DKIM setup questions

[Andrei9385]

Hello. Can you please tell me the steps to set up DKIM.

1. I've enabled all the options



2. Next I just have to copy this code and paste it into a TXT record on my domain's external hosting ? Do I need to format this code ?



Is that correct?



3. Can you tell me about the Selector option ?

 

[Maximiliano]

Hello,

Please give [1] a read, here the concept of selector is explained. At [2] you can find more info about the possible settings.

The TXT record containing the private key should be at [selector]._domainkey.[domain], in this case the value of the selector is mail.

[1] https://www.cloudflare.com/learning/dns/dns-records/dns-dkim-record/
[2] https://pmg.proxmox.com/pmg-docs/pmg-admin-guide.html#pmgconfig_mailproxy_dkim

 

[thanhtien19]

We have private and public key before , how to resuse it to Proxmox email gateway ?

 

[sive.host]

@Andrei9385 You have three options:
1. reduce the key size from 2048 to 1024, then you will get a single line for the p value
2. put it in the TXT content as one line with a single space between the 3rd line and 2nd line: "v=DKIM1; h=sha256; k=rsa; " "p=MIIBI...dA1d" ".....wIDAQAB"
3. put it in the TXT content as one line combining 3rd line and 2nd line, remove inverted commas and space between them: "v=DKIM1; h=sha256; k=rsa; " "p=MIIBI...QAB"

All options depend on the DNS zone editor you are using, so you may need to try all. Just be patient and allow propagation each try. Also remember to make sure your TXT name should match what you put on the PMG selector, if you put "default" , then the TXT name should be default._domainkey , if you put "Anything" then should be Anything._domainkey

 

[Hunduster]

I'd also like to ask a question of understanding. Today I received a DMARC Aggregate Report from Microsoft for one of my domains:

<dkim>
<domain>my-domain.com</domain>
<selector>dkim1</selector>
<result>fail</result>
</dkim>

Now I have checked my DNS entries again - which I created 2 years ago - and am currently questioning myself :-D

My PMG gives me the following:

dkim1._domainkey IN TXT ( "v=DKIM1; h=sha256; k=rsa; "

"p=MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvS35PaKrEa4zKoL4bWVUJpciewx1532+NzU4mFQzaDkRofFeFQTbI933WFwpuaeDLeGCsQe2Gsrt59GWsa8MX8bivlZvTW13Tz/dJ5I6a0lKNsq8yd9XiKr9hMskTGUAAENXDE7pXTq2aXjAH9FWCVhE7MD9//lzve9YA+0xoDEl0jqJHlLRa6y1aEX5PAGKRYtYnApegajxTz"
"Qv1rztzKmh2gYtkCrA1df6ArzGK0XD5KewD80E/pLvKjz2N2MuXW3Cz0koIeVCLF4jfyJTifkhVpPWZMlSLtEc7KnBvwwrmcQwe4wI4qRttz+whbYpm++Ost9xKXWFqe3nN+ZbUQIDAQAB" ) ; ----- DKIM key dkim1

I have stored the following in the DNS:

v=DKIM1;k=rsa;p=MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvS35PaKrEa4zKoL4bWVUJpciewx1532+NzU4mFQzaDkRofFeFQTbI933WFwpuaeDLeGCsQe2Gsrt59GWsa8MX8bivlZvTW13Tz/dJ5I6a0lKNsq8yd9XiKr9hMskTGUAAENXDE7pXTq2aXjAH9FWCVhE7MD9//lzve9YA+0xoDEl0jqJHlLRa6y1aEX5PAGKRYtYnApegajxTzQv1rztzKmh2gYtkCrA1df6ArzGK0XD5KewD80E/pLvKjz2N2MuXW3Cz0koIeVCLF4jfyJTifkhVpPWZMlSLtEc7KnBvwwrmcQwe4wI4qRttz+whbYpm++Ost9xKXWFqe3nN+ZbUQIDAQAB

As you can see, I have written the values of the public key in the two lines of PMG with two directly after each other and I am just wondering how I came up with this and whether it is correct. When I try DKIM testers on the net, they say my entries are valid, but then I don't understand why Microsoft spits out a fail.

 

[LeFred]

IMHO, I think that M$ have a very low DNS timeout... I have such DMARC reports, with good RRs DKIM.
But it seems that mails are delivered :-/