Solved Can I reset the DKIM settings?
-
Awhile ago my cloudron ran under my.domain1.com, and I had set up email and what not. I then changed that main domain to my.domain2.com. Everything seems to work fine.
BUT, my Postmark DMARC checks have been telling me my SPF and DKIM aren't aligned and 8 emails from 3 clearly spammy sources were sent claiming to be from my.domain2.com.
So I checked that domain, and noticed that the DNS records and the email records on the cloudron both have this as their DKIM: cloudron-domain1com._domainkey. ?? Why wouldn't it be cloudron-domain2com._domainkey?
I then noticed that a new domain which I recently added (which came AFTER I moved my cloudron from VPS 1 to VPS 2, seamlessly I add) seems to have a DKIM record that has the residual hostname of the new VPS before I fixed that on the new VPS. It looks like: cloudron-62141b._domainkey. Shouldn't this be cloudron-domain2com._domainkey
So I checked other domains which have been on the cloudron for awhile and see that their DKIM starts with: cloudron-domain2com._domainkey. So, this has the main domain of the cloudron. This appears correct, and I don't have any non-aligned warnings for those domains.
So, is there a way to reset those DKIM records so they all have: cloudron-domain2com._domainkey. It seems that this is essential, even though my email dashboard has all green check marks.
Thanks!
-
@scooke said in Can I reset the DKIM settings?:
So I checked that domain, and noticed that the DNS records and the email records on the cloudron both have this as their DKIM: cloudron-domain1com._domainkey. ?? Why wouldn't it be cloudron-domain2com._domainkey?
Did you also change the domain of the mail sever ? https://docs.cloudron.io/email/#server-location . The domain here determines the "name" of the mail server (and the required DKIM settings).
-
@girish Yes, that was changed. That was changed to domain2 while on still on VPS 1, where the initial mail location was domain1. So, I guess it didn't update properly back then. This is over a year ago. Maybe there was some glitch back then.
I tried to redo it just now by simply deleting "my" and retyping it, and there was a little message saying it was updating DNS, but only for the most recently added domain. I checked my main cloudron domain email settings under Status, and it still shows cloudron-domain1._domainkey, that the cloudron-domain2._domainkey DKIM key that others have.
I don't fully understand the DNS magic realm, and maybe it's fine that the DKIM domain doesn't actually match the actual domain, but now that I've discovered that my Cloudron is using three different DKIMs, I'd prefer to have them all use cloudron-domain2._domainkey.
Would I just navigate to where those keys are held on the VPS and delete them, and upon restarting the VPS cloudron will regenerate them, but properly using the current domain? My rDNS, or PTR record, uses my.domain2.com, same as the main dashboard domain, so don't these all have to match optimally?
-
So, is it possible to reset the DKIM certs, or no? Can I just remove the ones which don't have the current info, and they'll be regenerated properly? Or will I bork my Cloudron up if I do that?
-
@scooke So, the DKIM keys can be arbitrarily named. It's not a problem that it has the old domains name as part of it. In more recent Cloudron version, we have actually started using a hash and not the concrete name because people had similar concern as yours about "referencing" an older name.
If you want to reset this, you have to update the database directly for the moment. You can do it like this:
mysql -uroot -ppassword -e "select domain, dkimSelector from box.mail;"
The above command will show the current domain and dkim selector. To update it, something like:
mysql -uroot -ppassword -e "UPDATE box.mail SET dkimSelector='cloudron' WHERE domain='currentdomain';"
(please update the domain value accordingly).
As said, this is not a problem as such, so there is no issue leaving it as-is. I will make the dkim selector configurable in the coming release.
-
@girish Much appreciated, thank you!