Create shorter DKIM


#1

Hey there,

sadly my provider (namecheap) doesn’t support 2048 bit DKIM :pensive:
What is the best way to create shorter DKIMs?

Just change this and rerun this part?
Is it possible to change the existing one?

Greetings,
foorb


#2

Have you tried to split up the TXT value into multiple strings?

See https://github.com/mail-in-a-box/mailinabox/commit/ab59323813a645bcbd6ffb5e344a27f87114b8c3


#3

Wow, I was just on a live chat with namecheap, and the technique I suggested will not work. They simply do not support longer than 255 byte TXT records.
This is going to be a huge issue for me as I’m moving a bunch of domains over to their nameservers and I did not realise they had this limitation.


#4

Exactly that is my problem. I was on a live chat with many supporters - no solution.

Others have the same problem, namecheap says it’s forwarded to the corresponding department for consideration - whatever that means.

I rerun the script with 1024 bit - works so far.


#5

I had some feedback from one of the support staff:

To our regret we do not support records longer then 255 symbols at the moment, however this task is among our highest priorities, and our technical team is currently working at it. Unfortunately we do not have any ETA regarding it at the moment.

I am hopeful they will eventually accommodate this but good to know for the meantime falling back to 1024 works.


#6

Well, DNSSEC has been a high priority for them since 2013… Still no support.

I’ve started moving my domains to another registrar. They were good back in the day, and it’s going to take me a long time to move, but I’m really tired of waiting.


#7

Maybe this getting off-topic…
Where you moved to? I also think about moving away before register new domains.
I am considering to go to gandi. On the other hand I will miss the good and fast chat support.


#8

I would also love to know what others are using. I’m not confident in using my own box for the nameservers. I would at least need one secondary nameserver but that’s going to cost money.
Previously I was using hetzner’s nameservers (I have servers with them) without any problems, but since I have a client that wants to manage their own records, I suggested namecheap, but now I need to find something else.


#9

Generally I refuse to take part in my-favorite-registrar polls but since two of you asked… I’m trying NameSilo now. I’ve only used them for a week so I haven’t formed an opinion yet but so far so good.

Why don’t you want to use your own box for DNS? Not confident in the uptime? I’m not too worried because this mailserver isn’t too important (yet) and, if DNS is down, then I bet SMTP is down too!

Mail-in-a-Box should allow me to be your backup name server and you to be mine. One click to publish zone updates.


#10

There’s two issues with using my own box for DNS. First being my clients want to manage their own records, and secondly I can’t seem to actually add my box’s nameservers to some domains, I get weird responses like “the nameservers supplied are not registered nameservers” and I have no idea what that means or how to resolve that.

For anyone else wondering how to fall back to 1024bit keys:

vi $HOME/mailinabox/setup/dkim.sh

Change the following:

if [ ! -f "$STORAGE_ROOT/mail/dkim/mail.private" ]; then
    opendkim-genkey -b 2048 -r -s mail -D $STORAGE_ROOT/mail/dkim
fi

To:

#if [ ! -f "$STORAGE_ROOT/mail/dkim/mail.private" ]; then
    opendkim-genkey -b 1024 -r -s mail -D $STORAGE_ROOT/mail/dkim
#fi

And then re-run mailinabox. Once the setup is complete, remember to uncomment the lines above in $HOME/mailinabox/setup/dkim.sh


Spf / dkim / dmarc
#11

This topic was automatically closed 7 days after the last reply. New replies are no longer allowed.