This how to describe how to add domainkeys and SPF (Sender Policy Framework) records on CPanel Servers. Whenever you create a domain on CPanel server using WHM, it wont add domainkeys and SPF records for particular domains. To add domainkeys and SPF records please use following steps.
Please note on CPanel servers most of the work is done using cpanel username which then reflect setting on particular domains. If you have several domains / sub domains under one username, it will add domainkeys and SPF records for all domains / subdomains.
- The cPanel developers indicated that DKIM auth will be a feature in 11.32 version.
- cPanel does not recommend or provide support for some of the changes this tutorial will ask you to make. As usual, make these changes at your own risk.
There are scripts in /usr/local/cpanel/bin that can install these on a per-user basis:
/usr/local/cpanel/bin/dkim_keys_install <username>
/usr/local/cpanel/bin/spf_installer <username>
If you wish to add DomainKeys and SPF for all Cpanel users on your server, execute following command.
for user in `ls -A /var/cpanel/users` ; do
/usr/local/cpanel/bin/dkim_keys_install $user &&
/usr/local/cpanel/bin/spf_installer $user ; done
Now what about new users? cPanel already though of that, and has options to create hooks for when after an account is created. To set up the server to automatically create an SPF record and DomainKey for new accounts, edit/create /scripts/postwwwacct and paste in the following code:
#!/usr/bin/perl
my %OPTS = @ARGV;
$ENV{USER} = “$OPTS{‘user’}”;
system q(/usr/local/cpanel/bin/dkim_keys_installer $USER);
system q(/usr/local/cpanel/bin/spf_installer $USER);
Configure Exim
Open /etc/exim.conf and near the top, add the following lines:
DKIM_DOMAIN = ${lc:${domain:$h_from:}}
DKIM_FILE = /var/cpanel/domain_keys/private/${lc:${domain:$h_from:}}
DKIM_PRIVATE_KEY = ${if exists{DKIM_FILE}{DKIM_FILE}{0}}
Then scroll down until you see these lines(line nuber 1518):
remote_smtp:
driver = smtp
Replace this with:
remote_smtp:
driver = smtp
dkim_domain = DKIM_DOMAIN
dkim_selector = default
dkim_private_key = DKIM_PRIVATE_KEY
dkim_canon = relaxed
dkim_strict = 0
Run chattr +ia /etc/exim.conf and restart the exim.
Verify
The easiest way to verify the functionality of your new DKIM setup is to send an email from your server to check-auth@verifier.port25.com . You’ll get an autoresponse back letting you now that everything is working (note that with DKIM, DomainKeys are obsolete so a status of “neutral” is normal)