Domain Selector Add / Edit
Important: After updating or creating a selector be sure to restart your SMTP and Queue Manager services.
Selector Signing Properties
- Type.
- DomainKeys. Uses Message Algorithm for Preparation Signing.
- DKIM. Uses Header and Body Algorithm for Preparation Signing.
- Name. Value used to identify the selector in the IMail Administrator.
- DNS Text Record. Name that will associate the selector in DNS. This text name allows any text string that is a legal DNS domain name.
Example: DNS Text Record set to MyDNSName will be named
"MyDNSName_domainkey.domainname.com" - Status. (On by default) Click "Off" to disable the selector.
- Description. Free format text box limited to 1024 characters.
- Header Algorithm (DKIM only). DKIM uses both the Header and Body Algorithm as the specified canonicalization method.
- Simple. This algorithm is designed to be the least tolerant. Each header is unfolded per RFC2822 and is converted to lowercase.
- Relaxed. (Set by default) This algorithm tolerates common modifications such as white-space replacement and header line re-wrapping.
- Body Algorithm (DKIM only).
- Simple. This algorithm is designed to be the least tolerant.
- Relaxed. (Set by default) This algorithm tolerates common modifications such as white-space replacement and header line re-wrapping.
- Message Algorithm (DomainKeys only). DomainKeys uses the Message Algorithm as the specified canonicalization method.
- Simple. Allows toleration of almost no modification.
- No Folding Whitespace (nofws). (Set by Default) Allows common modifications such as white-space replacement and header line re-wrapping.
- Public Key. The public key which is automatically generated is what must be stored and published in DNS as a TXT record of the associated domain.
Tip: Remember to check for the "p=" in front of the key
Advanced Properties
DomainKeys and DKIM Option
Private Key. Text box displaying text string of Private Key. The private key is stored securely on the mail server and is used to sign all outgoing messages.
- Generate New Key. (Default is 1024 Kb) Clicking this button will generate a new Private Key, with a pop-up option for the private key length (512, 768, 1024, 1536, 2048).
DKIM Advanced Options Only
Hash Algorithm. SHA (Secure Hash Algorithm) hash functions are a set of cryptographic hash functions designed by the NSA and published by the NIST as a US Federal Information Processing Standard.
- SHA-256. (Set by default) Is an improved hash function in the SHA-2 family, computed with 32-bit words.
- SHA-1. The best established of the existing SHA hash functions, and is employed in several widely used security applications and protocols.
Body Settings. Options for body length limits when signing.
- Sign Entire Body. (Set by default)
- Sign Entire Body and Include Length Tag. Including the length tag allows message trailers to be better tolerated after the message is sent.
- Specify Max Body Length for Signing. Textbox for max amount of bytes to sign.
Expiration. When both the Timestamp and Expiration Tag are set, then a validation check will be done to verify that the Expiration Tag is greater than the Timestamp when the signature is verified.
- Include Timestamp. (Set by Default) This tag tells the verifying server when the signature was generated.
- Include Expiration Tag. (Optional) When used, this tag tells the verifying server to ignore this signature after the time specified.
- Time in Which to Expire. Time is counted by minutes, hours or days. The expiration time will be calculated based on the time when the signature is generated.
Authoritative Domain.
- Use the Domain's Auth Name. (Set by default) This option requires a DNS text record for each domain signature selector.
- Use the Sending User's Domain Name. This option requires a DNS text record for each domain signature selector.
- Use the Following Auth Name. (Set by default for DKIM Wizard) This option allows the administrator to create one DNS text record to handle many domains.
Assigning Domains
Domains can easily be assigned to a selector, allowing the domain to use as a signature.
Available Domains not Assigned
The left box displays all available domains that do not have the selector assigned.
- Domain Name. Domain name that currently does not have the current selector assigned.
(Add Domain to Selector). Select an available domain and click to add to the current selector.
(Remove Domain from Selector). Select a domain from the domains currently assigned and click to remove the current selector. 
(Add All Domains to Selector). Click to add all available domains to the current selector.
(Remove All Domains From Selector). Click to remove all domains from the current selector.
Assigned Domains for Current Selector
- Domain Name. Domain name that has the current selected assigned.
- Enabled. Check this box to activate and allow the domain to use the selector.
Enable All. Click this button to activate all the assigned selectors.
Disable All. Click this button to deactivate all the assigned selectors. The selector will be assigned to all the domains, but the selector will be disabled for use as a domain signature.
Test DNS Setup. Click this button to test the current selector against your current DNS setup. The DNS Test button will display "successful" for each domain. A link to assist with DNS problems will display for domains that "failed".
- See the following KB for DNS help - http://kb.imailserver.com/cgi-bin/imail.cfg/php/enduser/std_adp.php?p_faqid=727
Headers List
- Sign All Headers. (Not set by default)
See all Headers.
Sign All Headers when setting Prevent Adding for a signature will be unchecked, unless the header list is specified otherwise.
Warning: Disabling the default set of headers to be signed opens the possibility of header modifications and spoofing depending on the headers that are being signed.
DomainKeys / DKIM Headers
By default (RFC minimum recommendation) the following headers are set for signing:
- CC
- Content-Description
- Content-ID
- Content-Transfer-Encoding
- Content-Type, Date
- From, In-Reply-To
- List-Archive
- List-Help
- List-ID
- List-Owner
- List-Post
- List-Subscribe
- List-Unsubscribe
- Message-ID
- MIME-Version
- References
- Reply-To
- Resent-CC
- Resent-Date
- Resent-From
- Resent-Message-ID
- Resent-Sender
- Resent-To
- Sender, Subject
- To
TIP: The default headers are recommended as the minimum headers necessary for maintaining secure header signing.
DomainKeys Header List
- Name. Header name selected to be signed.
DKIM Header List
- Name. Header name selected to be signed.
- Maximum Number To Sign. (Default set to 1) Maximum number of same headers allowed to be signed.
- Sign All. (True by Default) Signatures will sign all headers with the same headers for the domain.
Tip: Max Number to Sign and Sign All are not available for update when the "Sign All" check box is set.
- Prevent Adding. (False by Default) A signature will not tolerate headers with the same header name to be added.
Add Header. Click the Add button to create a custom header or select a header from the drop down for a list of all headers.
Edit Header. (DKIM functionality only) Select a header and click the Edit button to update the header options.
Delete Header. Select a header and click the Delete button to remove.
Note: To maintain a secure header signing, it is not recommended to remove a default header.
Add. Click Add to for a new Header.
Edit. Select a Header and click Edit to update.
Delete. Select a Header then click Delete to remove.
Related Topics