DKIM TXT record

VestaCP is an open core Web hosting control panel similar to cPanel. It’s a popular replacement for cPanel when you don’t want to pay cPanel’s monthly fee. I actually use it to host several websites on Vultr but perform most of the system management from the command line.

DKIM, short for DomainKeys Identified Mail, is a security scheme for email designed to prevent email spoofing. With DKIM configured, a mail server will only send mail if it originates from its domain. But if not properly configured, it can lead to the common Relay access denied error.

This tutorial shows how to properly configure DKIM on VestaCP to avoid that error and also email spoofing.

Enabling DKIM for a domain

DKIM is configured per domain, so you’ll have an option to enable it when creating a domain, as shown in the image below.

Figure 1: Enable DKIM support in VestaCP for a domain

After the domain has been created, you now have to create a text (TXT) record for the domain using its DKIM public key at your domain registrar (this is for when you’re using an external DNS, not the built-in DNS feature of VestaCP).

So you now need to get the DKIM public key. Where can you find it?

Access the server using a console, and using the v-list-mail-domain-dkim command, which will accept the username the domain was created under and the domain itself as arguments, you will be able to get the private and public keys. The bottom part of the output will be the domain’s DKIM public key. That’s what you need. Copy and paste it into an editor. You’ll need it in the next section:

# Getting the DKIM keys of a domain
# "username" is the one the domain was created under
# domain is the domain itself, e.g.,





-----END PUBLIC KEY-----


Creating a DKIM TXT record for the domain

Since we’re setting this up for use with an external DNS, that is, DNS that’s not controlled by VestaCP, getting this part done takes place at your domain registrar. I use Namecheap, so the following screenshots are from my Namecheap account’s dashboard. If that’s what you’re using too, log into the dashboard, then click on the Domain List tab on the left. Find the domain you wish to create the record for, then click on its Manage button.

Namecheap dashboard
Figure 2: Managing a domain on Namecheap

That should take you to the page shown in Figure 3. Click on the Advanced DNS tab, then below the list of existing records, click on ADD NEW RECORD. You want to create a TXT record, so select that option. For the Host field, you need to add mail._domainkeys. That’s the default selector created by VestaCP when you first set up DKIM. The Value field is where you add the domain’s DKIM public key you saved from the previous step. But you add it using the format shown below. v specifies the version of DKIM. k indicates the signing algorithm, which in this case, is RSA. p takes the DKIM public key itself. Be sure to not corrupt the public key while pasting it:

# Format for adding a DKIM public key

v=DKIM1; k=rsa; p=Copy-And-Paste-The-DKIM-Public-Key-Here


When you’re finished adding the record, save it. Now you have to test whether DKIM works.

DKIM TXT record
Figure 3: Creating a DKIM TXT record for a domain on Namecheap

Verifying that DKIM works

To test whether your DKIM setup works, send an email from an email address under the target domain. At the other end (the recipient’s end), viewing the raw message headers of the email will show a section under DKIM Signature. If you see that, then DKIM is working. You may also use MXToolBox or mail tester to check the DKIM record.

That’s it for how to configure DKIM in VestaCP to use with an external DNS. Stay tuned for more articles on VestaCP!

Related Post:  One reason you may be getting that "Relay access denied" error


Share on facebook
Share on twitter
Share on pinterest
Share on linkedin

Hola! Did you notice that no longer runs network ads?  Yep, no more ads from the usual suspects that track you across the Internet.  But since  I still need to pay to keep the site running, feel free to make a small donation by PayPal.

Subscribe for updates. Trust me, no spam!

Mailchimp Signup Form

Sponsored links

1. Attend Algorithm Conference, a top AI and ML event for 2020.
2. Reasons to use control panel for your server.
3. DHgate Computers Electronics, Cell Phones & more.

2 Responses

  1. You can also run:


    …and this will spit out the TXT records you need to add (you still have to make sure you have DKIM enabled in VestaCP though, as per your tutorial)

Leave a Reply

Your email address will not be published. Required fields are marked *

Get the latest

On social media
Via my newsletter
Mailchimp Signup Form

Partner links

1. Attend Algorithm Conference, a top AI and ML event for 2021.
2. Reasons to use control panel for your server.
3. DHgate Computers Electronics, Cell Phones & more.
Hacking, pentesting distributions

Linux Distributions for Hacking

Experts use these Linux distributions for hacking, digital forensics, and pentesting.


The authors of these books are confirmed to speak during

Algorithm Conference

T-minus AI

Author was the first chairperson of AI for the U.S. Air Force.

The case for killer robots

Author is the Director of the Center for Natural and Artificial Intelligence.

Why greatness cannot be planned

Author works on AI safety as a Senior Research Scientist at Uber AI Labs.

Anastasia Marchenkova

An invitation from Anastasia Marchenkova

Hya, after stints as a quantum researcher at Georgia Tech Quantum Optics & Quantum Telecom Lab, and the University of Maryland Joint Quantum Institute, I’m now working on superconducting qubit quantum processors at Bleximo. I’ll be speaking during Algorithm Conference in Austin, Texas, July 16 – 18, 2020. Meet me there and let’s chat about progress and hype in quantum computing.