Skip to main content

We reject emails due DKIM selector different of "default"



  • rbairwell

    I've not had this problem myself - I have a domain name with a selector of "google" (for Google Suite/Workspace email accounts) and a test email sent to my cPanel was received without problems....

    However, I don't believe the default setup of Exim on cPanel does any filtering based on the DKIM settings. Can you see if there is a "acl_smtp_dkim" ACL setting in your exim configuration (added: even turning on "Reject DKIM failures" under Exim Configuration Manager > Basic Editor > ACL Options and sending from the Google account worked)

    I would suggest checking the domain's DKIM record via services such as or to confirm the remote domain actually has their DKIM records setup correctly...

    [edit 2:]

    To check things, it might be worth adding under Exim Configuration Manager->Advanced Editor under the log_selector section, "+dkim_verbose" (mine now reads "+all_parents +arguments +dkim_verbose +incoming_port +received_recipients +retry_defer +smtp_connection +subject"), then when an email comes in /var/log/exim_mainlog will show something like:

    2024-06-14 15:06:19 1sI8VP-123450AFbb-1q4Y DKIM: s=google c=relaxed/relaxed a=rsa-sha256 b=1024 t=1718377578 x=1718982378 [verification succeeded]


  • Esquio

    Thank you for answer.

    I have setting ON the following exim configs:

    • Allow DKIM verification for incoming messages 
    • Reject DKIM failures 

    I checked the domain with mxtoolbox and they have DKIM perfectly configured on "selector1". It's a Microsoft Office 365 email, in fact, customized with their own domain. DKIM fails on verify because "default" is empty, but s=selector1 tells that DKIM is in "selector1" so I don't know why my server is rejecting emails from this domain due DKIM failure.

    It's an strange problem, really.

    I will try the verbose on log, as you suggested, but it's difficult that client will contact us again to test it.

    Thank you so much and regards.

  • Esquio

    No more clues on this topic?

  • cPRex Jurassic Moderator

    cPanel itself doesn't support custom domainkey selectors:

    While it may be possible to use them, it would require manual configuration as outlined in that article.

  • Esquio

    cPRex is that for sending? I need it for receiving emails. I send with default selector, but I need to check DKIM of receiving emails with custom selector. It's annoying that well-configured email providers can't send emails to us. 

  • cPRex Jurassic Moderator

    Could you post the full Exim log, with the personal information redacted, so I can see how that is being processed on your system?  I wouldn't expect the same restriction to happen on incoming emails, but I haven't personally looked into that.


Please sign in to leave a comment.