DKIM-Patch 1.1.5 24

A new version of the DKIM-Patch for ISPConfig is available now.

Download: DKIM-Patch

Changes to 1.1.4:

create dkim-path during install
DMARC requieres SPF and DKIM (this breaks the current draft but DMARC is useless if you use spf OR dkim)
fixed an error if the dkim-path does not exists
add missing resync-values to lng-files
allow verification records for DMARC in a TXT-record (like v=DMARC1;)
allow SPF-includes
allow multiple adresses for aggregate mail reports (rua) and forensic mail reports (ruf)
updated install.php to work on centos7

Leave a Reply to Florian Schaal Cancel reply

Your email address will not be published. Required fields are marked *

24 thoughts on “DKIM-Patch 1.1.5

  • Xanela

    Hello florian.
    How could change the length of the dkim key.
    Since many servers are rejecting me emails because the header exceeds the size of 998 bytes, and the field length exceeds the dkim signature.

    thank you very much

    • Florian Schaal Post author

      You can set the dkim-strength under system / serverconfig / SERVER / mail. Afterwards re-create the dkim-keys
      IF a server rejects your mail even with a key-strength 1024, you should send a mail to the postmaster.

      • Xanela

        in place that tells me I do not see anything about the length of the dkim signature.
        This is a screenshot of the site.

        would you kindly tell me how I should make the change in length of the signature dkim

        • Florian Schaal Post author

          Are you really using the latest version? please post the output of “grep version /home/raschaal/devel/own-git/dkim/server/plugins-enabled/”
          I installed this patch for some customers in the last few days and i was always able to change the key-strength.
          You can NEVER use a dkim-strength < 1024 because this will lead to problems with gooogle and other mail-providers. If you really need a dkim-strength < 1024, feel free to send me a mail to

  • Roman


    my TXT record for DKIM is shortened in Bind zone file.. Key pair (2048bit) is generated correctly, even in MySQL table is full length.

    But during save to zone files record is somehow shortened

    • Florian Schaal Post author

      Is the full key in the mail_domain table and in dns_rr table? Maybe your database-structure was not altered. You can check this with this sql-query:
      If the output is not TXT, update the column with ALTER TABLE `dns_rr` CHANGE `data` `data` TEXT NOT NULL DEFAULT ”;

    • Florian Schaal Post author

      Correct me if i´m wrong: you found this on a page for the patch < 1.0? With 1.0 you don´t need such an entry in your template. If you create a key in the mail-domain, the dns-record will be created, too. If you would like to setup the dns-wizard to create a dkim-record, just enable the checkbox.

  • Stephane

    Is there a way to disable the wizard for SPF ?

    Cause I can’t write my own dns entry.
    And the spf wizard doesn’t allow me to make an include.

    Kind regards.

  • jo

    The DKIM-Selector shows by default “default1420755328” and ads this in front of the dkim-dns row. But the key can’t be veryfied because the dkim-dns row can’t be find on the server… What to do the the key can be find? (the key ist there on bind9)

    • Florian Schaal Post author

      Are you sure that amavis verifies the key against your own dns? It takes some time to update dns-records worldwide. Try dig @ default1420755328._domainkey.YOURDOMAIN TXT to querie your local dns.

  • marc

    I’ve just installed you last patch after I installed opendkim. But now I wonder how and if to configure opendkim to work with ispconfig an your patch.

  • Jan

    Hello Florian,

    I have two questions:

    1) about compatibility with upcoming ISPConfig 3.1 where DKIM will be integrated. Is this patch the same code as will be used in this version? Is it safe install this patch and than upgrade to ISPConfig 3.1 when it will be ready?

    2) is this patch work correctly in multiserver setup? We have separated mail server on its own server. On which server should I install this patch? On master ISPConfig server and mail server?

    Thank you

    • Florian Schaal Post author

      1. The Code between this patch and ISPConfig 3.1 is quite the same. You can apply this patch and afterwards upgrade to 3.1.
      2. I use this in a multi-server setup so i´m sure it works without any problems. Run the installer on every server that runs mail and/or dns and also on the interface.