Resolved No DKIM key generated/shown when DNS component is not installed

[Kaspar]

Username:

TITLE

No DKIM key generated/shown when DNS component is not installed

PRODUCT, VERSION, OPERATING SYSTEM, ARCHITECTURE

Any OS
Plesk 18.0.56

PROBLEM DESCRIPTION

When BIND is not installed on, or has been uninstalled from, the server, the DKIM key isn't shown and can't be generated for a domain.

STEPS TO REPRODUCE

1) Install Plesk without DNS (or uninstall the DNS component)
2) Add domain to Plesk
3) Navigate to Mail Settings for domain
4) On the mail settings page enable the "Use DKIM spam protection system to sign outgoing email messages" option.
5) Notice how no selector is shown, and when clicking "How to configure external DNS" link on the mail settings page also does not show a DKIM value.

ACTUAL RESULT

No DKIM key available or shown.

EXPECTED RESULT

Either a DKIM shown (preferably) or otherwise a warning or error that indicates that the DNS component is required to generate DKIM keys.

ANY ADDITIONAL INFORMATION

(DID NOT ANSWER QUESTION)

YOUR EXPECTATIONS FROM PLESK SERVICE TEAM

Confirm bug

 

[Peter Debik]

This issue has already been reported and is tracked as PPPM-14160.

 

[zed2007]

Yeah...I have the same problem.

 

[Przemas]

Hello, I have the same issue. Even after enabling DKIM for newly created domains, there is no key visible. Also, no directory is created under "/etc/domainkeys/" for new domains. This has been the case since the second-to-last update.

 

[Przemas]

Hello, With today's 18.0.56 Update 2, the issue unfortunately has not been resolved yet.

 

[Maarten.]

Hello, With today's 18.0.56 Update 2, the issue unfortunately has not been resolved yet.

PPPM-14160 is not part of this micro update. It will be fixed in a future update.

 

[TorbHo]

Hello, this issue has been ongoing for a few days now.

Is there any workaround available to us until the patch is released? How can I obtain the required DKIM record?

 

[Kaspar]

Hello, this issue has been ongoing for a few days now.

Is there any workaround available to us until the patch is released? How can I obtain the required DKIM record?

A workaround would be to install the Plesk DNS component.

 

[TorbHo]

@Kaspar Thank you, but your solution would result in another problem. Since we are using an external DNS server, DKIM would be enabled by default for all newly created email accounts, even if it is not set up. This behavior was introduced in one of the recent Plesk patches.

 

[Kaspar]

@TorbHo In that case the workaround gets a bit more elaborate. What you could do is install the DNS component, after which you can setup an event in Plesk that runs a bash script with a command to disable DKIM signing for the domain again.

I think the right event for this is the "Physical hosting created" event. You can use the bash script below to be called by the event.

#!/bin/bash
/usr/local/psa/bin/domain_pref --update ${NEW_DOMAIN_NAME} -sign_outgoing_mail false

I haven't tested this, so use with caution. But this should work I think.

 

[TorbHo]

#!/bin/bash
/usr/local/psa/bin/domain_pref --update ${NEW_DOMAIN_NAME} -sign_outgoing_mail false

@Kaspar Yes, this event seems to work as a workaround. Thank you.

 

[micheloe]

I am not sure if this is part of the issue, but so far I haven't been able to find a CLI equivalent for generating a DKIM keypair. It would be nice (read: required) to have this option, as simply disabling/enabling does not suffice.

 

[hschramm]

a possible workaround could be:
- create a folder like the domain name unter /etc/domainkeys
- generate the dkim key with openssl command: openssl genrsa -out default 2048
to generate the dns record do:
- openssl rsa -in default -pubout -outform der 2> null | openssl base64 -A
- add in front of the string "v=dkim1; p="

make it a 3 lines bash script and it should work.

 

[Mark_NLD]

This is a big problem for us! Looking forward to a urgent bug fix.

 

[Peter Debik]

You can try this workaround:

mkdir /etc/domainkeys/example.com 
cd /root 
openssl genrsa -out private.key 1024 
mv private.key /etc/domainkeys/example.com/default 
chmod 440 /etc/domainkeys/example.com/default 
chown root:pouser /etc/domainkeys/example.com/default 
cd /etc/domainkeys/example.com/ 
openssl rsa -in default -pubout -out public.key 
openssl rsa -in /etc/domainkeys/example.com/default -pubout

 

[hschramm]

As addition to my and peters answer, find the following simple bash script. it generates as output the dkim record for the dns.

#!/bin/bash

if [ "$#" -ne 1 ]; then
  echo "Usage: $0 <Domain>"
  exit 1
fi

domain="$1"
key_dir="/etc/domainkeys/$domain"
private_key="$key_dir/default"

# Create the directory for the domain if it doesn't exist
mkdir -p "$key_dir"

# Generate the private key in the domain directory
openssl genrsa -out "$private_key" 1024

# Set permissions for the private key
chmod 440 "$private_key"
chown root:popuser "$private_key"

# Generate the DKIM DNS record
public_key="$(openssl rsa -in "$private_key" -pubout -outform der 2>/dev/null | openssl base64 -A)"
dkim_dns_record="v=DKIM1; p=$public_key"

# Display the generated DKIM DNS record
echo "DKIM DNS Record: default._domainkey.$domain -> $dkim_dns_record;"

 

[Przemas]

As long as the error is not fixed, I need to do the following for newly created domains:
/opt/psa/bin/domain_pref --update example.com -sign_outgoing_mail true

 

[Quotes]

Please could someone at Plesk explain when this will be fixed?

 

[Peter Debik]

This and other DKIM related issues have been fixed and will be published in the 18.0.57 update that is scheduled for release on November 19th.

 

[Quotes]

Thank you