Mails from forged addresses are really annoying.
Enabling DomainKeys Identified Mail (DKIM) helps to fight against fake emails. It allows any email recipient to check whether the email was indeed send from original domain owner.
Control panels like VestaCP allows enabling DKIM to deter spoofing and phishing attacks.
However, errors in syntax and wrong DNS settings may cause errors while enabling DKIM in VestaCP.
At Bobcares, we often get requests from our customers to enable DKIM in VestaCP as part of our Server Management Services.
Today, we’ll see how our Support Engineers enable DKIM in VestaCP and fix related errors.
How we enable DKIM in Vesta control panel
VestaCP comes as a cheaper cPanel alternative for your server. Also, DKIM is email authentication method to verify the sender of the message which helps to enhance the server reputation.
In VestaCP, when creating a new domain, DKIM support is activated by default.
So, if we need to enable a DKIM record for a domain, we need to delete both mail._domainkey and _domainkey.
Here, let’s see how our Support Engineers enable this record for a domain.
1, Firstly, we login into the VestaCP control panel
2. Then we navigate to DNS and select the domain.
3. After that, we click on List Records button.
4. If it’s listed, we select mail._domainkey and _domainkey, and click the ‘Delete’ button.
To enable DKIM,
5. We navigate to MAIL section and select the domain that wants to enable DKIM.
6. Next, we click EDIT button.
7. Again, we enable the DKIM option and click the Save button.
Now, DKIM records have been added to the DNS records.
How we fixed error when enabling DKIM
From our experience in managing servers, we’ve seen customers facing problems while enabling DKIM in VestaCP.
Now let’s see how our Support Engineers fixed the top errors.
1. Syntax errors
Basically, enabling DKIM in control panels such as VestaCP, cPanel, and Webmin are very easy. However, error may occur due to syntax errors.
Recently, one of our customers contacted us with a problem after enabling DKIM for his domain. He had an external DNS server (Cloudflare) for his website. Also, while adding DKIM, it gave an error like,
2019-05-18 03:10:04 1ffzKN-000240-Sa DKIM: signing failed: RSA_LONG_LINE
On checking, our Support Engineers found that the problem was due to syntax errors.
He had used the DKIM value with quotes. For example,
mail mail._domainkey. IN TXT "v=DKIM1;p=publickey;" mail mail._domainkey.domain.com. IN TXT "v=DKIM1;p=publickey;" mail._domainkey k=rsa; p=publickey default default._domainkey. IN TXT "v=DKIM1;p=publickey;" default default._domainkey.domain.com. IN TXT "v=DKIM1;p=publickey;"
This created problems with DKIM signing. Adding extra characters like double-quotes make DKIM to not work properly and ends up in error too.Therefore, we solved the error by removing the quotes.
Selector : mail._domainkey v=DKIM1;k=rsa; p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCubC0zd/A1i20X60r/TPt4Anj5sehodvaY8ulZPFNWgd2xhlW2mH9rswr35eSr66hUYeBFNBfAKLo+1JCVk+sg1pFwTyjQQCfpRLvt4nvv45o/0KwWLaroXgYVdsNiO14HuBrTh3r9tDL5HKiWOdRRLv+L9O4o7vfL928LDGpMCQIDAQAB
2. Problems with DNS
Often, customers using external DNS for their domains face problems with DKIM setup. This happens mainly when user setup DKIM records in the wrong server. When they try to set up DKM settings in VestaCP instead of external DNS settings, they may get following error too.
Your DKIM signature is not valid DomainKeys Identified Mail (DKIM) is a method for associating a domain name to an email message, thereby allowing a person, role, or organization to claim some responsibility for the message. The DKIM signature of your message is: XXXXXXXXXXX We were not able to retrieve your public key. Please ensure that you inserted your DKIM TXT DNS record on your domain example.com using the selector mail. If you recently modified your DNS, please be patient and test again your Newsletter in 12 hours, it may take some time for the DNS to be propagated
Again, this error can pop up when the DNS propagation period is not complete.
So, our Support Engineers assist our customers to add the DKIM at the nameservers of the domain. We, then wait for the DNS changes to propagate. After DNS propagation, mail signing with DKIM work properly.
[Having difficulty enabling DKIM for your domain? We’ll fix it for you.]
In short, DKIM is one of the email authentication methods and VestaCP allows DKIM to defend the server from email spoofing and phishing attacks. Today, we saw how our Support Engineers fixed errors related to VestaCP DKIM.