• The BIND DNS server has already been deprecated and removed from Plesk for Windows.
    If a Plesk for Windows server is still using BIND, the upgrade to Plesk Obsidian 18.0.70 will be unavailable until the administrator switches the DNS server to Microsoft DNS. We strongly recommend transitioning to Microsoft DNS within the next 6 weeks, before the Plesk 18.0.70 release.
  • The Horde component is removed from Plesk Installer. We recommend switching to another webmail software supported in Plesk.

Question How to enable bulk DKIM signing?

stas styler

stas styler

Basic Pleskian
Hello all,
I would like to know if there is a way to enable bulk DKIM signing instead of connecting to each domain > email settings > V on DKIM signing?

I got 250 Domains on each server and it is gonna be a pain in the *** if there wouldn't be a way to accomplish it.
Any suggestions?
 
I have installed opendkim and am signing the mails outside Plesk.
It's installed directly in the Postfix config
If you feel comfortable doing that.
I don't have a tutorial for it.

I have a duplicate key system that changes the oldest key once a week.
Although all my clients use the same key this is safer than a client specific key that never changes.
All the DKIM-records in DNS are CNAMES referring to the 2 records in my own domain.
I have the DNS of all my clients on a Plesk server dedicated to DNS.
This one distributes the weekly OpenDKIM keypairs over ssh to the other Plesk servers where the clients mail resides.
On those other servers there's a script detecting the youngest key, checks it in DNS and then applies it.
The system is able to find a matching key for each domain by checking DNS.
This way it also works if you want a certain client to have its own DKIM-keys. It will always take the youngest DKIM for signing. If it can't find a matching key in DNS it will remove the entry in OpenDKIM and stops signing.

All automatic, but too complicated to explain it to others...
It does work nice and for almost a year.

A simpler approach would be a smarthost signing all the mail with the same DKIM.
You can still use 2 CNAMEs then.
Manually change the key from time to time...

It can be much simpler if you keep it static, but that's not safe.
I do advice you to start by creating 2 DKIM-records, not one, preferably CNAMES
2 records enables you to switch keys.
Otherwise you would invalidate all keys in transit and sign with new keys when the clients checks a cached DNS public key.

I don't know how Plesk solves it.
Never used Plesk for DKIM
 
Last edited:
You must log in or register to reply here.

Similar threads

R
Question DKIM signing password reset emails
Replies
2
Views
414
redactie_uvw
R
HoracioS
Issue Plesk Forwarding & DKIM Authentication: How to Ensure Matching Signatures?
Replies
1
Views
817
Aslanj
A
E
Issue DKIM email control not valid
Replies
2
Views
940
Erwan
E
peterbinsje
Question Mails sent by plesk_virtual (local) are not delivered
Replies
4
Views
532
peterbinsje
peterbinsje
P
Forwarded to devs DKIM signing records/instructions are outdated
Replies
6
Views
2K
Sebahat.hadzhi
Sebahat.hadzhi
Back
Top