• Hi,

    When trying to validate DKIM key, the plugin will allways warn "insecure key", even if the key is validated correctly.
    That's because the key has not been received with DNSSEC, and so it is "insecure".

    To resolve this issue, one must add "TrustAnchorFile" configuration to /etc/opendkim.conf

    Unfortunately, it seems like opendkim has not been compiled/configured with ubound (--with-unbound), so it cannot resolve DNSSEC and the warning will not go away.

    May I suggest that next version of the plugin adresses this issue ? As a bonus, it would be awsome to be able to actually SIGN emails with openDKIM when using a signed dns zone for the domain (DNSSEC is not implemented within I-MSCP, but it's possible to make it work with a little bit of configuration...)

    Thanks, Julien

  • Well, after some more research, it looks like opendkim is actually DNSSEC-ready
    I tried to validate some email I sent from GMail, and the warning was still there...
    BUT it looks like gmail is NOT using DNSSEC, so the problem is not on my side.

    Some more testing is needed (trying to find a DNSSEC-enabled free email provider to do the tests...)