Introduction
DomainKeys Identified Mail, abbreviated as DKIM. It is a protocol which ensures that, the emails received are from right and authentic senders, and are not forged. DKIM uses public key cryptography [wiki link]. Most of the times when you deal with a mail server, emails are unfortunately going into spam, because your DNS does not have a DomainKey record, which authenticates the emails coming from your domain.
Requirements
- I assume you are familiar with Debian based distrubution.
- You are having postfix mail server, this guide deals with postfix only.
- You have knowledge of basic linux commands
Installation
You can simply issue issue the following command to install openDKIM.
sudo aptitude install opendkim opendkim-tools dkim-filter
Configuration
Two configuration files of DKIM.
/etc/opendkim.conf /etc/default/opendkim /etc/default/dkim-filter
Firstly edit, /etc/opendkim.conf , Make sure your file do have these. Just edit “Domain” and “Selector”.
Domain vigasdeep.com #Use your domain here KeyFile /etc/mail/dkim.key # We will generate this key later on Selector mail #this can be anything # DomainKey is combined with "Selector" and "Domain", including an extra string "_domainkey" # For Example mail._domainkey.vigasdeep.com # Common settings. See dkim-filter.conf(5) for more information. AutoRestart yes Background yes Canonicalization relaxed/relaxed DNSTimeout 5 Mode sv SignatureAlgorithm rsa-sha256 SubDomains no X-Header no
After that, edit /etc/default/dkim-filter and make sure it have following
DAEMON_OPTS="-l -o DKIM-Signature,X-DKIM" DAEMON_OPTS="$DAEMON_OPTS -d vigasdeep.com -k /etc/mail/dkim.key -s mail" SOCKET="inet:8891@localhost"
Now we’ll edit /etc/postfix/main.cf file. Append following text into the file.
# DKIM milter_default_action = accept milter_protocol = 2 smtpd_milters = inet:localhost:8891 non_smtpd_milters = inet:localhost:8891
Thats all for the Configuration.
Generate Public/Private key for DKIM
This command with generate a public/private key pair. Replace “mail” with your own selector, and “vigasdeep.com” with your domain name.
opendkim-genkey -t -s mail -d vigasdeep.com
After this, place the private key to its right place at /etc/mail/dkim.key
cp mail.private /etc/mail/dkim.key # here <strong>mail</strong> refers to the selector
Thats it.
Optionally, you can also create a public/private key pair from http://dkimcore.org/tools/. Change Selector accordingly into /etc/opendkim.conf file.
If you have generated the keys on the web, then create a new file /etc/mail/dkim.key and paste private key into it.
Adding DNS (txt record) for domainkey
Adding the DNS entry is the most crucial part, please be patient and read carefully. When you created public/private key pair. Use public key for DNS entry. Login to your domain’s control panel, change DNS Settings, and add a TXT record. TXT record will ask you for two things. Host and Data.
Host will be ( change accordingly for your case )
mail._domainkey.vigasdeep.com ## [Selector]._domainkey.[domain.com]
and data would be something like
"v=DKIM1;=rsa; t=y; p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQC8O7fJSx/nbZfzy75pfMnSO57Y0/xyIQQfrWUFwo2PXIamDSII7KB83u0MBeSrt1TPAnSmcRlKIurEBD8xF1Um8cnM/D2W5BlPqKTiII9CHLNEiCKYJiG1EuB+5Wl47UCHnmRaX3+PrbB/r1AWEmT+8cNbz4FW60mQaEIHBFsgwIDAQAB"
Add the entry, and you’re done. Now we will test it out.
Starting DKIM and Troubleshooting
sudo service opendkim start
If you’re not able to send email, probably there is something wrong with the configuration. Check the mail logs.
grep -i dkim /var/log/mail.log
Check if DKIM is working correctly at http://dkimcore.org/tools/keycheck.html
Facing problems ? Post comment Or Hire me, I’ll be back after my “Double-Tikki” Burger. Hah !
