• Rss
  • LinkedIn
  • Youtube
  • Twitter
  • Instagram
  • English English English en
  • Deutsch Deutsch German de
Sales: +49 5251 304-800 | Support: +49 5251 304-636
NoSpamProxy
  • HOME
  • PRODUCT
    • NoSpamProxy Cloud
    • NoSpamProxy Protection
    • NoSpamProxy Encryption
    • NoSpamProxy Large Files
    • NoSpamProxy Disclaimer
  • SUPPORT
    • Knowledge Base
    • Forum
    • Training courses
    • Support Request
    • Software-Download
    • Resources
  • PARTNERS
    • Finding Resellers
    • Becoming Reseller
    • Partner Portal
  • COMPANY
    • Team
    • Testimonials
    • Career
    • Contact
  • EVENTS
    • Events
    • Webcast Training
  • BLOG
  • FREE TRIAL VERSION
    • Price request
    • Free trial version
  • English
    • Deutsch
  • Search
  • Menu Menu
info icon

Use of DKIM in version 13 or higher

Settings
< zurück
Zuletzt aktualisiert am:29.08.2022

Starting with version 13, NoSpamProxy generates two DKIM keys, one in RSA format and one in EdDSA format (Edwards-Curve Digital Signature Algorithm). The RFC for this can be found here: https://www.rfc-editor.org/rfc/rfc8463

In the example the “key2018r” is in RSA format, as it was before. The “key2018e” is new as of version 13 and must also be published in the DNS.

Upgrading to NoSpamProxy version 13

After upgrading to version 13, the EdDSA key is automatically generated in addition to the existing keys. The following incident is displayed on the console’s start page:

“The DNS entry dkim.teste._domainkey.dkim.test ( Own domain ) is missing. Please create the DNS entry to solve this issue. We’ll check again in a few minutes.”

Emails are considered valid as long as one of the applied DKIM keys has been successfully validated. It is therefore no problem if the new DKIM key is used in EdDSA format but has not yet been published. However, this should be implemented as soon as possible.

Please note: If the intranet role uses its own internal DNS server that does not perform external queries, all DKIM keys on this DNS server must also be published.

Creating a new key pair

Starting with version 13, improved encryption security (2048bit) is used for the RSA key, making the key larger than the 255 characters allowed in the DNS. To do this, the generated key must be correctly wrapped when it is included in the DNS. To do this, use the double quotation mark (“) and wrap it there so the first part contains less than 255 characters.

Generated key in NoSpamProxy (unwrapped)

dkimr._domainkey IN TXT ("v=DKIM1; k=rsa;
p=MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQ
EAzvf5N0hu8i4wM5quF3e5otVwN/IhKeoEEbkstlIgGY
XSZQ+Tc7tJmkn/QyD8rvTWhAdmrLPfsDt2GwCkKBlupw
P7mtyQYR8bzw2fPCiUMW+Y7FyfRJSAFhRwykkrG1JbCy
J5Phn8qRYH4Rq1lo8BavEr7+/MeEf/CR1gdXH6kQ+SEc
a0M/2OJjoHOLdmvsyb9qnBa5HB58DQr6FpneHXCfAY6m
OI6vykmkVfb/MAr9CZFKrWY+17dPHDhKJDEwsQymCGUu
GwzLwlPcjLVbMSQGXrtdWy8cJbeOa+iO2Gwp4yS2urmT
/k8aK4256GhSQbBH3HOCxRgNL3Yb4G1mo92QIDAQAB")

Key to use in DNS (wrapped)
dkimr._domainkey IN TXT ("v=DKIM1; k=rsa;
p=MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQ
EAzvf5N0hu8i4wM5quF3e5otVwN/IhKeoEEbkstlIgGY
XSZQ+Tc7tJmkn/QyD8rvTWhAdmrLPfsDt2GwCkKBlupw
P7mtyQYR8bzw2fPCiUMW+Y7FyfRJSAFhRwykkrG1JbCy
J5Phn8qRYH4Rq1lo8BavEr7+/MeEf/CR1gdXH"
"6kQ+SEca0M/2OJjoHOLdmvsyb9qnBa5HB58DQr6Fpne
HXCfAY6mOI6vykmkVfb/MAr9CZFKrWY+17dPHDhKJDEw
sQymCGUuGwzLwlPcjLVbMSQGXrtdWy8cJbeOa+iO2Gwp
4yS2urmT/k8aK4256GhSQbBH3HOCxRgNL3Yb4G1mo92Q
IDAQAB")

Backing up DKIM keys

Before upgrading NoSpamProxy to a new version, or for regular backups, the current DKIM key should be exported and backed up. The key can be exported under “People and Identities > DKIM Keys” and imported again if the system is restored.

Note

Some DKIM validation tools do not accept DKIM keys in the new EdDSA format, because they only expect RSA formats. Tools such as MXToolBox will accept the EdDSA format: https://mxtoolbox.com/dkim.aspx

06.03.2019/by Stefan Feist

SEARCH

PRODUCT

  • All Topics
  • NoSpamProxy Cloud
  • NoSpamProxy Protection
  • NoSpamProxy Encryption
  • NospamProxy Large Files

Knowledge Base

Knowledge Base

Note: The information in this knowledge base is only relevant for NoSpamProxy up to version 13.2. All information for NoSpamProxy 14 and higher can be found in the online documentation.

CATEGORY

  • All Topics
  • News
  • Product
  • Tech & Support
  • Events
Subscribeto RSS Feed

NoSpamProxy

  • NoSpamProxy Cloud
  • NoSpamProxy Encryption
  • NoSpamProxy Large Files
  • NoSpamProxy Disclaimer
  • Price request
  • Team
  • Career
  • General terms and conditions
  • Data Protection Information for Business Partners and Applicants
  • Cybersecurity (PSIRT)

Partners

  • Becoming a reseller
  • Partners
  • Order Certificates
  • Newsletter

Categories

  • All topics
  • News
  • Support
  • Updates
  • Order certificates

Latest News

  • Info IconCritical Outlook vulnerability: No threat to NoSpamProxy customers24.03.2023 - 15:09
  • Default filter settings in NoSpamProxy 1422.03.2023 - 10:00
  • NoSpamProxy UpdateGlobal Rollout NoSpamProxy Version 14.0.515.03.2023 - 15:20
IMPRINT • EULA • Privacy Policy • © 2023 Net at Work GmbH
  • Rss
  • LinkedIn
  • Youtube
  • Twitter
  • Instagram
Release Notes – NoSpamProxy 13.0 (Regular Channel)Info IconInfo IconNoSpamProxy Server license management version 13 and higher
Scroll to top