dkim multiple domain

virus

New Member
Mar 30, 2023
3
0
1
Hello, I have a Proxmox Mail Gateway in the latest version. Is it possible to set up DKIM for three domains such as test1.aaa.com, test2.aaa.com, and test3.aaa.com?
 
Can I set separate 2048-bit keys for the domains test.com and test1.test.com with only access to the Proxmox GUI and not the shell? Is it enough to generate keys using a DKIM key generator online and add them to the DNS? And if the key is long enough, how do I include it in the DNS?
 
Can I set separate 2048-bit keys
no currently each PMG cluster only uses one key for signing

no need for any generators (I would also recommend against using an external web-service to generate private keys) - just create the selector in the GUI - you can view the necessary DNS-record (in the format that opendkim also outputs) there as well
 
Proxmox doesn't have all the required details in their documentation for properly configuring DKIM signing. Here is how I got it configured and working correctly:
1. Create a new DKIM record for your primary domain here: https://easydmarc.com/tools/dkim-record-generator. You will be provided with a DNS record, public and private key. Keep this page open!
2. Be sure to create the DKIM record in your DNS for that domain using the appropriate selector
3. In Proxmox Mail Gateway, navigate to Configuration > Mail Proxy > DKIM
4. In the Settings area, click the Selector row and then the Edit button
5. Enter the name of the selector you just created in the record generator tool. Ex. relay (do not include the ._domainkey portion of the record!)
6. Choose a key size of 2048 and tick the Overwrite existing file
7. Click update
8. Now SSH to the master Proxmox host
9. Change to /etc/pmg/dkim folder
10. Edit the file named relay.private (the file will be named in the format [selector].private
11. Empty the file and paste the private key into provided in step 1 into the file and save the changes
12. The file only needs permissions of 0600
13. DO NOT change this file unless you generate a new DKIM record!!!!
14. Add the SAME DKIM record to each domain that for which you want the gateway to sign outbound messages. This key will have the same selector name and same content for every domain that your gateway signs!
15. Once you save the private key, it will get replicated to other hosts in the cluster.
16. Now your outbound relayed domains will be DKIM signed and will validate so long as the DKIM records exist in DNS for the domain.

If you change the DKIM record on your main domain, you will need to change the record on EVERY domain that your gateway is signing to match.

Also make sure you SPF records are correct so DKIM is used correctly.
 
  • Like
Reactions: hilocz and MaddinK
BIG BIG Thanks to jnitterauer....


with this HowTo, I was finally able to configure DKIM in minutes, after struggling for hours before!!
As he wrote, the official doc is really lacking the details.
The screenshot shows empty fields, so you can not learn anything from them.... no example provided.....terrible.
 

About

The Proxmox community has been around for many years and offers help and support for Proxmox VE, Proxmox Backup Server, and Proxmox Mail Gateway.
We think our community is one of the best thanks to people like you!

Get your subscription!

The Proxmox team works very hard to make sure you are running the best software and getting stable updates and security enhancements, as well as quick enterprise support. Tens of thousands of happy customers have a Proxmox subscription. Get yours easily in our online shop.

Buy now!