Difference between revisions of "DKIM How To"
| (13 intermediate revisions by 3 users not shown) | |||
| Line 1: | Line 1: | ||
| + | '''Hint''' | ||
| + | *If you have issues with reverse DNS mail lookup with telnet, check network settings on VPS provider under "Networking" in SolasVM. | ||
| + | |||
'''DKIM add new key:''' | '''DKIM add new key:''' | ||
*create keys and put them into /etc/opendkim/keys/domains.com/keys | *create keys and put them into /etc/opendkim/keys/domains.com/keys | ||
| Line 7: | Line 10: | ||
systemctl restart opendkim | systemctl restart opendkim | ||
| − | Generate keys two ways: | + | '''Generate keys two ways:''' |
opendkim-genkey -t -s mail -d domain.com -v | opendkim-genkey -t -s mail -d domain.com -v | ||
| − | opendkim-genkey -b 2048 -h rsa-sha256 -r -s mail -d domain.com -v | + | <s>opendkim-genkey -b 2048 -h rsa-sha256 -r -s mail -d domain.com -v</s> |
| − | Test Keys: | + | '''Add mail.txt to DNS:''' |
| + | cat mail.txt >> /etc/bind/zones-enabled/domain.com.zone | ||
| + | |||
| + | '''Test Keys:''' | ||
opendkim-testkey -d domain.com -s mail -vvv | opendkim-testkey -d domain.com -s mail -vvv | ||
| + | dig mail._domainkey.domain.com TXT | ||
| − | Need permissions: | + | '''Need permissions:''' |
chown -R opendkim:opendkim /etc/opendkim/ | chown -R opendkim:opendkim /etc/opendkim/ | ||
| − | chmod 700 /etc/opendkim/keys/ | + | chmod go-rwx /etc/opendkim/* |
| + | chmod 700 -R /etc/opendkim/keys/ | ||
| − | Debugging: | + | '''Debugging:''' |
grep -r milter /var/log/syslog | grep -r milter /var/log/syslog | ||
| + | grep -i dkim /var/log/mail.log | ||
| − | Notes: | + | '''Notes:''' |
| − | + | *If it keys do not pass on reboot, do the following: | |
| − | If it keys do not pass on reboot, do the following: | ||
systemctl restart opendkim | systemctl restart opendkim | ||
systemctl restart postfix | systemctl restart postfix | ||
| + | *Webmail must use ports 993 and 443 or else the DKIM keys are signed twice. | ||
| + | *NS1 and NS2 zone files must match 100% perfect or else there are issues | ||
| + | *If something fails, tail log files and check systemcrt status. Also confirm permissions. | ||
| − | + | '''Documentation:''' | |
| + | *[http://www.postfix.org/MILTER_README.html Milter Guide] | ||
| + | *[http://www.postfix.org/MILTER_README.html#workarounds Postfix Workarounds] | ||
*[https://help.ubuntu.com/community/Postfix/DKIM Postfix/DKIM Ubuntu/Debian Guide] | *[https://help.ubuntu.com/community/Postfix/DKIM Postfix/DKIM Ubuntu/Debian Guide] | ||
*[https://dkimcore.org/tools/ Key Generator] | *[https://dkimcore.org/tools/ Key Generator] | ||
| + | |||
| + | Tools: | ||
*[http://dkimvalidator.com/ Online Key Validator] | *[http://dkimvalidator.com/ Online Key Validator] | ||
Latest revision as of 05:24, 31 May 2021
Hint
- If you have issues with reverse DNS mail lookup with telnet, check network settings on VPS provider under "Networking" in SolasVM.
DKIM add new key:
- create keys and put them into /etc/opendkim/keys/domains.com/keys
- add domain to trusted.hosts
- add domain to signing.table
- add domain to key.table
systemctl restart opendkim
Generate keys two ways:
opendkim-genkey -t -s mail -d domain.com -vopendkim-genkey -b 2048 -h rsa-sha256 -r -s mail -d domain.com -v
Add mail.txt to DNS:
cat mail.txt >> /etc/bind/zones-enabled/domain.com.zone
Test Keys:
opendkim-testkey -d domain.com -s mail -vvv dig mail._domainkey.domain.com TXT
Need permissions:
chown -R opendkim:opendkim /etc/opendkim/ chmod go-rwx /etc/opendkim/* chmod 700 -R /etc/opendkim/keys/
Debugging:
grep -r milter /var/log/syslog grep -i dkim /var/log/mail.log
Notes:
- If it keys do not pass on reboot, do the following:
systemctl restart opendkim systemctl restart postfix
- Webmail must use ports 993 and 443 or else the DKIM keys are signed twice.
- NS1 and NS2 zone files must match 100% perfect or else there are issues
- If something fails, tail log files and check systemcrt status. Also confirm permissions.
Documentation:
Tools:
