Help Center

cPanel - DKIM Configuration Guide

DKIM(DomainKeys Identified Mail) is an enhanced security feature protecting your domain and brand from email spoofing.

DKIM is not generally required in order to make our service work with cPanel clients. DKIM is a message signing protocol that can be enabled or disabled; email delivery will not suffer either way. Our service does not modify parts of the messages that you sign with DKIM, so messages still validate just fine.

Add your DKIM key to cPanel

1) Add the following lines into the Exim configuration already in place (Our main cpanel guide should be used for the base configuration with MailChannels).

In the TRANSPORTSTART area at the end of the "mailchannels_smtp" transport section:

dkim_domain = $sender_address_domain
dkim_selector = default
dkim_canon = relaxed
dkim_private_key = "/var/cpanel/domain_keys/private/${dkim_domain}"

 

2) The updated "mailchannels_smtp" transport section will look as follows when completed:

mailchannels_smtp:
driver = smtp
hosts_require_auth = *
tls_tempfail_tryclear = true
headers_add = X-AuthUser: ${if match {$authenticated_id}{.*@.*}\
{$authenticated_id} {${if match {$authenticated_id}{.+}\
{$authenticated_id@$primary_hostname}{$authenticated_id}}}}
dkim_domain = $sender_address_domain
dkim_selector = default
dkim_canon = relaxed
dkim_private_key = "/var/cpanel/domain_keys/private/${dkim_domain}"


3) Ensure that you restart your mail server application after making changes to the configuration files so that your changes are implemented. Send some test traffic out through this server using your new DKIM key to ensure proper signing and readability with receivers.

 

Known Issues

Exim v4.94+

Tainted Filename

To fix the 'Tainted Filename' errors due to how v4.94 expands the ${dkim_domain} variable, the following changes are required in the TRANSPORT START area at the end of the "mailchannels_smtp" transport section:

dkim_domain = ${lookup{$sender_address_domain}lsearch,ret=key{/etc/localdomains}}
dkim_selector = default
dkim_canon = relaxed
dkim_private_key = "/var/cpanel/domain_keys/private/${dkim_domain}"

The updated "mailchannels_smtp" transport section will look as follows when completed:

mailchannels_smtp:
driver = smtp
hosts_require_auth = *
tls_tempfail_tryclear = true
headers_add = X-AuthUser: ${if match {$authenticated_id}{.*@.*}\
{$authenticated_id} {${if match {$authenticated_id}{.+}\
{$authenticated_id@$primary_hostname}{$authenticated_id}}}}
dkim_domain = ${lookup{$sender_address_domain}lsearch,ret=key{/etc/localdomains}}
dkim_selector = default
dkim_canon = relaxed
dkim_private_key = "/var/cpanel/domain_keys/private/${dkim_domain}"

Ensure that you restart your mail server application after making changes to the configuration files so that your changes are implemented. Send some test traffic out through this server using your new DKIM key to ensure proper signing and readability with receivers.

Was this article helpful?
1 out of 1 found this helpful
Have more questions? Submit a request

Comments

Please sign in to leave a comment.