Can I reset the DKIM settings?
-
@scooke said in Can I reset the DKIM settings?:
So I checked that domain, and noticed that the DNS records and the email records on the cloudron both have this as their DKIM: cloudron-domain1com._domainkey. ?? Why wouldn't it be cloudron-domain2com._domainkey?
Did you also change the domain of the mail sever ? https://docs.cloudron.io/email/#server-location . The domain here determines the "name" of the mail server (and the required DKIM settings).
@girish Yes, that was changed. That was changed to domain2 while on still on VPS 1, where the initial mail location was domain1. So, I guess it didn't update properly back then. This is over a year ago. Maybe there was some glitch back then.
I tried to redo it just now by simply deleting "my" and retyping it, and there was a little message saying it was updating DNS, but only for the most recently added domain. I checked my main cloudron domain email settings under Status, and it still shows cloudron-domain1._domainkey, that the cloudron-domain2._domainkey DKIM key that others have.
I don't fully understand the DNS magic realm, and maybe it's fine that the DKIM domain doesn't actually match the actual domain, but now that I've discovered that my Cloudron is using three different DKIMs, I'd prefer to have them all use cloudron-domain2._domainkey.
Would I just navigate to where those keys are held on the VPS and delete them, and upon restarting the VPS cloudron will regenerate them, but properly using the current domain? My rDNS, or PTR record, uses my.domain2.com, same as the main dashboard domain, so don't these all have to match optimally?
A life lived in fear is a life half-lived
-
@girish Yes, that was changed. That was changed to domain2 while on still on VPS 1, where the initial mail location was domain1. So, I guess it didn't update properly back then. This is over a year ago. Maybe there was some glitch back then.
I tried to redo it just now by simply deleting "my" and retyping it, and there was a little message saying it was updating DNS, but only for the most recently added domain. I checked my main cloudron domain email settings under Status, and it still shows cloudron-domain1._domainkey, that the cloudron-domain2._domainkey DKIM key that others have.
I don't fully understand the DNS magic realm, and maybe it's fine that the DKIM domain doesn't actually match the actual domain, but now that I've discovered that my Cloudron is using three different DKIMs, I'd prefer to have them all use cloudron-domain2._domainkey.
Would I just navigate to where those keys are held on the VPS and delete them, and upon restarting the VPS cloudron will regenerate them, but properly using the current domain? My rDNS, or PTR record, uses my.domain2.com, same as the main dashboard domain, so don't these all have to match optimally?
-
So, is it possible to reset the DKIM certs, or no? Can I just remove the ones which don't have the current info, and they'll be regenerated properly? Or will I bork my Cloudron up if I do that?
@scooke So, the DKIM keys can be arbitrarily named. It's not a problem that it has the old domains name as part of it. In more recent Cloudron version, we have actually started using a hash and not the concrete name because people had similar concern as yours about "referencing" an older name.
If you want to reset this, you have to update the database directly for the moment. You can do it like this:
mysql -uroot -ppassword -e "select domain, dkimSelector from box.mail;"The above command will show the current domain and dkim selector. To update it, something like:
mysql -uroot -ppassword -e "UPDATE box.mail SET dkimSelector='cloudron' WHERE domain='currentdomain';"(please update the domain value accordingly).
As said, this is not a problem as such, so there is no issue leaving it as-is. I will make the dkim selector configurable in the coming release.
-
@scooke So, the DKIM keys can be arbitrarily named. It's not a problem that it has the old domains name as part of it. In more recent Cloudron version, we have actually started using a hash and not the concrete name because people had similar concern as yours about "referencing" an older name.
If you want to reset this, you have to update the database directly for the moment. You can do it like this:
mysql -uroot -ppassword -e "select domain, dkimSelector from box.mail;"The above command will show the current domain and dkim selector. To update it, something like:
mysql -uroot -ppassword -e "UPDATE box.mail SET dkimSelector='cloudron' WHERE domain='currentdomain';"(please update the domain value accordingly).
As said, this is not a problem as such, so there is no issue leaving it as-is. I will make the dkim selector configurable in the coming release.
-
@scooke So, the DKIM keys can be arbitrarily named. It's not a problem that it has the old domains name as part of it. In more recent Cloudron version, we have actually started using a hash and not the concrete name because people had similar concern as yours about "referencing" an older name.
