Having problems adding 'k=rsa;' in Smartermail DomainKey Mail Signing

Hi there,

I have been having some problems trying to update a DomainKey for our mail email domain to 2048 bits and also include 'k=rsa;' at the beginning of the key in the Smartermail DomainKey Mail Signing section. Our domain host (Domain Monster) is using a 2048 bit key that I generated, but I also included 'k=rsa;' at the beginning prior to the p= part of the key so all is fine at that end.

The problem I find is that if I add that 'k=rsa;' in Smartermail and hit Save, then do a DNS test all works fine, but as soon as I leave that section of SM and then return the 'k=rsa' part is missing and it will only show the DK starting with p=, so any subsequent DNS test in SM will fail.

Is this a bug or by design in respect of Smartermail (I'm currently running version 13.1.5451 Enterprise) ? Does it mean if by design that I would have to remove the 'k=rsa; ' element from the TXT record at the Domain Monster end in order to get a match?

If anyone could shed some light on this I would be grateful as this has been driving me crazy today!

Regards,

Dave

Bruce Barnes Replied

4/21/2015 at 9:39 AM

The "k=rsa'" does not go into SmarterMail, it only goes in the record you place in DNS.

Bruce Barnes ChicagoNetTech Inc brucecnt@comcast.net Phonr: (773) 491-9019 Phone: (224) 444-0169 E-Mail and DNS Security Specialist Network Security Specialist Customer Service Portal: https://portal.chicagonettech.com Website: https://www.ChicagoNetTech.com Security Blog: http://networkbastion.blogspot.com/ Web and E-Mail Hosting, E-Mail Security and Consulting

Dave Kidd Replied

4/22/2015 at 2:02 AM

Hi Bruce,

Thanks for your reply. So essentially the DNS test in Smartermail is only looking for an exact string match so I can just ignore the DNS fail message when "k=rsa" disappears in the text string as I was worried it would cause issues with our email with it not being there at the Smartermail end of things?

Regards,

Dave

Bruce Barnes Replied

4/26/2015 at 11:30 AM

Marked As Answer

Yes, leave the k=rsa; out of the signature in SmarterMail.

In fact, the ONLY thing in the SmarterMail DomainKey field should be the key generated by SmarterMail - DO NOT generate a key externally.

Then, copy that key into your DNS.

If you used the identifier, "secure", then your DNS TXT record will be called:

secure._domainkey.yourdomainname.tld and will be something like this:

k=rsa;
p=MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAynI7+rIwI7KfJEAKRq42hyDVkyo46g+r9B+381GD6y0K4ks1nKXp9PVI+MfRke3BaYM9BCs8q3fgTALJMyATAiRTpHmDUrv8ErNkr1JZZ9A5habGaFUPZ/GqV06UDQS1w4SWt/xMnGOzz3WnXj
T8v13uFUPtglQ/c3D7HYP4kOg5323rmqprkwKnIwiimm7lLa524HR+uet9vQ/Cf+dghYH8PGxrCOesghysbD/elRCDV0lKrbBbtjlMum6B5eswEswV1cgCY2cD3PEirXaXBgQZbGzlbNpXCpd2WVjQQe3rNPqS67hQK1W663lIP3i3IyceIudajFLk6nQljl8hGwIDAQAB

Remember, 1024 bit domain keys were depreciated in December, 2013, and all new keys should be 2048 bits or larger.

When pasting into Microsoft DNS, it is OK to break the key into three lines as DNS will re-assemble the text into a single line when a query takes place.

Don't forget that you'll have TWO MORE keys for each DomainKey record, too:

adsp._domainkey.yourdomainname.tld which will be:

dkim=all;

and

_domainkey.yourdomainname.tld which will be:

o=~

All of these are explained at https://www.unlocktheinbox.com under the DomainKey page.

3 Replies

Reply to Thread

Related Knowledge Base Articles

3 Replies

Reply to Thread

Tags

Related Knowledge Base Articles