Skip to main content

[CPANEL-20425] DKIM for main server hostname

Comments

21 comments

  • cPanelMichael
    It must be possible to set this up manually, but I am just not sure which services on the server actually need to be configured for this to work. If anybody could point me in the right direction, I would be very grateful.

    Hello, The DKIM record is added in the DNS zone, so you can simply setup the DNS entry through the "Edit a DNS Zone" option in Web Host Manager. Thank you.
    0
  • Mads Nordholm
    The DKIM record is added in the DNS zone, so you can simply setup the DNS entry through the "Edit a DNS Zone" option in Web Host Manager.

    Thank you. That's great, but how do I generate a valid DKIM entry for the main hostname? For all other domains it's done automatically by cPanel just by ticking a checkbox, but how would I go about doing this for the main hostname?
    0
  • cPanelMichael
    Hello, You can temporarily add the following entry to /var/cpanel/users/nobody as a workaround:
    DNS=hostname.domain.com
    Then, run this command:
    /usr/local/cpanel/bin/dkim_keys_install nobody
    Thank you. Note: Internal case CPANEL-20425 is open to address an issue where the above workaround is no longer valid as of cPanel & WHM version 70. I'll update this thread with more information on the status of this case as it becomes available. Update: This is fixed in in cPanel & WHM version 74.0.9: [LIST]
  • Fixed case CPANEL-20425: Restore unofficial technique for signing mail from hostname with DKIM
  • 0
  • max_payne
    Hello, You can temporarily add the following entry to /var/cpanel/users/nobody as a workaround:
    DNS=hostname.domain.com
    Then, run this command:
    /usr/local/cpanel/bin/dkim_keys_install nobody
    Thank you.

    Wont simply adding a TXT entry in WHM>>Edit DNS Zone (granted you are using your own private nameservers) for the hostname subdomain create a DKIM record for it? So essentially, you would go to the DNS zone file for domain.com and create the following: hostname TXT "" Please correct me if I am wrong here.
    0
  • cPanelMichael
    Yes, you can add the zone entry manually if you prefer. However, you must also ensure the key is properly generated, so the workaround is often easier. Thank you.
    0
  • max_payne
    Thanks. Although if you need a DKIM record set up for your hostname then you are likely doing things wrong. It is likely a PHP mail sending script that is sending as user or nobody@hostname.domain.com. Enable SMTP authentication instead for your mail sending script. If you are running WordPress then enable the 'WP SMTP' plugin to automatically configure all mail sending scripts/plugins to send as a real email address instead of as an address with the hostname specified. This should prevent you from requiring DKIM records for the hostname in the first place.
    0
  • Mads Nordholm
    Thanks for the input. You are of course right that there should be no DKIM record for the host. I was having an issue with cPanel system emails ending up in my spam folder, and I thought it would be worth a try to add a DKIM record. Turns out my PTR record was wrong, and that fixed the issue for me. Thanks for the input in this thread.
    0
  • nootkan
    Hello, You can temporarily add the following entry to /var/cpanel/users/nobody as a workaround:
    DNS=hostname.domain.com
    Then, run this command:
    /usr/local/cpanel/bin/dkim_keys_install nobody
    Thank you.

    Michael, when you say temporarily do you mean to remove the DNS=hostname.domain.com line from /var/cpanel/users/nobody after running the /usr/local/cpanel/bin/dkin_keys_install nobody command?
    0
  • cPanelMichael
    Michael, when you say temporarily do you mean to remove the DNS=hostname.domain.com line from /var/cpanel/users/nobody after running the /usr/local/cpanel/bin/dkin_keys_install nobody command?

