Back in Alchemer, under DKIM Settings you will need to generate your public key. This public key will then need to be added to your domain's DNS Server. Click Generate DKIM to generate your public key. Install and Configure OpenDKIM on CentOS 8/RHEL8. First enable the EPEL (Extra Packages for.

Create Dkim Keys

  • Use this FREE DKIM Wizard and domain key generator to create a dns TXT record and 1024-bit or 2048-bit private and public keys for email header authentication. The public key is entered into your DNS and your private key installed on the mail server.
  • How to Use this Domain Key Generator To use the DKIM wizard, first specify a domain and a selector. The domain and the selector are not used in the generation of the public / private key pair. They will only be used to provide server and DNS setup instructions specific to you.
  • Yahoo originally created Domain Keys as an authentication and validation technique for email using a PGP-like protocol. The original specification has since been improved to DKIM (DomainKeys Identified Mail) by the community and a series of IETF standards resulted in RFC 6376.

This tutorial is available in other languages. Help translate more

Italiano /

  • Sign DKIM signature on outgoing emails for new mail domain

Don't know what DKIM is? Check our tutorial here: What is a DKIM DNS record.

Don't know where Amavisd config file is? check this tutorial:Locations of configuration and log files of major components.

iRedMail configures Amavisd to sign outgoing emails for the first mail domainyou added during iRedMail installation. If you added new mail domain, youshould update Amavisd config file to sign DKIM signature for it.

Let's say your first mail domain added during iRedMail installation ismydomain.com, and new mail domain is new_domain.com, please follow belowsteps to enable DKIM signing for outgoing emails of this domain.

Use existing DKIM key for new mail domain

if you already have a working DKIM and valid DKIM DNS record, it's ok touse this existing DKIM key to sign emails sent by other hosted mail domains.This way, you don't need to ask your customer who owns this new domain to addDKIM DNS record.

  • Find below setting in Amavisd config file amavisd.conf (find its location on different Linux/BSD distributions):

Add one line in @dkim_signature_options_bysender_maps, after 'mydomain.com'line like below:

  • Restart Amavisd service.

Generate new DKIM key for new mail domain

If you or your customer prefer to use their own DKIM key, you can generatea new DKIM key and ask your customer to add DKIM DNS record. Refer to ourtutorial to add DKIM DNS record.

  • Generate new DKIM key (key length 1024) for new domain, and set correct file owner and permission

    • on RHEL/CentOS, the command is amavisd, user/group is amavis:amavis.
    • on Debian/Ubuntu, the command is amavisd-new, user/group is amavis:amavis.
    • on FreeBSD, the command is amavisd, user/group is vscan:vscan.
    • on OpenBSD, the command is amavisd, user/group is _vscan:_vscan.

Note

  • on different Linux/BSD distributions, the command may be amavisd
  • on RHEL/CentOS, you must specify the config file on command line like this:

# amavisd -c /etc/amavisd/amavisd.conf genrsa /var/lib/dkim/new_domain.com.pem

  • Not all DNS vendors support 2048-bit key length as TXT type record, so iRedMail generates the key in 1024-bit. If you want to use 2048-bit instead, please specify the key length on command line:

Generate Dkim Key For Domains

# amavisd -c /etc/amavisd/amavisd.conf genrsa /var/lib/dkim/new_domain.com.pem 2048

  • Find below setting in Amavisd config file amavisd.conf:

Add one line after above line like below:

Dkim
  • Find below setting in Amavisd config file amavisd.conf:

Add one line after 'mydomain.com' line like below:

  • Restart Amavisd service.

Again, don't forget to add DKIM DNS record for this new domain. The value ofDKIM record can be checked with command below:

After added DKIM DNS record, please verify it with command:

Note: DNS vendor usually cache DNS records for 2 hours, so if above commandshows 'invalid' instead of 'pass', you should try again later.

Use one DKIM key for all mail domains

If you want to use one DKIM key for all mail domains, please follow steps below:

  • Make sure you have at least one DKIM key configured like below in Amavisd config file (amavisd.conf):
  • Find parameter @dkim_signature_options_bysender_maps, and set it to:
  • Restart Amavisd serivce.

References

  • Amavisd official document: Setting up DKIM mail signing and verification

All documents are available in GitHub repository, and published under Creative Commons license. You can download the latest version for offline reading. If you found something wrong, please do contact us to fix it.