If you want to reset this, you have to update the database directly for the moment. You can do it like this:
mysql -uroot -ppassword -e "select domain, dkimSelector from box.mail;"The above command will show the current domain and dkim selector. To update it, something like:
mysql -uroot -ppassword -e "UPDATE box.mail SET dkimSelector='cloudron' WHERE domain='currentdomain';"(please update the domain value accordingly).
As said, this is not a problem as such, so there is no issue leaving it as-is. I will make the dkim selector configurable in the coming release.
@girish said in Can I reset the DKIM settings?:
As said, this is not a problem as such, so there is no issue leaving it as-is. I will make the dkim selector configurable in the coming release.
I would appear to me that somehow it is an issue.
Like @scooke I both moved my my. domain around (from uniteddiversity.org to uniteddiversity.coop and changed my mail server address from my.uniteddiversity.coop to mail.uniteddiversity.coop )
And when I do a uniteddiversity.coop:email DKIM lookup on https://mxtoolbox.com/SuperTool.aspx it tells me:
No DKIM Record foundSo I looked in my DNS and found these DKIM records which Cloudron obviously set:
And also, in email status within Cloudon, I have this:
So why are they not being found when I do a uniteddiversity.coop:email DKIM lookup on https://mxtoolbox.com/SuperTool.aspx ?
-
@girish said in Can I reset the DKIM settings?:
As said, this is not a problem as such, so there is no issue leaving it as-is. I will make the dkim selector configurable in the coming release.
I would appear to me that somehow it is an issue.
Like @scooke I both moved my my. domain around (from uniteddiversity.org to uniteddiversity.coop and changed my mail server address from my.uniteddiversity.coop to mail.uniteddiversity.coop )
And when I do a uniteddiversity.coop:email DKIM lookup on https://mxtoolbox.com/SuperTool.aspx it tells me:
No DKIM Record foundSo I looked in my DNS and found these DKIM records which Cloudron obviously set:
And also, in email status within Cloudon, I have this:
So why are they not being found when I do a uniteddiversity.coop:email DKIM lookup on https://mxtoolbox.com/SuperTool.aspx ?
@jdaviescoates It appears fine in the DNS.
$ host -t TXT cloudron-uniteddiversityorg._domainkey.uniteddiversity.coop cloudron-uniteddiversityorg._domainkey.uniteddiversity.coop descriptive text "v=DKIM1; t=s; p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDFZ/gh1xMkTbgkE1fEQWrFY8jn0uoxpLLvtAPHhWKNRSv4k88PKw/kqdBCHx3fV1CjabMH8zjZBQgXpRqfopJLbdHmGDUKkbpFfb4XNoXXGjxbJzceBVWJtVnKdmNRT5wOFSpltJkkSSU3uRbwn81NEBd9Duavt4x8wu+tUFkQ4wIDAQAB"Maybe the web tool is (temporarily) broken ?
-
@jdaviescoates It appears fine in the DNS.
$ host -t TXT cloudron-uniteddiversityorg._domainkey.uniteddiversity.coop cloudron-uniteddiversityorg._domainkey.uniteddiversity.coop descriptive text "v=DKIM1; t=s; p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDFZ/gh1xMkTbgkE1fEQWrFY8jn0uoxpLLvtAPHhWKNRSv4k88PKw/kqdBCHx3fV1CjabMH8zjZBQgXpRqfopJLbdHmGDUKkbpFfb4XNoXXGjxbJzceBVWJtVnKdmNRT5wOFSpltJkkSSU3uRbwn81NEBd9Duavt4x8wu+tUFkQ4wIDAQAB"Maybe the web tool is (temporarily) broken ?
-
@girish said in Can I reset the DKIM settings?:
Maybe the web tool is (temporarily) broken ?
It appears fine there too.
@girish I was doing it this way:
uniteddiversity.coop:email
As you can see that is still showing an error.
-
@girish I was doing it this way:
uniteddiversity.coop:email
As you can see that is still showing an error.
@jdaviescoates said in Can I reset the DKIM settings?:
uniteddiversity.coop:email
I think the tool wants a domain name. Why are you adding a ":email" in the end? Is that a special syntax on that site?
-
@jdaviescoates said in Can I reset the DKIM settings?:
uniteddiversity.coop:email
I think the tool wants a domain name. Why are you adding a ":email" in the end? Is that a special syntax on that site?
