dkim zimbra 8.7

[mhejek]

im tried create dkim with zimbra 8.7
whan created .the rsa its too long

domainkey IN TXT ( "v=DKIM1; k=rsa; "
"p=MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAzpvcyamSbyFdU1yalRab2oMRaNizSiOEshzN6PGblqMUrXKHO24ZSJtp1oOt85SHx+CPoEbnPBaeHqhS/ZFheoBF6Cqahqtjh755wdhfvh0Zjq/e5IfRAOxdzMduFMwhKJzTinJ32vWaAEJVZW6Qmjd8qwQAptppusb5FDdIvCoc0tp+TsYWIHanPav0ux2WyucXbNdMKNoYlT"
"2WUdERtcvyoZEQVslAIBQR6JwL67hLbKrxemknw5WwFpLguTRjZUwldkDtKZ8Iju9y4Km4e0f8O9dgZ+CesB389uVl/5iGoRwZ9+ldExH0+PpyCMaymq/9KDbUzN3kULK8O/dK9QIDAQAB" )

whan i cheked with dkimvalidator ,i always get error
but i got success with zimbrta 8.6

thanks
best regard
mhe

[jorgedlcruz]

Hi mhejek,
Let me check on my environment.

Best regards

[jorgedlcruz]

Hi,
Verified on my lab, and I've opened a Bug, please vote for it, and add yourself in copy of that bug to keep you informed:

• https://bugzilla.zimbra.com/show_bug.cgi?id=106785

Best regards

[DualBoot]

It looks like that the first part is the beginning of the private key.

[mefistoteles]

Hi

Nowadays 1024 keys are considered as insecure, that's why in Zimbra 8.7 DKIM stuff has got changed and Zimbra creates 2048 bit keys.

Solution:

1. Edit (as root) script file /opt/zimbra/libexec/zmdkimkeyutil and replace all '2048' occurences with '1024'. This will allow creation of DKIM key with length 1024 and set it as default value.
2. Run /opt/zimbra/libexec/zmdkimkeyutil -u -d yourdomain.com
3. Update your DNS records.

After changes in the script you still can create 2048 bit keys, using option -b:

/opt/zimbra/libexec/zmdkimkeyutil -u -b 2048 -d yourdomain.com

Regards

mefistoteles

[downtheroad]

Hi

Nowadays 1024 keys are considered as insecure, that's why in Zimbra 8.7 DKIM stuff has got changed and Zimbra creates 2048 bit keys.

Solution:

1. Edit (as root) script file /opt/zimbra/libexec/zmdkimkeyutil and replace all '2048' occurences with '1024'. This will allow creation of DKIM key with length 1024 and set it as default value.
2. Run /opt/zimbra/libexec/zmdkimkeyutil -u -d yourdomain.com
3. Update your DNS records.

After changes in the script you still can create 2048 bit keys, using option -b:

/opt/zimbra/libexec/zmdkimkeyutil -u -b 2048 -d yourdomain.com

Regards

mefistoteles

thanks, we had same problem (dkim too long and bind wouldn't start because of line lenght) and solved with this.

[davidkillingsworth]

Anyone who is reading this, please note that the instructions above are not the best method for adding a DKIM.

Don't edit this file because it is zimbra core and you will lose your changes on the next zimbra upgrade anyway.

Code: Select all

/opt/zimbra/libexec/zmdkimkeyutil

Please look at the Bug report that Jorge links to above, specifically comments 8, 9, and 11.
https://bugzilla.zimbra.com/show_bug.cgi?id=106785

You can just fuse the two strings of text together without the quotes on the 2 lines and past into your DNS entry. Previously, the string was only outputted on a single line. Now the string is too long, so the zimbra command outputs the single string on two lines in two different quotes. This is obviously confusing or you wouldn't be reading this forum post. It's actually very simple though. Just fuse the two strings together without quotes and paste into DNS. This string is longer than it was in zimbra 8.6, but it does work with hosted DNS entries.

Before the string for p= was 217 characters. Now it is 393 characters. At least on my servers.

Before zimbra 8.7: v=DKIM1; k=rsa; p=<217 characters>
zimbra 8.7: v=DKIM1; k=rsa; p=<393 characters>