Difference between revisions of "DKIM How To"
| (20 intermediate revisions by 3 users not shown) | |||
| Line 1: | Line 1: | ||
| + | '''Hint''' | ||
| + | *If you have issues with reverse DNS mail lookup with telnet, check network settings on VPS provider under "Networking" in SolasVM. | ||
| + | |||
'''DKIM add new key:''' | '''DKIM add new key:''' | ||
*create keys and put them into /etc/opendkim/keys/domains.com/keys | *create keys and put them into /etc/opendkim/keys/domains.com/keys | ||
| Line 7: | Line 10: | ||
systemctl restart opendkim | systemctl restart opendkim | ||
| − | Generate keys: | + | '''Generate keys two ways:''' |
| − | opendkim-genkey -b 2048 -h rsa-sha256 -r -s mail -d domain.com -v | + | |
| + | opendkim-genkey -t -s mail -d domain.com -v | ||
| + | <s>opendkim-genkey -b 2048 -h rsa-sha256 -r -s mail -d domain.com -v</s> | ||
| + | |||
| + | '''Add mail.txt to DNS:''' | ||
| + | cat mail.txt >> /etc/bind/zones-enabled/domain.com.zone | ||
| − | Test Keys: | + | '''Test Keys:''' |
opendkim-testkey -d domain.com -s mail -vvv | opendkim-testkey -d domain.com -s mail -vvv | ||
| + | dig mail._domainkey.domain.com TXT | ||
| + | |||
| + | '''Need permissions:''' | ||
| + | chown -R opendkim:opendkim /etc/opendkim/ | ||
| + | chmod go-rwx /etc/opendkim/* | ||
| + | chmod 700 -R /etc/opendkim/keys/ | ||
| + | |||
| + | '''Debugging:''' | ||
| + | grep -r milter /var/log/syslog | ||
| + | grep -i dkim /var/log/mail.log | ||
| + | |||
| + | '''Notes:''' | ||
| + | *If it keys do not pass on reboot, do the following: | ||
| + | systemctl restart opendkim | ||
| + | systemctl restart postfix | ||
| + | *Webmail must use ports 993 and 443 or else the DKIM keys are signed twice. | ||
| + | *NS1 and NS2 zone files must match 100% perfect or else there are issues | ||
| + | *If something fails, tail log files and check systemcrt status. Also confirm permissions. | ||
| − | + | '''Documentation:''' | |
| − | + | *[http://www.postfix.org/MILTER_README.html Milter Guide] | |
| − | + | *[http://www.postfix.org/MILTER_README.html#workarounds Postfix Workarounds] | |
| + | *[https://help.ubuntu.com/community/Postfix/DKIM Postfix/DKIM Ubuntu/Debian Guide] | ||
| + | *[https://dkimcore.org/tools/ Key Generator] | ||
| − | + | Tools: | |
| − | [http://dkimvalidator.com/ Online Key Validator] | + | *[http://dkimvalidator.com/ Online Key Validator] |
Latest revision as of 05:24, 31 May 2021
Hint
- If you have issues with reverse DNS mail lookup with telnet, check network settings on VPS provider under "Networking" in SolasVM.
DKIM add new key:
- create keys and put them into /etc/opendkim/keys/domains.com/keys
- add domain to trusted.hosts
- add domain to signing.table
- add domain to key.table
systemctl restart opendkim
Generate keys two ways:
opendkim-genkey -t -s mail -d domain.com -vopendkim-genkey -b 2048 -h rsa-sha256 -r -s mail -d domain.com -v
Add mail.txt to DNS:
cat mail.txt >> /etc/bind/zones-enabled/domain.com.zone
Test Keys:
opendkim-testkey -d domain.com -s mail -vvv dig mail._domainkey.domain.com TXT
Need permissions:
chown -R opendkim:opendkim /etc/opendkim/ chmod go-rwx /etc/opendkim/* chmod 700 -R /etc/opendkim/keys/
Debugging:
grep -r milter /var/log/syslog grep -i dkim /var/log/mail.log
Notes:
- If it keys do not pass on reboot, do the following:
systemctl restart opendkim systemctl restart postfix
- Webmail must use ports 993 and 443 or else the DKIM keys are signed twice.
- NS1 and NS2 zone files must match 100% perfect or else there are issues
- If something fails, tail log files and check systemcrt status. Also confirm permissions.
Documentation:
Tools:
