Difference between revisions of "DKIM How To"
| Line 13: | Line 13: | ||
opendkim-genkey -t -s mail -d domain.com -v | opendkim-genkey -t -s mail -d domain.com -v | ||
| − | + | <s>opendkim-genkey -b 2048 -h rsa-sha256 -r -s mail -d domain.com -v</s> | |
| − | |||
| − | opendkim-genkey -b 2048 -h rsa-sha256 -r -s mail -d domain.com -v | ||
'''Add mail.txt to DNS:''' | '''Add mail.txt to DNS:''' | ||
Latest revision as of 05:24, 31 May 2021
Hint
- If you have issues with reverse DNS mail lookup with telnet, check network settings on VPS provider under "Networking" in SolasVM.
DKIM add new key:
- create keys and put them into /etc/opendkim/keys/domains.com/keys
- add domain to trusted.hosts
- add domain to signing.table
- add domain to key.table
systemctl restart opendkim
Generate keys two ways:
opendkim-genkey -t -s mail -d domain.com -vopendkim-genkey -b 2048 -h rsa-sha256 -r -s mail -d domain.com -v
Add mail.txt to DNS:
cat mail.txt >> /etc/bind/zones-enabled/domain.com.zone
Test Keys:
opendkim-testkey -d domain.com -s mail -vvv dig mail._domainkey.domain.com TXT
Need permissions:
chown -R opendkim:opendkim /etc/opendkim/ chmod go-rwx /etc/opendkim/* chmod 700 -R /etc/opendkim/keys/
Debugging:
grep -r milter /var/log/syslog grep -i dkim /var/log/mail.log
Notes:
- If it keys do not pass on reboot, do the following:
systemctl restart opendkim systemctl restart postfix
- Webmail must use ports 993 and 443 or else the DKIM keys are signed twice.
- NS1 and NS2 zone files must match 100% perfect or else there are issues
- If something fails, tail log files and check systemcrt status. Also confirm permissions.
Documentation:
Tools:
