• Our team is looking to connect with folks who use email services provided by Plesk, or a premium service. If you'd like to be part of the discovery process and share your experiences, we invite you to complete this short screening survey. If your responses match the persona we are looking for, you'll receive a link to schedule a call at your convenience. We look forward to hearing from you!
  • We are looking for U.S.-based freelancer or agency working with SEO or WordPress for a quick 30-min interviews to gather feedback on XOVI, a successful German SEO tool we’re looking to launch in the U.S.
    If you qualify and participate, you’ll receive a $30 Amazon gift card as a thank-you. Please apply here. Thanks for helping shape a better SEO product for agencies!
  • The BIND DNS server has already been deprecated and removed from Plesk for Windows.
    If a Plesk for Windows server is still using BIND, the upgrade to Plesk Obsidian 18.0.70 will be unavailable until the administrator switches the DNS server to Microsoft DNS. We strongly recommend transitioning to Microsoft DNS within the next 6 weeks, before the Plesk 18.0.70 release.
  • The Horde component is removed from Plesk Installer. We recommend switching to another webmail software supported in Plesk.

Resolved Upgrading to Onyx: what if I already have OpenDKIM installed?

Sergio Manzi

Sergio Manzi

Regular Pleskian
Hello everybody!

As I have described in https://talk.plesk.com/threads/is-it-possible-to-use-domainkey-opendkim-in-plesk.338443/ I have already installed OpenDKIM in my servers running Plesk 12.5.30, following instructions I've got from http://www.stevejenkins.com/blog/20...h-postfix-or-sendmail-for-rhel-centos-fedora/

I'm now considering upgrading to Plesk Onyx and I'm wondering what should I do beforehand: should I uninstall my "custom" OpenDKIM solution beforehand?

Please also keep in mind that in my Plesk installations I'm not using Plesk DNS: all my DNS configuration is done on other separate servers (an heterogeneous mix of Amazon Route53, gandi.net, and other registrar's DNS)

Any advice would be welcome, thanks in advance.

Sergio
 
Hi Sergio Manzi,

the additional OpenDKIM - installation doesn't interfere with the ones used by Plesk. No need to change anything here.
 
Thanks for answering, @UFHH01,

I'm puzzled: doesn't Plesk Onyx include its own DKIM signing mechanism?

When I installed OpenDKIM I had to activate it, for each of the involved domains, by adding it as a milter in /etc/postfix/main.cf

Will the upgrade procedure take care of adjusting that to the new Plesk Onyx DKIM signing mechanism?

Thanks again,

Sergio
 
Hi Sergio Manzi,

Sergio Manzi said:
I'm puzzled: doesn't Plesk Onyx include its own DKIM signing mechanism?
Click to expand...
Correct, but that doesn't mean, that you have to give up your manual installed OpenDKIM - configuration.

Sergio Manzi said:
When I installed OpenDKIM I had to activate it, for each of the involved domains, by adding it as a milter in /etc/postfix/main.cf

Will the upgrade procedure take care of adjusting that to the new Plesk Onyx DKIM signing mechanism?
Click to expand...
No, not at all. You will have TWO different DKIM - signings. One setup by YOURSELF and one setup by Plesk.
 
Hi, and thanks for clarifying!

UFHH01 said:
... that doesn't mean, that you have to give up your manual installed OpenDKIM - configuration.
Click to expand...

Now I get what you mean, but I think it would be anyway worth to switch off one of the twos, otherwise...

UFHH01 said:
... You will have TWO different DKIM - signings. One setup by YOURSELF and one setup by Plesk.
Click to expand...

... which seems to be redundant.

And if I will opt to keep the Plesk Onyx signing (which seems to be the sensible solution...) I think I should also modify/update my domain's DKIM TXT records to reflect the new signing key, right? I haven't looked into the Onyx docs yet, but I think/hope there should be a way to get the public signing key so that I can declare it into my (manually configured) DNS zones...

Sergio
 
Hi Sergio Manzi,

Sergio Manzi said:
... which seems to be redundant.
Click to expand...
... sort off... yes... but why should you remove a working ( old ) configuration? Your thoughts can't be based on "performance issues", because using an additional milter with postfix could only be a waste of milli - seconds during the transport - process, nothing more.

Sergio Manzi said:
And if I will opt to keep the Plesk Onyx signing (which seems to be the sensible solution...)
Click to expand...
... it is the very same way, as for your manual configuration, with the fact, that Plesk uses the selector "default" ( which can't be changed at the moment, but might be changeable in a future release of Plesk Onyx ), therefore you should consider to use another selector ( as for example "mail", "YOUR_DESIRED_SELECTOR_NAME"... ), for your manual configuration. The advantage of your manual configuration is the possibility to change each possible configuration feature for OpenDKIM ( for example at "/etc/opendkim.conf" ), while with Plesk you are restricted to default settings, configured by Plesk.

