Tutorials/Tips

How to configure DKIM in VestaCP for external DNS

VestaCP is an open core Web hosting control panel similar to cPanel. It’s a popular replacement for cPanel when you don’t want to pay cPanel’s monthly fee. I actually use it to host several websites on Vultr but perform most of the system management from the command line.

DKIM, short for DomainKeys Identified Mail, is a security scheme for email designed to prevent email spoofing. With DKIM configured, a mail server will only send mail if it originates from its domain. But if not properly configured, it can lead to the common Relay access denied error.

This tutorial shows how to properly configure DKIM on VestaCP to avoid that error and also email spoofing.

Enabling DKIM for a domain

DKIM is configured per domain, so you’ll have an option to enable it when creating a domain, as shown in the image below.

VestaCP DKIM
Figure 1: Enable DKIM support in VestaCP for a domain

After the domain has been created, you now have to create a text (TXT) record for the domain using its DKIM public key at your domain registrar (this is for when you’re using an external DNS, not the built-in DNS feature of VestaCP).

So you now need to get the DKIM public key. Where can you find it?

Access the server using a console, and using the v-list-mail-domain-dkim command, which will accept the username the domain was created under and the domain itself as arguments, you will be able to get the private and public keys. The bottom part of the output will be the domain’s DKIM public key. That’s what you need. Copy and paste it into an editor. You’ll need it in the next section:

Related Post:  How to revoke a Let's Encrypt certificate

Creating a DKIM TXT record for the domain

Since we’re setting this up for use with an external DNS, that is, DNS that’s not controlled by VestaCP, getting this part done takes place at your domain registrar. I use Namecheap, so the following screenshots are from my Namecheap account’s dashboard. If that’s what you’re using too, log into the dashboard, then click on the Domain List tab on the left. Find the domain you wish to create the record for, then click on its Manage button.

Namecheap dashboard
Figure 2: Managing a domain on Namecheap

That should take you to the page shown in Figure 3. Click on the Advanced DNS tab, then below the list of existing records, click on ADD NEW RECORD. You want to create a TXT record, so select that option. For the Host field, you need to add mail._domainkeys. That’s the default selector created by VestaCP when you first set up DKIM. The Value field is where you add the domain’s DKIM public key you saved from the previous step. But you add it using the format shown below. v specifies the version of DKIM. k indicates the signing algorithm, which in this case, is RSA. p takes the DKIM public key itself. Be sure to not corrupt the public key while pasting it:

Related Post:  Solution to freezing SSH sessions on Ubuntu 16.10

When you’re finished adding the record, save it. Now you have to test whether DKIM works.

DKIM TXT record
Figure 3: Creating a DKIM TXT record for a domain on Namecheap

Verifying that DKIM works

To test whether your DKIM setup works, send an email from an email address under the target domain. At the other end (the recipient’s end), viewing the raw message headers of the email will show a section under DKIM Signature. If you see that, then DKIM is working. You may also use MXToolBox or mail tester to check the DKIM record.

That’s it for how to configure DKIM in VestaCP to use with an external DNS. Stay tuned for more articles on VestaCP!

Subscribe to LinuxBSDos.com

Subscribe to receive the latest articles in your Inbox

Trust me, you'll not be spammed...

Please share:

We Recommend These Vendors and Free Offers

Google has got competition, because Presearch is building a blockchain-based search engine controlled by the community. At $0.15 a token, you can participation in Lot 3 of the token sale by clicking here

Open Money is building a solution that will run mainstream software on blockchain tech. Click here to get free tokens that will be the digital currency of the platform

COMSA allows centralized businesses to adopt blockchain technology. The token sale starts soon! Sign up for free by clicking here

Register now for Blockchain & Cryptocurrency Con 2018, international conference on blockchain technnology in Dallas, TX (USA), Feb. 23-24, 2018. Students can register at a 50% discount.

Launch an SSD VPS in Europe, USA, Asia & Australia on Vultr's KVM-based Cloud platform starting at $5:00/month (15 GB SSD, 768 MB of RAM).


One Comment

  1. Thank you very much, Sir. Saved my life!
    The best, Frank

Leave a Comment

Your email address will not be published. Required fields are marked *

*