ISPConfig DNS Zone Issues

Discussion in 'General' started by Max Wilkinson, Jul 25, 2017.

  1. Max Wilkinson

    Max Wilkinson New Member

    Hi all,
    When I first upgraded to ISPConfig 3.1.5 from 3.0.4p8 if I created a DNS zone the 'DKIM' box was unchecked and if i checked it, it would generate the DKIM key and add it to the default added DNS records. This button is always checked but greyed out now and does not create the records.

    Along with this we have a script called 'Add_Domain', now I am not sure if this was a default script or not as it was there before I started working here. When I ran the script to create a new domain and DKIM key, since upgrading, I got a 'no DKIM key' error. The domain does not appear in the web gui, but if i check the apache file the script updates - /etc/apache2/sites-enabled/000-default - it appears to be added. In relation to the DKIM keys when I checked the /etc/amavis/conf.d/50-user file there were now dkim_key entries at all, including all historic ones. Using 'amavisd-new showkeys' I just got the no keys error. Now I have fixed the DKIM issues by manually relinking them in the 50-user file, though I just dont understand why they were removed anyway.

    I have attached the script for adding the domain and I have also added the 50-user file, any help would be greatly appreciated. If we can also correct the 'greyed' out DKIM button when making a domain that would be great, as it saves people having to use the script at all. I am also concerned other things may be broken too.

    We do have priority support but my MD is away and I dont have his log in details.

    - Max

    Attached Files:

  2. till

    till Super Moderator Staff Member ISPConfig Developer

    Your script is not from ISPConfig nor does it add or configure anything in ISPConfig, it does not even use the ISPConfig API. So there can not be anything added in ISPConfig by running this script.

    I guess you were using this script to manually add dkim keys outside of ISPConfig. With ISPConfig 3.1, dkim is available in ISPConfig directly, but if you added keys manually outside in the same config file that ISPConfig is using to configure amavis, then your manual keys must be lost.

    Regarding dkim in ispconfig and the greyed out checkbox, I guess you refer to the dns wizard? This checkbox is shown when you activated dkim in the dns wizard template. This is an automatic function, you just activate or deactivate it for the template and ispconfig takes care to create the dkim record when there is a mail domain with a dkim key. If there is no mail domain yet, then the dkim record gets added in dns when you create the mail domain and activate dkim for it in the mail domain settings.
  3. Max Wilkinson

    Max Wilkinson New Member

    Strange as I am sure in 3.0.4 if we ran it using option 3, it would create everything and generate a DKIM key that we would manually add afterwards. I did think it was probably something wrote our end, but again before my time here.

    Where can I keep the manually created ones that are historic and then let ISPConfig handle the new ones?

    I will admit I am not massive familiar with ISPConfig. In our mail template the DKIM key is checked and so we can see the DKIM option in the DNS zone wizard; however, I cannot uncheck or check it - its just checked and grey. If I remove it from the template, I cannot see it at all. If I create a DNS zone and setup an e-mail address there is no DKIM key generated - as far as I can tell.
  4. Max Wilkinson

    Max Wilkinson New Member

    Weird, I just tried it again and now its generated a 60-dkim file inside the amavis directory. All my custom ones remain in the 50-user and new ones are now working again.
  5. till

    till Super Moderator Staff Member ISPConfig Developer

    Your custom ones will be removed again on next update. to keep them, create your own file like 60-custom and add them there after you removed them from 50-user file.
  6. Max Wilkinson

    Max Wilkinson New Member

    Just so I'm fully clear, how does ISPConfig go about notcing my custom DKIM file? Is it a case of just being a file in that folder or should it be prefixed with a 60 as you mentioned?

    Also the domain I added i get this error with the auto generated DKIM:

    Historic -> TESTING#34: => pass
    Made in GUI -> TESTING#35: => fail (OpenSSL error: data too small for key size)

Share This Page