Sergio Manzi said:
I think I should also modify/update my domain's DKIM TXT records to reflect the new signing key, right?
Click to expand...
This depends on your ( previous ) used selector. As mentioned above, Plesk uses the "default" - selector, while you are able to use any desired name for your manual OpenDKIM selector.

Due to the fact that Plesk uses the "default" selector, there will be corresponding DNS - entries at "Home > Subscriptions > YOUR-DOMAIN.COM > Websites & Domains > DNS settings" for
  • _adsp._domainkey.YOUR-DOMAIN.COM.
  • _domainkey.YOUR-DOMAIN.COM.
and​
  • default._domainkey.YOUR-DOMAIN.COM.
... which you should copy to your PRIMARY NAMESERVER for your corresponding domain.
 
@UFHH01, thanks to your help the scenario is getting clearer!

Bad luck is that in my OpenDKIM configuration I have used the "default" selector, so I'll have to change it (in my config) in order to not collide with the Onyx one.

I'm still unsure about what will happen when I'll upgrade as in my current Plesk config I don't have DNS installed at all (i.e. if I go to "Add and Remove Product Components" I have "BIND DNS server" unchecked, with the red X)...
 
Hi Sergio Manzi,

Sergio Manzi said:
... I don't have DNS installed at all ...
Click to expand...
... well, simply install the needed component(s), to reach the goal to take advantage of the desired feature(s) - it's not really complicated to install it. :p

The Plesk features will help you as well to configure your PRIMARY NAMESERVER, due to the fact that all needed DNS - entries for a domain are listed. I can't see any logical reason, why someone would resist to leave out these components on its server(s), when he/she uses Plesk.
 
UFHH01 said:
... I can't see any logical reason, why someone would resist to leave out these components on its server(s), when he/she uses Plesk.
Click to expand...

There are several reasons why I had DNS uninstalled, but essentially all boils down to three main considerations:
  1. I prefer to decouple DNS functions from service delivering functions (e.g. web server and mail server). Good hosted DNS like Amazon Route53 and gandi.net are vastly more reliable than my self-hosted servers and in case of troubles on one of my servers I can swiftly switch service delivery from the failed server to another stand-by server by switching my DNS configuration (which for the relevant records have very short TTL)

  2. Feature-wise, Plesk DNS configuration is absolutely sub-par to what I'm used having on Amazon Route53 and gandi.net. On gandi.net I can have several different versions for each zone and switch them by a click of a button, while with Amazon Route53 (and others services I use) I can modify my config through their API (and, yes, I've tried the Plesk Amazon Route53 extension and found it absolutely lacking in terms of features/configurability).

  3. Because of the above, I didn't had any good reason for maintaining yet another, non-active, DNS configuration handled by Plesk. With the new Plesk Onyx version things can possibly change...
 
Hi Sergio Manzi,

( last post --- my very own opinion ):

Sergio Manzi said:
There are several reasons why I had DNS uninstalled
Click to expand...
All three "reasons" don't explain, why someone would de-install bind and the corresponding components from Plesk. The additional features which Plesk offers don't depend on external nameserver usage and on the other hand, the external nameserver(s) don't depend on possible Plesk features.

Unfortunately, you don't see the point, that Plesk can help you to investigate issues/errors/problems/misconfigurations on your server, which none of your external nameservers are able to. Even if you use Plesk only "as an example" ( because all DNS - entries are setup RFC-compliant for example), you missed to used the "DomainKeys" - feature in previous Plesk versions ( before "Onyx" ), which resolved as well possible mail - transport - issues.

In my opinion, you should always consider to accept a "helping hand", especially when it doesn't harm your server. ;)
 
You must log in or register to reply here.

Similar threads

B
Question Can I make Mailcow Dockerized the main Mailserver on Plesk Obsidian + Debian 12 platform
Replies
1
Views
678
bosse1
B
A
Question Upgrade to 18.0.54 on Plesk Obsidian on Ubuntu - WordPress & Website Hosting Environment AMI
Replies
3
Views
2K
Peter Debik
P
Rendor9
Resolved I can't renew my plesk onyx interface SSL certificate.
Replies
4
Views
2K
Rendor9
Rendor9
A
Resolved Unable to reinstall modsecurity after upgrade from Onyx to Obsidian
Replies
1
Views
907
Abernathy
A
O
Question New installation: best practices, useful tips, suggests
Replies
9
Views
3K
Kaspar
K
Back
Top