1 1 mail server dkim
DKIM (DomainKeys Identified Mail) is a method of verifying the authenticity of email messages. Here's a step-by-step guide to setting up DKIM on a mail server:
Prerequisites:
- You have a mail server (e.g., Postfix, Sendmail, or Exim) installed and configured.
- You have a domain name (e.g., example.com) and a DNS provider (e.g., Cloudflare, Google Domains).
Step 1: Generate a DKIM key
- Use a tool like OpenSSL to generate a DKIM key pair:
openssl genrsa -out dkim-private.key 1024 openssl rsa -pubout -in dkim-private.key -out dkim-public.key
This will generate a 1024-bit RSA private key (dkim-private.key) and a corresponding public key (dkim-public.key).
Step 2: Create a TXT record
- Create a TXT record in your DNS provider's control panel for your domain (e.g., example.com). The record should contain the following information:
_name._type._class._content dkim._domainkey.example.com. IN TXT "v=DKIM1; k=rsa; p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQC4..."
Replace the
...
with the contents of your dkim-public.key file.
Step 3: Configure your mail server
-
Configure your mail server to use the DKIM key:
- Postfix: Add the following lines to your
/etc/postfix/main.cf
file:milter_protocol = 2 milter_default_action = accept dkim_verify = yes dkim_selector = default dkim_key_file = /path/to/dkim-private.key
- Sendmail: Add the following lines to your
/etc/mail/sendmail.cf
file:define(`DKIM_SELECTOR', `default') define(`DKIM_KEY_FILE', `/path/to/dkim-private.key')
- Exim: Add the following lines to your
/etc/exim.conf
file:dkim_selector = default dkim_key_file = /path/to/dkim-private.key
Step 4: Test your DKIM setup
- Postfix: Add the following lines to your
-
Send an email from your mail server to an external recipient.
-
Check the email headers for the DKIM signature:
Received: from [your-mail-server-ip] (your-mail-server-ip [your-mail-server-ip]) by mx.google.com with ESMTPS id... for <[email protected]>; Wed, 12 Jan 2022 14:30:00 -0800 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=example.com; s=default; h=From:To:Subject:Date:Message-ID; bh=...; b=...
The
DKIM-Signature
header should be present and contain the DKIM signature.
Troubleshooting tips:
- Check your DNS provider's documentation for specific instructions on creating a TXT record.
- Verify that your mail server is configured to use the correct DKIM key file.
- Check the email headers for any errors or warnings related to DKIM signing.
By following these steps, you should be able to set up DKIM on your mail server and start verifying the authenticity of your email messages.