Generate DKIM as 1024

Discussion in 'ISPConfig 3 Priority Support' started by elmacus, Jan 30, 2018.

  1. elmacus

    elmacus Member HowtoForge Supporter

    Hi, we usually use DKIM 1024.
    But when generate in email domain it looks like its 2048, 410 char long.
    After saving "bogus" DKIM and open up again and generate a new in place, it becomes 1024 (230 char) as setting is in system/config/server/email/dkim strength.
    So obvious the setting is not used first run.
    Is this bug or feature ?
     
  2. till

    till Super Moderator Staff Member ISPConfig Developer

    Might be a bug as it should always obey the dkim strength settings. Please add a bugreport in the ISPConfig bug tracker so we can check and solve that.
     
  3. florian030

    florian030 ISPConfig Developer ISPConfig Developer

    Are you running a multiserver-setup? The key-strength is read from the server-config where the mail-domain is hosted before a key will be created.
     
  4. elmacus

    elmacus Member HowtoForge Supporter

    yes multiserver, check my signatur.
    All servers is set to weak, think by installer, dont remember i changed anyone.
    Then its a bug, since it does not read the config as it should.
     
  5. florian030

    florian030 ISPConfig Developer ISPConfig Developer

    If you get a 2048 key, there is something missing in your database on the master-server. 2048 is the defualt if nothing is found.
    Make sure, that the mail-server for the domain is set or you have a default mail.server for the client.

    It's the same code if you create or update a record.

    Can you try to create a new mail-domain without dkim, open the domain again, enable dkim and check the result?
     
  6. elmacus

    elmacus Member HowtoForge Supporter

    Yes, thats my workaround now to first save domainname without DKIM, and then go in and activate it, then the settings apply correctly.
    The masterserver is only ISPconfig gui, no services to custumers.
    I did follow multiserver guide for that like 6 years ago, upgraded since 3.0.3 or something. Maybe there is config errors with postfix or dovecut, but since i only send emails, i have not seen anything unusual there.
    The setting for DKIM is weak ofc on that controlpanel.
    What file in server does save this setting ?
    In /var/lib/amavis/dkim is empty since this is not a mailserver.
    /etc/amavis/ im not sure how this works.
     
  7. florian030

    florian030 ISPConfig Developer ISPConfig Developer

    I think, i found the problem. Did you enabled the domain module? If yes, you can adjust the defaukt-strength in interface/web/mail/mail_domain_dkim_create.php to 1024 (~line 136)
     
  8. elmacus

    elmacus Member HowtoForge Supporter

    Do you mean /main config/domains/Use the domain limits in client module to add new domains ? No i do not use that.

    Anyway i did edit the file and that works, thanks.
    Do i need to remember this or is this added to next version ?
     
  9. till

    till Super Moderator Staff Member ISPConfig Developer

    This is already listed in the bug tracker to be fixed in next release.
     
    Arape and elmacus like this.
  10. elmacus

    elmacus Member HowtoForge Supporter

    Since 3.1.12 the DKIM settings does not work. I cant force it to Weak, since normal dont work.
    The old file i changed mail_domain_dkim_create.php is deleted: https://git.ispconfig.org/ispconfig/ispconfig3/commit/29c96a7495814edcf3c3b52707a1edf3ca743eb5
    So setting DKIM strength to weak or strong in System/Server Config/ServerID/Email does not work.

    Its always this in header: dkim=fail (2048-bit key) reason="fail (bad RSA signature)".
    Sending to google (edited): mx.google.com; dkim=fail [email protected] spf=pass dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=example.test

    DKIM test on mxtoolbox.com shows no errors.

    DKIM-selector can not be altered now with your own selector, its always numbers, i usually set the date ex: 20180619

    Please assist on how to change DKIM strength, i test this on a new server, nothing old in code.
     
  11. till

    till Super Moderator Staff Member ISPConfig Developer

  12. elmacus

    elmacus Member HowtoForge Supporter

    Thanks Till, editing these files manually fixed the error i had.
    Now: dkim=pass (1024-bit key).
     
    till likes this.

Share This Page