• Please be aware: Kaspersky Anti-Virus has been deprecated
    With the upgrade to Plesk Obsidian 18.0.64, "Kaspersky Anti-Virus for Servers" will be automatically removed from the servers it is installed on. We recommend that you migrate to Sophos Anti-Virus for Servers.
  • The Horde webmail has been deprecated. Its complete removal is scheduled for April 2025. For details and recommended actions, see the Feature and Deprecation Plan.
  • We’re working on enhancing the Monitoring feature in Plesk, and we could really use your expertise! If you’re open to sharing your experiences with server and website monitoring or providing feedback, we’d love to have a one-hour online meeting with you.

Question How to enable bulk DKIM signing?

stas styler

Basic Pleskian
Hello all,
I would like to know if there is a way to enable bulk DKIM signing instead of connecting to each domain > email settings > V on DKIM signing?

I got 250 Domains on each server and it is gonna be a pain in the *** if there wouldn't be a way to accomplish it.
Any suggestions?
 
I have installed opendkim and am signing the mails outside Plesk.
It's installed directly in the Postfix config
If you feel comfortable doing that.
I don't have a tutorial for it.

I have a duplicate key system that changes the oldest key once a week.
Although all my clients use the same key this is safer than a client specific key that never changes.
All the DKIM-records in DNS are CNAMES referring to the 2 records in my own domain.
I have the DNS of all my clients on a Plesk server dedicated to DNS.
This one distributes the weekly OpenDKIM keypairs over ssh to the other Plesk servers where the clients mail resides.
On those other servers there's a script detecting the youngest key, checks it in DNS and then applies it.
The system is able to find a matching key for each domain by checking DNS.
This way it also works if you want a certain client to have its own DKIM-keys. It will always take the youngest DKIM for signing. If it can't find a matching key in DNS it will remove the entry in OpenDKIM and stops signing.

All automatic, but too complicated to explain it to others...
It does work nice and for almost a year.

A simpler approach would be a smarthost signing all the mail with the same DKIM.
You can still use 2 CNAMEs then.
Manually change the key from time to time...

It can be much simpler if you keep it static, but that's not safe.
I do advice you to start by creating 2 DKIM-records, not one, preferably CNAMES
2 records enables you to switch keys.
Otherwise you would invalidate all keys in transit and sign with new keys when the clients checks a cached DNS public key.

I don't know how Plesk solves it.
Never used Plesk for DKIM
 
Last edited:
Back
Top