How to set up DKIM?

[Black Tiger]

but my domain is in my signature below.

It could also be for another forum.

Can you verify that this is your DKIM record?

v=DKIM1; k=rsa; p=MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAomCG7abrAoGsmMEUA90jVoJmQOe9fQ19VzLh5qa8h82wtCXteKxgyJKxLxxfSwEv+RLeSFY+xKFDC6eH9SgkEgCzbPwFIGs3LqtxPUwOdvTNGLp58wwrqGUQfBcIuTaBNhgsv9ZsPcK1+DDRNvAmjS/Y8VRki1eIfClkDXO2rKnUhI5ullo6o1pDuH5Cmby592Q0XuJyRENcYNOb5sOwAuu3qa+Vcbzcbsf913n2G8Pp1JytXNpTjNWZqcKLEoCjPO6wr2ZIHJ5WB6qNSYmsZrqkEMtQsgzDokciyvDfp/ZMj5cHV2qK+3pWdfFtyCfymO87usIJORenjdJ29LBLrQIDAQAB;

Edit: Selector is xenforo.
Does Xenforo ACP still not detect it?

 

[Black Tiger]

One question for my own too. If I just want to use the DKIM from my domain with my own mailserver, should I just disable DKIM in the ACP, since I can't change the DKIM values there to my own DIM values.

 

[Kirby]

my domain is in my signature below.

If your domain is uorealms.com:

The TXT record seems to be in place, if XenForo can't detect it there might be a DNS issue with your PHP setup.

 

[Chernabog]

It could also be for another forum.

Can you verify that this is your DKIM record?

v=DKIM1; k=rsa; p=MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAomCG7abrAoGsmMEUA90jVoJmQOe9fQ19VzLh5qa8h82wtCXteKxgyJKxLxxfSwEv+RLeSFY+xKFDC6eH9SgkEgCzbPwFIGs3LqtxPUwOdvTNGLp58wwrqGUQfBcIuTaBNhgsv9ZsPcK1+DDRNvAmjS/Y8VRki1eIfClkDXO2rKnUhI5ullo6o1pDuH5Cmby592Q0XuJyRENcYNOb5sOwAuu3qa+Vcbzcbsf913n2G8Pp1JytXNpTjNWZqcKLEoCjPO6wr2ZIHJ5WB6qNSYmsZrqkEMtQsgzDokciyvDfp/ZMj5cHV2qK+3pWdfFtyCfymO87usIJORenjdJ29LBLrQIDAQAB;

Edit: Selector is xenforo.
Does Xenforo ACP still not detect it?

They don't make it easy with those long codes. It looks as though it's correct, but I noticed the support people at my host who entered the record for me seem to have broken it into two pieces - which may explain why XF ACP is still saying this, weeks later:



This is how the host entered it....



Which seems odd to me.. shouldn't it just be one long continuous string? XenForo is very kind to us not technical people, but there are a few bits here and there that are a struggle - this being one of them. I like to ensure any system emails have the best possible chance of reaching their target, hopefully not as spam.

I appreciate the two of you still sharing ideas and ways to assist. I have yet to hear back from the support desk at my host; who I asked to investigate further. This was a recommended host for XF, nice group of people, but I remember reading something about a guy named Matt, in the UK, whose focus is XF hosting --- that might have been a better route, someone deeply familiar with XF.

@Black Tiger I ran across an old post of yours tonight where you're looking for some help, but also helping out others in the thread -- I was a bit fast to pass judgment on you, so I apologize for that.

J

 

[Black Tiger]

seem to have broken it into two pieces

With records which are very long and don't fit in certain DNS systems line length, it's allowed to break them up in two pieces. I presume they did this correctly because I could find your DKIM record.
Also I was able to verify it with MXtoolbox and Easydmarc using xenforo as selector so in fact you should be fine, those 2 lines should not cause any issues resolving the DKIM record.

