DomainKeys Identified Mail (DKIM) is an email validation method that uses public and private keys. The private key is used to sign each message sent and the public key is used by the receiver of the message to validate the signature. It’s very important to use DKIM because, as well as preventing fraud, it gives your emails a better chance of not being classified as SPAM.
When making this tutorial I used Debian and DKIM-Filter 2.8.2.
Installing and Configuring Domain Keys Identified Mails (DKIM)
1. install dkim-filter:
$ apt-get install dkim-filter
2. Create the keys (public and private) and the folders where they should be kept. Repeat this process for each domain you want to use DKIM for. I used the domain “masterdaweb.com” as an example:
$ mkdir -p /etc/dkim/keys/masterdaweb.com $ cd /etc/dkim/keys/masterdaweb.com $ dkim-genkey -r -d masterdaweb.com
In the folder where we created the keys, /etc/dkim/keys/masterdaweb.com, we will have two files:
default.private (contains the private key)
default.txt (contains the public key)
The name of the “default.private” file itself is used as the name of the SELECTOR, which will be used in the DNS settings. If you want to change the name of the SELECTOR, just change the name of the “default.private” file. In our example, we’ll leave it as it is.
3. Create the file “/etc/dkim-keys.conf”:
$ vi /etc/dkim-keys.conf
Add the following line for each domain you want to use DKIM for:
*@masterdaweb.com:masterdaweb.com:/etc/dkim/keys/masterdaweb.com/default.private
As in our example we have not changed the name of the SELECTOR, so by default it will have the name “default.private”, if you have changed the name of the SELECTOR correct the line added above with the name used.
4. Add a TXT record to the DNS of each domain that will use DKIM. The TXT record we’ll be using is in “/etc/dkim/keys/masterdaweb.com/default.txt”. To do this, follow these steps:
Copy TXT record:
cat /etc/dkim/keys/masterdaweb.com/default.txt
Before adding the copied TXT record, change the record according to the SELECTOR name. In our example, the record copied was:
default._domainkey IN TXT “v=DKIM1; g=*; k=rsa; p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDewoXL1vvGBj/AyFYblIQSc1l5jRsYjDkeE4jVLSIDwgpqnWAMB6ibSuBU/ZS4zIWqIj2rTxHhowIO19obe9orf7XgKcq3kKAqtreznW15BfMBpCAoHVNd3q0yjniANFIXFH7mxEljR+ufFOtGYzIytFwPmDn2VepKZBaqLOOHDwIDAQAB” ;
In place of the word “default”, put the name of the SELECTOR:
default.private._domainkey IN TXT “v=DKIM1; g=*; k=rsa; p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDewoXL1vvGBj/AyFYblIQSc1l5jRsYjDkeE4jVLSIDwgpqnWAMB6ibSuBU/ZS4zIWqIj2rTxHhowIO19obe9orf7XgKcq3kKAqtreznW15BfMBpCAoHVNd3q0yjniANFIXFH7mxEljR+ufFOtGYzIytFwPmDn2VepKZBaqLOOHDwIDAQAB” ;
Now insert the edited TXT record into the domain’s DNS.
To check whether the TXT record you have added is valid, there is an online tool: http://dkimcore.org/c/keycheck
5. Create the file “/etc/dkim-filter.conf”:
$ vi /etc/dkim-filter.conf
Add the following line to the file:
KeyList /etc/dkim-keys.conf
6. Open the file “/etc/default/dkim-filter”:
$ vi /etc/default/dkim-filter
Add the following socket to the file:
SOCKET=”inet:8891@localhost”
7. Configure Postfix to query the DKIM-Filter using the socket you created earlier:
$ vi /etc/postfix/main.cf
Add the following lines to the file:
milter_default_action = accept
milter_protocol = 2
smtpd_milters = inet:localhost:8891
non_smtpd_milters = inet:localhost:8891
8. Restart DKIM-Filter and reload the Postfix settings:
$ /etc/init.d/dkim-filter restart $ postfix reload
That’s it! Now wait for the DNS to propagate and then do a test by sending an email and checking the email header to see if DKIM is working correctly.