@girish said in Can I reset the DKIM settings?:
Why are you adding a ":email" in the end? Is that a special syntax on that site?
Yes:
-
@girish said in Can I reset the DKIM settings?:
Why are you adding a ":email" in the end? Is that a special syntax on that site?
Yes:
@jdaviescoates Ahhh, I had to read that a couple of times to grok it. The
:emailis not literal but is the DKIM selector (says so in the text). The DKIM selector in Cloudron iscloudron-uniteddiversityorg(this changes for each installation based on the primary domain. this allows to add same domain on multiple cloudrons).So, try with
uniteddiversity.coop:cloudron-uniteddiversityorgand that does work. -
@jdaviescoates Ahhh, I had to read that a couple of times to grok it. The
:emailis not literal but is the DKIM selector (says so in the text). The DKIM selector in Cloudron iscloudron-uniteddiversityorg(this changes for each installation based on the primary domain. this allows to add same domain on multiple cloudrons).So, try with
uniteddiversity.coop:cloudron-uniteddiversityorgand that does work.@girish Your comprehensional wizardy astounds me! Seriously, impressive. I aim for that type of thinking to better deduce problems, and when I see it done, right in front of me, it's impressive.
EDIT: though this sounds sarcastic, I am being totally sincere!
A life lived in fear is a life half-lived
-
@girish Your comprehensional wizardy astounds me! Seriously, impressive. I aim for that type of thinking to better deduce problems, and when I see it done, right in front of me, it's impressive.
EDIT: though this sounds sarcastic, I am being totally sincere!
-
@jdaviescoates Ahhh, I had to read that a couple of times to grok it. The
:emailis not literal but is the DKIM selector (says so in the text). The DKIM selector in Cloudron iscloudron-uniteddiversityorg(this changes for each installation based on the primary domain. this allows to add same domain on multiple cloudrons).So, try with
uniteddiversity.coop:cloudron-uniteddiversityorgand that does work.@girish said in Can I reset the DKIM settings?:
So, try with uniteddiversity.coop:cloudron-uniteddiversityorg and that does work.
Great, thanks for working that out!
Next question: did it ever become possible to reset such things?
For not particular reason other than neatness I'd kinda like it to by
cloudron-uniteddiversitycoopinstead, or evenrandomstring_uniteddiversity.coop -
@girish said in Can I reset the DKIM settings?:
So, try with uniteddiversity.coop:cloudron-uniteddiversityorg and that does work.
Great, thanks for working that out!
Next question: did it ever become possible to reset such things?
For not particular reason other than neatness I'd kinda like it to by
cloudron-uniteddiversitycoopinstead, or evenrandomstring_uniteddiversity.coop@jdaviescoates I think https://forum.cloudron.io/topic/7478/more-on-whitelabelling-cloudron-for-providing-managed-cloudron-instances . That never got implemented
-
@scooke So, the DKIM keys can be arbitrarily named. It's not a problem that it has the old domains name as part of it. In more recent Cloudron version, we have actually started using a hash and not the concrete name because people had similar concern as yours about "referencing" an older name.
If you want to reset this, you have to update the database directly for the moment. You can do it like this:
mysql -uroot -ppassword -e "select domain, dkimSelector from box.mail;"The above command will show the current domain and dkim selector. To update it, something like:
mysql -uroot -ppassword -e "UPDATE box.mail SET dkimSelector='cloudron' WHERE domain='currentdomain';"(please update the domain value accordingly).
As said, this is not a problem as such, so there is no issue leaving it as-is. I will make the dkim selector configurable in the coming release.
-
@girish, I was thinking of this:
@girish said in Can I reset the DKIM settings?:
I will make the dkim selector configurable in the coming release.
-
@girish , It's a couple years later and I just stumbled across this while doing some DNS record cleanups and remembering that some use the older style DKIM name and others use the newer style. The "OCD" in me wants to format the older ones to use the newer naming scheme. Is this something that ever made it in the product? I see you mentioned that you "will make the dim selector configurable in the coming release" but I don't think I see a way to do that yet. I do see a way from above in this thread though that should do the trick manually in MySQL. https://forum.cloudron.io/post/40250
-
@d19dotca we didn't implement this. So, you have to just edit the database. It's in the
mailtable , there is a field calleddkimSelector. If you change it, that's the key it expects . You have to also restart the mail service to pick up the new value in the database.
