DKIM?
Moderator: Moderators
Re: DKIM?
I don't have an ETA on DKIM signing for outbound mail. We plan to implement it in a way where signing keys are provided by the user and then associated to outbound accounts, not globally by Rollernet. It will probably happen when we get to updating that section, as you may have noticed that updates to other sections also come with an interface change since we're reviewing and updating the back end of each section as we go.
Seth Mattinen, Roller Network LLC
Re: DKIM?
We are currently testing some DKIM methods in the back end and how easily they would be able to integrate into the control center.
Seth Mattinen, Roller Network LLC
-
- Posts: 3
- Joined: Wed Oct 06, 2021 12:45 pm
Re: DKIM?
I see it's been a while since this issue was pinged. Any update? Gmail/MSN/Yahoo/Comcast/Outlook are getting much more strict.
Re: DKIM?
I suppose I can just set it up in the back end and have everyone email us their private DKIM key for now.
The real delay is that we have to change jQuery versions (not because we need anything in newer versions but because PCI compliance simply tags it as "too old") which broke basically everything where we have UI elements, so I'm having to rewrite it slowly. So until this is done I can't add any front end interfaces to configure a private key for DKIM
The real delay is that we have to change jQuery versions (not because we need anything in newer versions but because PCI compliance simply tags it as "too old") which broke basically everything where we have UI elements, so I'm having to rewrite it slowly. So until this is done I can't add any front end interfaces to configure a private key for DKIM
Seth Mattinen, Roller Network LLC
Re: DKIM?
If you would like to try using DKIM, please send us the following for every mail domain you want to have DKIM signatures when using Outbound Mail:
domain=
selector=
privatekey=
This private key and selector will be used to DKIM sign emails submitted from your account that match the domain. At this time we are accepting user-generated private keys: in the future we will offer an option to generate them through our account control center, and possibly automate them when used with our Primary DNS.
As currently implemented we will need to configure each domain separately so that the DKIM signature will be aligned with the "From" header. In the past it was common for providers to bulk sign mail with their own key, however this is not a best practice. Although it's more secure to use unique private keys, it does require more setup.
We have been working with a very long delay adding new features to the front end account control center due to changing jQuery versions (not because we need anything in newer versions but because PCI compliance tags jQuery as "too old"), which unfortunately breaks basically everything where we have UI elements. Until this is done, any front end interfaces to configure a private key for DKIM will have to wait.
We have also created a web page that will generate keys for you:
https://acc.rollernet.us/api/dkimkeygen.php
Also available in JSON format for scripting:
https://acc.rollernet.us/api/dkimkeygen.php?json
If you have access to "openssl" you can generate a private key with the following command:
For a 2048 bit key:
openssl genrsa -out dkim_private.pem 2048
For a 1024 bit key:
openssl genrsa -out dkim_private.pem 1024
Public key for DNS:
openssl rsa -in dkim_private.pem -pubout -outform der 2>/dev/null | openssl base64 -A
domain=
selector=
privatekey=
This private key and selector will be used to DKIM sign emails submitted from your account that match the domain. At this time we are accepting user-generated private keys: in the future we will offer an option to generate them through our account control center, and possibly automate them when used with our Primary DNS.
As currently implemented we will need to configure each domain separately so that the DKIM signature will be aligned with the "From" header. In the past it was common for providers to bulk sign mail with their own key, however this is not a best practice. Although it's more secure to use unique private keys, it does require more setup.
We have been working with a very long delay adding new features to the front end account control center due to changing jQuery versions (not because we need anything in newer versions but because PCI compliance tags jQuery as "too old"), which unfortunately breaks basically everything where we have UI elements. Until this is done, any front end interfaces to configure a private key for DKIM will have to wait.
We have also created a web page that will generate keys for you:
https://acc.rollernet.us/api/dkimkeygen.php
Also available in JSON format for scripting:
https://acc.rollernet.us/api/dkimkeygen.php?json
If you have access to "openssl" you can generate a private key with the following command:
For a 2048 bit key:
openssl genrsa -out dkim_private.pem 2048
For a 1024 bit key:
openssl genrsa -out dkim_private.pem 1024
Public key for DNS:
openssl rsa -in dkim_private.pem -pubout -outform der 2>/dev/null | openssl base64 -A
Seth Mattinen, Roller Network LLC