Cloudron makes it easy to run web apps like WordPress, Nextcloud, GitLab on your server. Find out more or install now.


    Cloudron Forum

    • Register
    • Login
    • Search
    • Categories
    • Recent
    • Tags
    • Popular

    Solved Can I reset the DKIM settings?

    Support
    email dkim
    2
    6
    232
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • scooke
      scooke last edited by girish

      Awhile ago my cloudron ran under my.domain1.com, and I had set up email and what not. I then changed that main domain to my.domain2.com. Everything seems to work fine.

      BUT, my Postmark DMARC checks have been telling me my SPF and DKIM aren't aligned and 8 emails from 3 clearly spammy sources were sent claiming to be from my.domain2.com.

      So I checked that domain, and noticed that the DNS records and the email records on the cloudron both have this as their DKIM: cloudron-domain1com._domainkey. ?? Why wouldn't it be cloudron-domain2com._domainkey?

      I then noticed that a new domain which I recently added (which came AFTER I moved my cloudron from VPS 1 to VPS 2, seamlessly I add) seems to have a DKIM record that has the residual hostname of the new VPS before I fixed that on the new VPS. It looks like: cloudron-62141b._domainkey. Shouldn't this be cloudron-domain2com._domainkey

      So I checked other domains which have been on the cloudron for awhile and see that their DKIM starts with: cloudron-domain2com._domainkey. So, this has the main domain of the cloudron. This appears correct, and I don't have any non-aligned warnings for those domains.

      So, is there a way to reset those DKIM records so they all have: cloudron-domain2com._domainkey. It seems that this is essential, even though my email dashboard has all green check marks.

      Thanks!

      A life lived in fear is a life half-lived

      girish 1 Reply Last reply Reply Quote 0
      • girish
        girish Staff @scooke last edited by

        @scooke said in Can I reset the DKIM settings?:

        So I checked that domain, and noticed that the DNS records and the email records on the cloudron both have this as their DKIM: cloudron-domain1com._domainkey. ?? Why wouldn't it be cloudron-domain2com._domainkey?

        Did you also change the domain of the mail sever ? https://docs.cloudron.io/email/#server-location . The domain here determines the "name" of the mail server (and the required DKIM settings).

        scooke 1 Reply Last reply Reply Quote 0
        • scooke
          scooke @girish last edited by scooke

          @girish Yes, that was changed. That was changed to domain2 while on still on VPS 1, where the initial mail location was domain1. So, I guess it didn't update properly back then. This is over a year ago. Maybe there was some glitch back then.

          I tried to redo it just now by simply deleting "my" and retyping it, and there was a little message saying it was updating DNS, but only for the most recently added domain. I checked my main cloudron domain email settings under Status, and it still shows cloudron-domain1._domainkey, that the cloudron-domain2._domainkey DKIM key that others have.

          I don't fully understand the DNS magic realm, and maybe it's fine that the DKIM domain doesn't actually match the actual domain, but now that I've discovered that my Cloudron is using three different DKIMs, I'd prefer to have them all use cloudron-domain2._domainkey.

          Would I just navigate to where those keys are held on the VPS and delete them, and upon restarting the VPS cloudron will regenerate them, but properly using the current domain? My rDNS, or PTR record, uses my.domain2.com, same as the main dashboard domain, so don't these all have to match optimally?

          A life lived in fear is a life half-lived

          scooke 1 Reply Last reply Reply Quote 0
          • scooke
            scooke @scooke last edited by

            So, is it possible to reset the DKIM certs, or no? Can I just remove the ones which don't have the current info, and they'll be regenerated properly? Or will I bork my Cloudron up if I do that?

            A life lived in fear is a life half-lived

            girish 1 Reply Last reply Reply Quote 0
            • girish
              girish Staff @scooke last edited by

              @scooke So, the DKIM keys can be arbitrarily named. It's not a problem that it has the old domains name as part of it. In more recent Cloudron version, we have actually started using a hash and not the concrete name because people had similar concern as yours about "referencing" an older name.

              If you want to reset this, you have to update the database directly for the moment. You can do it like this:

               mysql -uroot -ppassword -e "select domain, dkimSelector from box.mail;"
              

              The above command will show the current domain and dkim selector. To update it, something like:

               mysql -uroot -ppassword -e "UPDATE box.mail SET dkimSelector='cloudron' WHERE domain='currentdomain';"
              

              (please update the domain value accordingly).

              As said, this is not a problem as such, so there is no issue leaving it as-is. I will make the dkim selector configurable in the coming release.

              scooke 1 Reply Last reply Reply Quote 3
              • scooke
                scooke @girish last edited by

                @girish Much appreciated, thank you!

                A life lived in fear is a life half-lived

                1 Reply Last reply Reply Quote 0
                • First post
                  Last post
                Powered by NodeBB