GreenArrow Engine
Change Log
- Historic (Pre-4.200.0) Change Log
Getting Started
- GreenArrow Concepts
- Hardware Requirements
- Supported Linux Distributions
- SSH Access
- Co-Existing With Other Software
- Firewall Configuration
- Installation Guide
FAQs
- Chrome Mixed Content Compatability Guide
- GreenArrow Engine and AWS
- Common Error Messages
- Message Delivery
- Modifications and Customizations
- Pausing and Dumping Queues
- Direct Database Access
- Getting Started with Email Injection
- Creating a Drop Route
- Time Zones
- First Steps after Install
- GreenArrow Components
- Logging SMTP Sessions in GreenArrow
Configuration
- Configuration File
- General Settings
- Performance Tuning
- Adding a New Domain
- Adding a New IP Address
- Adding A New Whitelabeled Cloud Domain
- IPs Authorized to Relay
- License Key
- URL Domains
- Convert PowerMTA® Configuration
- Secret Constants
- Processing Events on Dedicated Servers
- Managing GreenArrow Monitor SeedList
- Proxy Protocol
- Replace Content Domain
- Link Replacements
User Management
- Two-Factor Authentication
- Users for Email Injection
Email Authentication
- DKIM
- SPF and Sender ID
- Adding a New From Address Domain
- Email Authentication for ESPs
Injecting Mail
- SimpleMH Injection
- Raw Injection
- - Raw Injection Headers
  - PHPMailer Raw Injection Example
- Injecting Mail with HTTP Submission API
- Local Injection Options
- QMQP
- QMQP Streaming Protocol
- Speed Considerations
- Obscured Email Addresses
Delivering Mail
- VirtualMTAs
- Throttling
- - Updating Throttle Settings on the Command Line
  - Updating Throttle Settings in SQL
- Dynamic Delivery
- Retry Schedule
- Internal DNS Cache
- Recipient MX Selection
- Pausing Domains
Incoming Email
- Incoming Email Domains
- Aliased Incoming Email Domains
- Bounce Mailboxes
- Spam Complaint Mailboxes
- Email Forwarders
- SMTP AUTH and POP3 Email Users
- DNSBLs and RBLs
Bounces and Spam Complaints
- Bounce Processor Concepts
- Bounce Processor Configuration
- Spam Complaint Processor
- Feedback Loops
- - Yahoo's transition from ReturnPath
- Lite Bounce Processor
Reporting
- Send Statistics Overview Page
- Send Statistics Pages
- Send Statistics Integration
- Dynamic Delivery Statistics
- Disk Queue Summary
- Stats API
- Local Delivery Attempt Status Messages
- Remote Delivery Attempt Error Messages
- hvmail_report Command
- Delivery Attempt Log (Deprecated)
- Delivery Attempt Message Formats
- Delivery Event Processed Logfile Format
- Remote Delivery Status Log
- hvmail_generate_email_report Command
- hvmail_get_possible_spamtrap_hits Command
- Service Logs
- GreenArrow Status Command
- Remote Connections
- Disk Queue Messages
Event Notification System
- Types of Events
- Events Table Maintenance
- Event Processor
- Legacy Event Notification
GreenArrow Cluster
- GreenArrow Proxy
- GreenArrow Configuration
- Cooperative Throttling
- SMTP Connection Proxying
- Troubleshooting
Network Services
- HTTP Server
- PostgreSQL
- POP3 Server
- SMTP Services
- Disabling SMTP-AUTH Username Logging
- TLS Certificate Configuration
- TLS Encryption for SMTP
- Legacy Services
- - Legacy Recursive DNS Server
Server Management and Backups
- Administering GreenArrow Without root Access
- GreenArrow Updates
- GreenArrow Downgrades
- Convert CentOS to Alma Linux
- Debian Updates
- PostgreSQL 16 Update
- Server Management
- System Administration
- Persistence Path Mode
- Managed Backups
- Unmanaged Backups
- Restoring Backups
- - Recover from Database Corruption
- Server Migrations
- Server Monitoring
- StatsD Integration
- fail2ban Integration
- Stopping and Starting GreenArrow Engine
- greenarrow Command
- hvmail_init Command
- Bounce Recovery
- - December 2020 Gmail Outages
- Disk Usage
- - Delete SimpleMH Clicks and Opens
- Troubleshooting Disk Space Issues
- Moving GreenArrow to a New Partition
- Email Address Retention
- High Availability Cluster
- - High Availability Cluster Administration
  - Self Managed High Availability Clusters
APIs
- Stats API
- - Send Status API
  - Disk Queue Summary API
- HTTP Submission API
- Configuration API
- Running Custom Code During Delivery Attempts
Third Party Integrations
- Amazon SES Integration
- Interspire Email Marketer Integration
- Ongage Integration
- SendGrid Integration
- SMTP Relay Service Integration
Support Contact Info

DKIM Key Length

Overview

We recommend using 1024-bit keys for DKIM signing in order to make it more difficult for others to spoof messages as coming from you. This has been GreenArrow Engine’s default behavior when generating new DKIM keys since an August 2011 update. Prior to that update, the default key length was 384-bits. If you have any DKIM keys with key lengths less than 1024-bits, we recommend replacing them.

For background information on why we recommend using 1024-bit key, see this Wired.com article on how Google.com’s 512-bit key was broken.

Key lengths longer than 1024-bit (for example, 2048-bit) are supported, but come with an injection speed penalty. When using larger keys, you may see lower throughput in the amount of email that can be injected into GreenArrow.

This page describes how to check whether you have any keys which need to be replaced. If you identify any keys that need to be replaced, the Replacing DKIM Keys page describes how this can be done.

Feel free to contact GreenArrow technical support if you have any questions about how to check, or replace your DKIM keys.

Checking Existing Key Lengths

To check the lengths of your DKIM keys, perform the following steps:

Login to GreenArrow Engine’s web interface.
Navigate to Configure => DKIM Keys:
View the values under the Bits heading for your DKIM keys. Any keys containing values less than 1024 in this column should be replaced. In the screenshot below, all keys are 1024-bits long:

Testing DKIM

DKIM Signing for Other Domains and Selectors

Copyright © 2012–2024 GreenArrow Email