    Yes, the goal is to simply have the DKIM record generated for the hostname, so you can remove the entry after making the edit. Thank you.
    0
  • allpar
    I got: Cpanel::DnsUtils:608: Empty dns zone host2.domain.com at /usr/local/cpanel/bin/dkim_keys_install line 27, <$socket> line 3.
    0
  • cPanelMichael
    Hello, Ensure you create a valid DNS zone for your server's hostname first. Thank you.
    0
  • cPanelMichael
    Hello Everyone, Good news going forward! cPanel & WHM version 78 is tentatively set to include a new Email Deliverability option in Web Host Manager that will allow administrators to more easily detect and solve email delivery issues. Included with this feature is a tool that will check if the DKIM record for the server's hostname exists, and if not, provide an option to automatically add the record (as long as the parent domain resolves to the cPanel server). More information about this feature will be published on cPanel Releases once version 78 is closer to publication. Thank you.
    0
  • ribo
    Hello Everyone, Good news going forward! cPanel & WHM version 78 is tentatively set to include a new Email Deliverability option in Web Host Manager that will allow administrators to more easily detect and solve email delivery issues. Included with this feature is a tool that will check if the DKIM record for the server's hostname exists, and if not, provide an option to automatically add the record (as long as the parent domain resolves to the cPanel server). More information about this feature will be published on cPanel Releases once version 78 is closer to publication. Thank you.

    Is cPanel & WHM version 78 with Email Deliverability option will solve email delivery issues(to spam folders) for hotmail and yahoo accounts?
    0
  • cPanelMichael
    Is cPanel & WHM version 78 with Email Deliverability option will solve email delivery issues(to spam folders) for hotmail and yahoo accounts?

    Hi @ribo, The feature on it's own won't prevent email delivery issues to remote mail providers such as Hotmail or Yahoo. However, what it will do is make it easier to detect and implement the changes that are often required to ensure email delivery to remote mail servers succeeds. Thank you.
    0
  • The Old Man
    Thanks for this, much appreciated. I've been setting up SPF, DKIM and DMarc for my virtual hosts (all work great except for when my forums send email via Sparkpost and they always fail the SPF check! Grr), and I noticed a lot of cPanel notifications sent from my VPS to my off-server personal Gmail address were being marked as spam 550-5.7.1 by Gmail and so came here looking for a fix. "Why is this message in Spam? It seems to be a fake "bounce" reply to a message that you didn't actually send. I see from my WHM that 78.0.11 is available to install, so hopefully this will fix the issue.
    0
  • cPanelMichael
    I see from my WHM that 78.0.11 is available to install, so hopefully this will fix the issue.

    Keep in mind the upgrade to cPanel & WHM version 78 itself isn't what will reduce the chance of SPAM blacklisting. It simply makes it easier for administrators and cPanel users to enable the options (e.g. DKIM, SPF) that are often required to ensure email delivery to remote mail servers succeeds. Thank you.
    0
  • The Old Man
    Thanks, understood. Will have to put this on hold for now. My upgrade stopped after updating the upgrade page after 20 minutes and now I can't access my WHM at all. My websites appear to still be live though. Aha, another few minutes and WHM is alive, responding and telling me I need to reboot my server to complete the upgrade. Thank heavens!
    0
  • cPanelMichael
    Will have to put this on hold for now. My upgrade stopped after updating the upgrade page after 20 minutes and now I can't access my WHM at all.

    Feel free to open a support ticket if you'd like us to help troubleshoot why that happened and make sure the update succeeds on the next attempt. Thank you.
    0
  • Abdel WAS

    Hi cPanelMichael
    I know this thread is old but I still have a server with cPanel v76, I tried to run above WA on a given user after changing its DNS by server hostname ( don't have nobody user ).

    /usr/local/cpanel/bin/dkim_keys_install user

    But When I go to user Cpanel to see the DKIM generated value for the hostname it gives permission denied.

    0
  • cPRex Jurassic Moderator

    Abdel WAS - there isn't anything we can do with cPanel 76 at this time.  You desperately need to update that machine.

    0
  • Justin White

    Once I installed a strict DMARC policy I stopped receiving system emails from WHM.  I also could not figure out how to install DKIM for the host subdomain.  The solution ended up being SPF.  You can have multiple SPF records for one domain, as long as they are different subdomains.  So if the subdomain for your host is unique, you can add a separate SPF record to your DNS for that subdomain.  DMARC doesn't require both DKIM and SPF to pass, only one.  So for simple system emails that only go to internal people, having only SPF for that subdomain should be sufficient.

    0

Please sign in to leave a comment.