DKIM How To

From HyperSecurity Wiki
Revision as of 22:23, 30 May 2021 by Srapaz (talk | contribs)
Jump to: navigation, search

Hint

  • If you have issues with reverse DNS mail lookup with telnet, check network settings on VPS provider under "Networking" in SolasVM.

DKIM add new key:

  • create keys and put them into /etc/opendkim/keys/domains.com/keys
  • add domain to trusted.hosts
  • add domain to signing.table
  • add domain to key.table
systemctl restart opendkim

Generate keys two ways:

opendkim-genkey -t -s mail -d domain.com -v

Not working correctly:

opendkim-genkey -b 2048 -h rsa-sha256 -r -s mail -d domain.com -v

Add mail.txt to DNS:

cat mail.txt >> /etc/bind/zones-enabled/domain.com.zone

Test Keys:

opendkim-testkey -d domain.com -s mail -vvv
dig mail._domainkey.domain.com TXT

Need permissions:

chown -R opendkim:opendkim /etc/opendkim/
chmod go-rwx /etc/opendkim/*
chmod 700 -R /etc/opendkim/keys/

Debugging:

grep -r milter /var/log/syslog
grep -i dkim /var/log/mail.log

Notes:

  • If it keys do not pass on reboot, do the following:
systemctl restart opendkim
systemctl restart postfix
  • Webmail must use ports 993 and 443 or else the DKIM keys are signed twice.
  • NS1 and NS2 zone files must match 100% perfect or else there are issues
  • If something fails, tail log files and check systemcrt status. Also confirm permissions.

Documentation:

Tools: