[SOLVED] DKIM own Key.

itNGO

itNGO

Renowned Member
Proxmox Subscriber
Jun 12, 2020
980
289
88
46
Germany
it-ngo.com
Is it possible to override the DKIM-Record/Key?
We are switching from another Mailgateway and want to keep DNS-Settings the same.
Reuse the already existing DKIM-Key. Is this possible? Or do we have to change all 300 DNS-DKIM-TXT-Records?
 
currently the DKIM implementation of PMG uses one key for all domains and e-mail.

if all your 300 domains are using the same DKIM key it should be possible to convert it in a way that PMG can use it.
If you have different keys for the domains you will need to adapt the dns records.

I hope this helps!
 
  • Like
Reactions: itNGO
I was looking before implementing DKIM how to solve this on DNS side and I have done this:

We do not directly set a DKIM on domains we use CNAME that points to our DKIM record on our domain.

Example dns records on our company root domain:
Code: 
_dkim1.example.com.    IN    TXT    "v=DKIM1; h=sha256; k=rsa; hashxxxxx1"
_dkim2.example.com.    IN    TXT    "v=DKIM1; h=sha256; k=rsa; hashxxxxx2"

For our customer facing domains we add this records:
Code: 
s1cn._domainkey.customerdomain.net.    IN    CNAME    _dkim1.example.com.
s2cn._domainkey.customerdomain.net.    IN    CNAME    _dkim2.example.com.

Be careful what selector you also use I have at first used s1, s2 but some big companies already use this selector so you might run into problems so I am using s1cn (cn as our company initials) should be safe enough.

If we need to change our DKIM at any point I just correct the records on our company records and the record is updated on all our domains. It's like magic but in the end it's just good planning you should actually rotate your DKIM keys once in a while at least that is a recommendation that is why I was looking for a solution and this is it...
 
  • Like
Reactions: flames
You must log in or register to reply here.
Top Bottom