Does that mean you might write sweet little pull request to add more DKIM functionality? :woohoo:
::: key-pair generation
I don’t understand enough about apache vhosts and permissions to understand if suitecrm could automate keypair generation for you without it being a security risk. I currently keep my keys in /etc/dkim. I don’t believe the apache user could write to such a directory. And I don’t know if it could be considered safe to have the private key anywhere in /var/www/ ? Maybe, just maybe, if the private key is encrypted with a password. But I’m not qualified to make such a call.
You could however at least add a most simple instruction for how to do it on CLI (at least for Linux/Mac OS) with openssl. Or a link to the best description online 
For openssl the commands would be something like this:
cd /etc
sudo mkdir dkim // create directory to hold your dkim keys
cd dkim
sudo openssl genrsa -out yourname.key 1028 // generate private key, assuming 1028 bit
sudo openssl rsa -in yourname.key -pubout -out yourname.pub.key // write public key to file
::: Admin panel for DKIM
First thing would be imho to add the 5 main DKIM fields that are available in /include/phpmailer/class.phpmailer.php to the admin backend and allow editing them in the backend instead of in the non-update-safe code. That is:
- domain name //e.g. yourdomain.com
- DKIM selector (freely chosen. must match DNS entry)
- identity (not sure what this is for - usually email address from which mails are sent)
- private key location (either plaintext file or encrypted in .pem-format)
- passphrase (optional: if private key is encrypted with a password in .pem format)
Optionally, you could also add a field for canonicalization (which I don’t yet understand, but has something to do with the strictness of DKIM as far as changes made to emails during travel and redirects). The default currently is ‘relaxed/simple’. I’d suggest having this set in SuiteCRM by default as well.
Optionally, you could also add a field for encryption strength (1028bit or 2056bit). in phpmailer.php that’s $DKIMsignatureType and would have to be made dynamic.
:::::: DKIM on/off checkbox
Currently DKIM is activated as soon as the following criteria are met:
- domain name: set
- DKIM selector: set
- private key location: set
- private key file exists in location provided
I’d like a checkbox to activate/deactivate DKIM in the backend without losing the data entered.
::: DNS TXT entry
SuiteCRM can obviously not do much here except supply a default generic DNS entry and instructions. e.g.
name of DNS entry: [DKIM selector].yourdomain.com
DNS entry type: TXT
TXT entry contents: “v=DKIM1;p=[public key]”
One of the trickier parts about all of this is how to split the TXT-entry into two or more lines, if your DNS provider doesn’t allow long enough entries… I could only get it to work for me so far by using the shorter 1028bit public key and having it all in one line.