The only difference I see with my records is “p=quarantine” in “_dmarc”. In addition there is another text record called “_domainkey” and with the value “t=y; o=~;”.
Completely remove Mail Domain (warning: this will remove any mailboxes that you may have) and create it again, making sure you check the checkbox DKIM This will create the relevant entries in DNS, provided of course that the Hestia server is an authoritative Name Server for your domain.
My DNS is hosted on a 3rd party. However, I tested what you said to do with a fresh install. I added a Mail Domain with DKIM checked and it did not create the record in the DNS. I have all the basic records including DMARC and SPF, but no DKIM.
Not sure if it will help you debug or not. This is a script I wrote to help me set up DKIM on external DNS.
cat dkim-format.sh
#!/bin/bash
if [ -z "$1" ]
then
echo "Call script with USER DOMAIN arguments. Here are the mail domains on this server."
for USER in $( v-list-users plain | awk '{print $1}' )
do
COUNTMAIL=$(v-list-mail-domains $USER plain | awk '{print $1}' | wc -l )
if [[ "$COUNTMAIL" -gt "0" ]]; then
for MDOMAIN in $( v-list-mail-domains $USER plain | awk '{print " " $1}' )
do
DKIMSTATE=$(dig txt +short mail._domainkey.$MDOMAIN)
if [[ "$DKIMSTATE" == "" ]] ; then
STATEMESSAGE="No DKIM"
else
STATEMESSAGE="DKIM OK"
fi
echo -e "\t $USER \t\t $MDOMAIN \t\t $STATEMESSAGE"
done
fi
done
#
else
echo "Current record (dig +short txt mail._domainkey.$2)"
dig +short txt mail._domainkey.$2
echo ""
echo "Check that the TXT record for mail._domainkey.$2 is:"
v-list-mail-domain-dkim $1 $2 \
| sed '1,/BEGIN PUBLIC KEY/d' | sed '/END PUBLIC KEY/d' \
| tr -d '\n' | sed 's/.*/"v=DKIM1; k=rsa; p=&"\n/'
fi
No warranty. Use at your own risk. It was something I did for my own use.