How to change the default DKIM selector

the default DKIM selector is mail._domainkey.domain.com, how can I change it to box._domainkey.domain.com

Follow the instructions at the link below，I generated a new DKIM key, and changed DNS Resolution

sudo opendkim-genkey --bits=1024 -s box -d example.com

However, when I checked it on https://dkimvalidator.com, it still showed Selector is “mail”，like this

Signature Information:
v= Version: 1
a= Algorithm: rsa-sha256
c= Method: relaxed/simple
d= Domain: xxxx.com
s= Selector: mail
result = invalid

https://discourse.mailinabox.email/t/dkim-signature-header-exists-but-is-not-valid/1968/5
https://github.com/mail-in-a-box/mailinabox/issues/1160

I have to ask … why???

Because I already have a more stable mail server, and it takes up the default selector and cannot be modified. However I still want to send an email by MiaB which is very convenient to use aliases.

Maybe I should only use MiaB to send mail.

You are going to have to review /mailinabox/setup/dkim.sh and change it to use box rather than mail for the mliter (which I have absolutely no clue how to do) and then install MiaB with your modifications.

In fact I did something like this, but it didn’t work. There may be some parameters in other places

I tried looking through the scripts and I could not connect the pieces together … i.e. how does postfix know to use mail as the selector? That is the question I think you need to find an answer for.

I only glanced at this but maybe it offers some clues …

Maybe you are right, I will have a try
thank you so much!

Looking closer it looks like you need to create the new key and then map the domains to the private key in one file and the domains to the selector in the other, or something like that … what is an unknown is if these changes will persist through either daily maintenance (they should) or an upgrade (no clue).

I solved this！ very simple

Just modify /etc/opendkim/SigningTable
from
example.com example.com:mail:/home/user-data/mail/dkim/mail.private
to
example.com example.com:box:/home/user-data/mail/dkim/mail.private

I didn’t notice this little ‘mail’ in the middle before
And I kept this name mail.private instead of box.private to prevent other problems
thanks again

So that looks like you are using the same key with a different selector … a different approach than I had in mind, but likely just as effective.

I created a new key for “selector box”, also named mail.private, which overwrites the original file
I was thinking if I only change the selector but still use the original key, will there be an error

I agree on the second part … but would recommend to you and others to name your key box rather than mail to maintain consistency. So your private key file would be box.private in this case. After more consideration your method should avoid the modification being overwritten on future upgrades of MiaB, so I would agree with your methodolgy, but would suggest adding a readme.txt file explaining it in case someone else should come along and wonder what you did and why. Granted your MiaB may be personal only to you so this may not be needed, but if not it is always a good plan to document, document, document!

Great job at figuring this out btw!

Using the name box.private will lead to the need to modify /mailinabox/setup/dkim.sh .
And another file box.txt will cause part of the web not to be displayed , which is supposed to bemail.txt.
So I didn’t use them in case more unknown accidents might happen in the future.

You’re absolutely correct on this part … not in the sense that it will NEED to be changed … but in the sense that if you do NOT change it future upgrades to MiaB will overwrite these changes, so your plan is more solid in this respect.

I’m not sure where this comes into play - but will trust that you have checked into it thoroughly.

Now, off to revise my last post to better reflect this new info!

Thanks for this interesting topic. Can I summarize and would you mind confirming the following?

1. In ect/opendkim.KeyTable (and not /SigningTable as @vasg mentioned) change :mail: to :box:
2. Get a new key for mail.private. I can’t figure out how to do this efficiently, so my plan is to create a new pair on my laptop, and replace the private key in home/user-data/mail/dkim/mail.private and change the public key for DKIM in the dns settings in etc/nsd/zones/mydomain.com.txt.

Does that make sense? Thanks!

The command line command was mentioned earlier in this thread:

You need to be in the /home/user-data/mail/dkim directory when you run this command.

root@box:/home/user-data/mail/dkim# ls
mail.private  mail.txt
root@box:/home/user-data/mail/dkim# sudo opendkim-genkey --bits=1024 -s box -d mailinabox.info
root@box:/home/user-data/mail/dkim# ls
box.private  box.txt  mail.private  mail.txt

No! MiaB maintains the zone files … changing them manually will break things.

I attempted this and failed … the previous entry was restored upon boot.

I don’t really have time now to further test this, but would be interested if @vasg would come back and offer a clear step by step guide.

Thanks @alento!

I changed :mail: to :box: in the etc/nsd/zones/mydomain.com.txt file

I ran $ sudo opendkim-genkey --bits=1024 -s box -d photoktm.com in the root@box:/home/user-data/mail/dkim folder

I checked with https://dkimcore.org/c/keycheck for the selectors

• box: gives error - DNS check failed
• mail: “There should only be one TXT record for mail._domainkey.photoktm.com, there are 2”… .

Did I miss something?

Of course, changing :mail: to :box:, as you mention, doesn’t seem to last, but until @vasg can give more details, I’m trying to make sure that this would potentially solve my DKIM error (and potentially the problem I have to get into Hotmail inboxes).

@thomas
Might I suggest that you start a new discussion and focus on what specifically your DKIM error is and how that relates to Hotmail?? I think that will be a much more useful discussion as we can focus on your issue directly.