DKIM key generation command - genrsa superseded by genpkey

Problem Description

Reading the Enabling DKIM section of the wiki, I thought I’d review the command with the man page. It suggests:

To enable DKIM, you first need to generate the key, with openssl genrsa -out /srv/ - this is the private key which will be used to sign outgoing email.

Looking at the man page for openssl it says that genrsa has been superseded by genpkey.

      Generation of Private Key or Parameters.
      Generation of RSA Private Key. Superseded by genpkey(1).

Does this mean that the wiki should be updated to use genpkey instead?

Additionally, does the DKIM only need to be done for the default hostname of the server, with the same DKIM being used for all of the sites hosted, or does each site have a separate DKIM signature?

Any Error Messages



  • Sympl Version [9.0/10.0]: 10.0
  • Debian Version [Buster/Stretch]: Strecht
  • Hardware Type? [Dedicated/Virtual/Pi]: Virtual
  • Sympl Testing Version? [Yes/No]: Yes

If its the same for both Stretch and Buster, then yes, however off the top of my head it’s only Buster which is affected, and the end result is the same, so it should be fine.

Maybe add a note/alternative to the wiki?

Each sending domain needs to have it’s own DKIM configuration, along with the relevant DNS entries.

Just for clarity what was the verdict on the above related genrsa question. Do we need to use genpkey for Buster?

You can use either - as genpkey serves the same function but provides more key type options than just RSA, but you’d also need to adjust the syntax.

You can just use genrsa as it’ll work the same, but I’ve added to this to the list of things that should probably be wrapped in the sympl command line.

A post was split to a new topic: DKIM not working