The ADSP dns key _domainkey.{domain} only existed in draft form. The resultant ADSP isn't that useful on a global settings as it will probably default to "unknown". This should be removed and let individual hosts add ADSP settings if it suits their policy. If anything _adsp._domainkey .. "dkim=unknown" as per RFC5617 would be a good default value.
For the DNS key itself I don't think hard coding t=y (testing mode) is a useful attribute. The impact of signing on emails has shown to have a positive impact on the delivery of legitimate email. I recommend removing not settin t=y. In rfc6376 t=s is recommended.
Also there are other parameters. http://www.iana.org/assignments/dkim-parameters/dkim-parameters.xml#dkim...
v=DKIM1 is recommended by http://tools.ietf.org/html/rfc6376#section-3.6.1
rfc6651#section-3.1 has r= to refer feedback about the signature. Recommend adding r=postmaster to the template.
Perhaps with all these options perhap a web interface that allows administrator editing in the following form:
v=DKIM1; k=rsa; r=postmaster; t=s; p=@PUBKEY
and virtualmin can populate @PUBKEY when it creates all the DNS records.
Comments
Submitted by JamieCameron on Sat, 12/15/2012 - 13:21 Comment #1
Thanks for the suggestions - I will implement these in the 3.98 Virtualmin release.
Submitted by Issues on Sat, 12/29/2012 - 13:46 Comment #2
Automatically closed -- issue fixed for 2 weeks with no activity.