwIDAQAB

(-1 points) The DKIM signature is not from the author's or envelope-from domain.
Solution:
Generate the domain key for your domain and publish a DKIM key from the tool that you used to send this email. Make sure that DKIM signing is turned on for your domain through your Email Service Provider.

Existing DKIM Signature Header:

    Version: 1
    Domain: roinro.com
    Algorithm: rsa-sha256
    Algorithm_type: relaxed/simple
    Selector: default


Existing DNS Records:

    default._domainkey.roinro.com. 300 IN TXT v=DKIM1; k=rsa; d=roinro.com; p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCw9S+PJ4CBpLq7zwX8EEFc9LYk0cUn2rXkHlWuVX5HuzeUxIOOZolbZelK08OQUudcXX5W3Sd8titOKEQJ+EEqaMqFlirdN2xBv5KJDPqxqBhjXM4vH08/klnRxT/69NHg2DrWTSXNLb6D1MVojyfCiWSGbOu56uhz9zIoSeslLwIDAQAB



NOTE: It may be signed with your Email Service Provider's default DKIM domain key instead.
Passing Tests:
Existing DKIM Signature
The email is signed with DKIM, whether or not it is a valid signature.

Here it is the second one:

Could be Better - Your email is missing the List-Unsubscribe header.

Severity of the problem: Low
Why is this important?

Spam complaints are the #1 factor that will hurt your email deliverability. Including an easy unsubscribe mechanism effectively helps prevent these spam complaints. Email Service Providers and spam filters also view it favorably when they make inboxing decisions.
Problems you can fix:
(-1 points) There is no List-Unsubscribe header.
Solution:
Using an email tool that allows you to alter email headers, add the List-Unsubscribe header with the appropriate mailto and/or link for receivers to unsubscribe with.

Many thanks.

Steve



Offline
**
Re: How to setup DKIM for domain using remote DNS servers
« Reply #5 on: April 27, 2022, 11:14:25 AM »
admin/index.php?module=dns_list_zones

Find the domain you want the records for, then click edit recoreds.

For DKIm, you are looking for the record "default._domainkey"

I think I was not clear in my question. I will post my question as well as the solution for the benefit of others.

In CWP, there is a bug or an issue.

When I go to DKIM Manager and add DKIM to a domain or all domains, I get a success message

https://freeimage.host/i/VsUFWX

When I see the DNS records of that domain, we will not find default._domainkey

https://ibb.co/3F9Q0Db

Solution

Go to admin/codeEditor.php?filename=/etc/opendkim/userkeys/yourdomain.com/default.txt

You will find text like this

Quote
default._domainkey   IN   TXT   ( "v=DKIM1; k=rsa; "
     "p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDUVp1DFRbVNGXrPDxosl5Verdq6BP/bfXTrlSgOP18jhtlGXbni4o3GOFAG8UTYaz+lol0A5fFAjmgROj3ZJ4bj480UzKa4Ez/NQB76jN6zY3TsW+JH4EPGXae3pJiKGAHJa+gIksQdQ/CioLL27+D0K/CTfyYAGyQS56rkyctFQIDAQAB" )  ;

Use this data to create the DNS record.

I was expecting cwp to create this record automatically. May be a bug which will get fixed in next releases.
« Last Edit: April 27, 2022, 11:17:08 AM by anandmys »