![]() ![]() has DKIM tests equal to those of DKIM, SPF, and Spam Assassin Validator - but all was fine on both anyway. So, in our case, we needed to amend ACLs on both the phpmailers (via APIs) and on the DKIM private keys, then return the DKIM private keys' permissions to 440 again, then test everything again. However, we've now re-configured it all, because altering all the ACLs that are involved is probably better, all things considered. No problem with that solution, if we're honest because it's secure and works fine. Hence the 450 not 440 permission requirements as posted previously. Your post above has made us change our mind Initially we too had a DKIM private key access issues for phpmailer (but not exactly the same as yours and we didn't post about it until you raised the question later in the thread) which after some tracing, we resolved by allowing execute permission for the groups that the various phpmailers (via APIs) were a members of. The initial question asked was about the location of /etc/domainkeys which was self-resolved but then expanded for using DKIM with phpmailer etc Then it was straightforward after that.Ĭlick to expand.We've edited our last two posts, the idea being that others may find this thread useful in the future. With the benefit of hindsight, it's actually simple (in our case anyway), but not originally having the Plesk original private key location, was a hindernace until we found it. DNS, e-mails (PHPmailer and all NON-PHP mailer) - It should all work perfectly (does for us) * If set, takes precedence over `$DKIM_private`.Ħ) Test everyting i.e. ![]() Public $DKIM_passphrase = '' //Leave blank if no Passphrase utilised Public $DKIM_identity = '' //Not needed in our case * Usually the email address used as the source of the email. Public $DKIM_selector = 'default' //Prefix for the DKIM selector Happy with that and with hindsight, it can be done within Plesk, using the exising public / private keys but with just a PHP mailer config edit. This means that we can now succesfuly, apply DKIM to ALL e-mails (including all the PHPMailer created e-mails, which we couldn't before.) from any correctly setup domain on our server. We replaced the original private key with the new one that we had created outside Plesk and tested everything on the trial domain, with sucess on all the tests. Surprised that nobody from Plesk didn't just tell us that earlier, but maybe nobody had time back then, which is understandable during busy forum times. That's not what we are/were doing but handily enough for us, the location is given on that page. This is shown on THIS Plesk Support page, which was produced for people wanting to re-create their Plesk issued DKIM public key from the existing private key. The 'hidden' location for the original Plesk issued DKIM private key is actually 'hidden in plain sight' All the various domains have their DKIM private keys stored as follows: "Private keys are located in the corresponding domain directory in /etc/domainkeys/ For example, /etc/domainkeys//default (for selector "default")" it's far more simple than at first thought. Sorry if we've missed this information elsewhere, we've searched but can't quickly see it anywhere - yet Where exactly and/or how is the original DKIM-related DNS record verified by Plesk milter (Postfix) and/or Postfix? Once we know that, we're thinking we can solve this quite quickly. (and to answer the obvious question no, obviously we don't know where it is either, hence the new DKIM keys at the start etc) This is easy to follow, because they now have incorrect location data for the DKIM private key. If we restore the original DKIM-related DNS record, then all the Non-DKIM / PHPMailer provided test e-mails are correct once again, but the DKIM / PHPMailer provided test e-mails now fail. The DKIM errors remain, even after reloading, restarting both Plesk milter (Postfix) and/or Postfix and even after a server restart / reboot. all the Non-DKIM / PHPMailer provided) test e-mails (depending on which e-mail client is being used) then suffer from dkim=fail reason=“signature verification failed” or dkim=permerror (bad sig) or dkim=fail errors, which, we're pretty sure (in our case anyway) is related to Plesk milter (Postfix) and/or Postfix (within Plesk) not seeing the new, updated domain DNS for some reason a new DKIM-related DNS record and a new location for the private key.ĭKIM / PHPMailer then does work perfectly but. Click to expand.To successfully run DKIM on PHPMailer, we needed new public and private keys for each domain that would need the DKIM / PHPMailer. ![]()
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |