1 Topic by andrei_p (edited by andrei_p 2023-07-17 02:21:35)

  • andrei_p
  • Member
  • Offline
  • Registered: 2022-04-09
  • Posts: 13

Topic: Cannot add dkim for next domains

==== REQUIRED BASIC INFO OF YOUR IREDMAIL SERVER ====
- iRedMail version (check /etc/iredmail-release): 1.6.3 PGSQL edition
- Deployed with iRedMail Easy or the downloadable installer? Easy
- Linux/BSD distribution name and version:  Debian 11.7
- Store mail accounts in which backend (LDAP/MySQL/PGSQL):  PGSQL
- Web server (Apache or Nginx): nginx
- Manage mail accounts with iRedAdmin-Pro? yes
- [IMPORTANT] Related original log or error message is required if you're experiencing an issue.
====

Hi Iredmail supoort,

we cannot add dkim keys for our next domains after the first domain. we added fbi.ie as the first domain after installing Iredmail Pro, but we cannot add dkim recird for next domains.

sudo amavisd-new showkeys shows only the key#1 for the first domain added - fbi.ie, though we created the key for our second domain futuremsp.ie:

amavisd-new genrsa /var/lib/dkim/futuremsp.ie.pem 1024
chown amavis:amavis /var/lib/dkim/futuremsp.ie.pem
chmod 0400 /var/lib/dkim/futuremsp.ie.pem
service amavis restart

sudo amavisd-new showkeys:

; key#1 2048 bits, i=dkim, d=fbi.ie, /var/lib/dkim/fbi.ie.pem
dkim._domainkey.fbi.ie.    3600 TXT (
  "v=DKIM1; p="
  "MIIBIjAN......)

----

Spider Email Archiver: On-Premises, lightweight email archiving software developed by iRedMail team. Supports Amazon S3 compatible storage and custom branding.

2 Reply by dave.opc

  • dave.opc
  • Member
  • Offline
  • Registered: 2019-07-08
  • Posts: 101

Re: Cannot add dkim for next domains

you can use 1 dkim for all your domains on that server

3 Reply by andrei_p

  • andrei_p
  • Member
  • Offline
  • Registered: 2022-04-09
  • Posts: 13

Re: Cannot add dkim for next domains

But we have 1 unique dkim key per domain on another server.

4 Reply by Cthulhu

  • Cthulhu
  • Member
  • Offline
  • Registered: 2019-06-04
  • Posts: 859

Re: Cannot add dkim for next domains

so, you create a new keypair and expect that's all it needs?

did you even read the docs, there is a very nice tutorial on how to add dkim keys

5 Reply by andrei_p

  • andrei_p
  • Member
  • Offline
  • Registered: 2022-04-09
  • Posts: 13

Re: Cannot add dkim for next domains

Hi Cthulhu,

just found docs.iredmail.org/sign.dkim.signature.for.new.domain.html

Can it be added to the admin backend to do it through gui ?

6 Reply by ZhangHuangbin

  • ZhangHuangbin
  • ZhangHuangbin
  • iRedMail Developers
  • Offline
  • Registered: 2009-05-06
  • Posts: 30,916

Re: Cannot add dkim for next domains

andrei_p wrote:

just found docs.iredmail.org/sign.dkim.signature.for.new.domain.html
Can it be added to the admin backend to do it through gui ?

Impossible right now, but we may implement this in iRedMail Pro in the future: https://docs.iredmail.org/pro.html

- iRedAdmin(-Pro) is running as non-privileged system user "iredadmin" for better security, it doesn't have privileges to create DKIM keys and reload / restart Amavisd service. so it's impossible.
- iRedMail Pro is the new product we're working on, it is only one single binary program but it runs 2 daemon processes, one of them runs as root user, so it has required privileges to do almost all tasks, we may implement DKIM key related tasks in this daemon process, and allow sysadmins to manage them on web console.