However... I could find your record on both with selector "default" and also with "xenforo". But in the Xenforo software one can't change the selector. It might be that Xenforo is only looking for the "xenforo" selector and the hoster put default._domainkey in there.

Now I could find them with both tools, even without selector, but maybe Xenforo is looking hardcoded for the "xenforo" selector.
You could try to have your hoster set the dkim to: xenforo._domainkey.uorealms.com.

As for your apologies, accepted and no hard feelings. Forgotten and gone.

@Kirby could it be that I'm right and Xenforo is hardcoded looking for the "xenforo" selector ignoring other selectors?

 

[Chernabog]

With records which are very long and don't fit in certain DNS systems line length, it's allowed to break them up in two pieces. I presume they did this correctly because I could find your DKIM record.
Also I was able to verify it with MXtoolbox and Easydmarc using xenforo as selector so in fact you should be fine, those 2 lines should not cause any issues resolving the DKIM record.

However... I could find your record on both with selector "default" and also with "xenforo". But in the Xenforo software one can't change the selector. It might be that Xenforo is only looking for the "xenforo" selector and the hoster put default._domainkey in there.

Now I could find them with both tools, even without selector, but maybe Xenforo is looking hardcoded for the "xenforo" selector.
You could try to have your hoster set the dkim to: xenforo._domainkey.uorealms.com.

As for your apologies, accepted and no hard feelings. Forgotten and gone.

@Kirby could it be that I'm right and Xenforo is hardcoded looking for the "xenforo" selector ignoring other selectors?

Would it be better to leave it the way it is, or to add xenforo._ to it? Does it really make any different other than, like you're thinking, that XF doesn't realize it's there cause it's not seeing it the way it expects to?

 

[Kirby]

[COLOR=hsl(var(--xf-editorFocusColor))]@Kirby could it be that I'm right and Xenforo is hardcoded looking for the "xenforo" selector ignoring other selectors?[/COLOR]

Correct. And that is a problem if you want to setup multiple XenForo instances on one domain.

K

Thread 'DKIM authentication fails ins some scenarios'

Apr 14, 2022

Steps to reproduce

1. Setup an installation at domain.com/xf-install-1, configure it to send emails as xf-install-1@domain.com and activate DKIM
2. After activation is completed and DNS has propagated setup another installation at domain.com/xf-install-2, configure it to send emails as xf-install-2@domain.com, activate DKIM and follow the instructions
3. Send Test Emails from installation 1 and 2 after DKIM setup on installation 2 has been completed (eg. DNS has propagated)

Expected Results
Test emails from both installations validate

Actual Result...

• Kirby
• Replies: 2
• Forum: Bug reports

• 

Ideally XenForo should generate a new unique selector every time DKIM is activated.

 

[Black Tiger]

Would it be better to leave it the way it is, or to add xenforo._ to it?

Due to @Kirby's reply, we can be sure Xenforo is looking for the "xenforo" selector. So there are a couple of solutions here.

1.) Don't add a new record, but just have the host change the selector from default to xenforo would already be sufficient. Or replace theh complete entry and use the xenforo selector.

2.) Maybe better (also mentioned earlier in this thread when I discussed this with staff) let your mailserver use DKIM. In that case you have to set Xenforo to use authenticated smtp from your server in the mail section.
There is already a the exising DKIM record now, so in fact that should work. You can test this by sending a mail via the smtp of your server and then check the headers if the DKIM key is present. If yes, then disable DKIM in Xenforo ACP and you're done.
You can doublecheck this by disabling DKIM in the ACP, then from the ACP send a message to a user (preferable yourself and not to your own domain name but for example gmail), then after receiving, check the header for the presence of the DKIM key.
This is the way I'm doing it.
And it's very easy to check if it's working.

3.) If you don't or can't use the server's smtp and don't want ot have the selector changed, you can add the same key but then with the correct xenforo selector (I wouldn't use this option but it's an option so I mention it).