Change DKIM selector from 'default'

[kpmedia]

cPanel sets all servers up to use "default". That's a problem if you use several severs to send mail, and they all insist on being "default".

Where's the setting to change the default selector used by the server? If not in WHM, what needs to be edited (and likely restarted) via SSH?

Using EXIM and Dovecot -- the cPanel default mail servers.

 

[cPanelMichael]

Hello

There is no native functionality available to customize the default DKIM records. However, you should be able to implement a manual workaround. Could you provide more details about the specific records you need to configure and your specific server setup?

Also, feel free to open a feature request for the ability to customize DKIM records at:

Submit A Feature Request

Thank you.

 

[kpmedia]

- Right now the DKIM selector = "default" ... ie, "default._domainkey.mydomain.com" and signed by the server as "default"
- I want it set to "anything" (else)

I'm not sure what else you're after.

cPanel has to specify the key somewhere -- I just don't know where. I didn't write the software. It's likely an easy edit somewhere in the config files.

Forcing us to use "default" is not at all compliant with DKIM specs. It has selectors on purpose. If it's can't be changed, that's serious design flaw.

 

[cPanelMichael]

I was unable to find any internal documentation supporting the ability to modify the default entry used for DKIM. You are welcome to open a support ticket so we can take a closer look:

Submit A Ticket

You can post the ticket number here so we can update this thread with the outcome.

Thank you.

 

[artfei]

Hi all.

If anyone is still interested in this there are lines in /etc/exim.conf file

dkim_remote_smtp:
driver = smtp
interface = ${if exists {/etc/mailips}{${lookup{$original_domain}lsearch{/etc/mailips}{$value}{${lookup{$sender_address_domain}lsearch{/etc/mailips}{$value}{${lookup{${perl{get_sender_from_uid}}}lsearch*{/etc/mailips}{$value}{}}}}}}}}
helo_data = ${if exists {/etc/mailhelo}{${lookup{$original_domain}lsearch{/etc/mailhelo}{$value}{${lookup{$sender_address_domain}lsearch{/etc/mailhelo}{$value}{${lookup{${perl{get_sender_from_uid}}}lsearch*{/etc/mailhelo}{$value}{$primary_hostname}}}}}}}{$primary_hostname}}
dkim_domain = $sender_address_domain
dkim_selector = default
dkim_private_key = "/var/cpanel/domain_keys/private/${dkim_domain}"
dkim_canon = relaxed

To have different selectors for different domains you may simply change it from default to ${dkim_domain} or try to configure your own variables.

With the above I now have:

DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=nagios.domain.com; s=mydomain.com;
h=Date:From:Message-Id; bh=g3zLYH4xKxcPrHOD18z9YfpQcnk/GaJedfustWU5uGs=

Sure with this you should have domainkey TXT record like

mydomain.com._domainkey.mydomain.com

 

[kpmedia]

I already tried changing the exim setting from "default" to something else.

dkim_selector = default

dkim_selector = anything

That didn't have any effect.

 

[Fireminds Ltd.]

Any update on this one? I'm having the same issue with another service stealing "default" rendering the cPanel default value unusable....

Why can't we use default1._domainkey....

 

[cPRex]

@Fireminds Ltd. - there hasn't been any change to this behavior at this time.

 

[Fireminds Ltd.]

Surprised that 7yrs later and we still can't select our own DKIM selector... this needs to be changed. With every system out there forcing default._domainkey down your throat with no way to change it really puts customers at a disadvantage.

 

[cPRex]

There is an older feature request that was opened around the time this thread was created, but I don't see that it received any action. I've messaged the email development team and they are going to look into what it would take to make this an option in the future, but obviously there is nothing official yet or no ETA.

 

[sllbakkbone]

Any update on this? This feature is long overdue

 

[cPRex]

I did reach out to the mail team again and they are going to post a reply to the feature request at DKIM support for custom selector within the next few days.

 

[chris25]

It doesn't look like the expected reply was ever made to the feature request , is there any update here?

 

[cPRex]

I've poked the team and I'll report back soon!

 

[cPRex]

I'm expecting to get more details Monday or Tuesday on this, so I'll keep you posted!

 

[Wallu]

I'm expecting to get more details Monday or Tuesday on this, so I'll keep you posted!

@cPRex Hi Rex, anything yet ?

- Wallu

 

[cPRex]

I believe the official update was moving the Feature Request to "not planned" status, so that's our answer for now.

 

[Wallu]

I believe the official update was moving the Feature Request to "not planned" status, so that's our answer for now.

Hi @cPRex, I just can't figure out why. Mind explaining what's the reasoning behind this decision?

Only one can be default._domainkey.rootdomain*. so having multiple servers sending out emails is a pain with the forced default. Isn't the purpose of selectors actually just what it implies? Having whm1._domainkey*, whm2._domainkey*, whm3._domainkey* etc. for example.

I'm also using other platforms, and there I can actually create whatever selector I want, so I have ended up having web01, web02, web03 etc. as selectors, and it's great.

I have come across scenarios where default is already taken, so it makes me wonder

Maybe I'm missing something, who knows...

- Wallu

 

[cPRex]

I don't have any additional details on why the decision was made, except that the email team wasn't looking into it at this time.

 

[Wallu]

I don't have any additional details on why the decision was made, except that the email team wasn't looking into it at this time.

Ok, thnx Rex, kinda what I was expecting :/

Hope email team change their mind at some point. I'm not alone with this, you know.

Anyways, cheers,

- Wallu