Created new DKIM key & selector but system still using old one

6 posts / 0 new
Last post
#1 Tue, 11/15/2016 - 18:27
jmunjr

Created new DKIM key & selector but system still using old one

My old DKIM key was only 1024 bits so I updated it to 2048. I went through all the step correctly and the system generated a new key. I used a different selector in the process.

I use external DNS and updated it accordingly. This was done a couple months ago.

For some reason the system is signing messages using the old selector and 1024 bit key. Anyone got any ideas?

Thanks

Tue, 11/15/2016 - 23:54
jmunjr

Ok so I checked the config file for DKIM /etc/opendkim.conf

The selector is set to the new value - it's "2017"

The old one is "2012" and for some reason that's what is being used on outgoing e-mail for every domain. All of these domains are set to use the global default key (2017 selector).

Any help is appreciated.

Wed, 11/23/2016 - 09:11
jmunjr

Can anyone help? I have scoured everywhere looking for some insight.

Thu, 11/24/2016 - 13:31
jmunjr

Ok it appears when updating the selector in the admin it does not change it in this file:

/etc/dkim-keytable

So essentially even though a new key was created the old selector remained.

I manually changed the selector to the new one and everything works now.

Thu, 06/06/2019 - 13:22
stom
stom's picture

Apologies for the necro but I just had this issue in the current version of Webmin [1.900] where changing selector is not updated in /etc/dkim-keytable.

After changing it manually and restarting opendkim with sudo service opendkim restart the correct selector is now being specified and my email is working correctly.

Thanks so much for posting your solution.

Mon, 06/17/2019 - 11:15
Lucian

You should open a bug about this, unlike the forums the bugs receive much more attention and fixing them will help everyone.