Latest revision as of 07:12, 29 April 2026

DomainKeys Identified Mail

Links

DKIM checks

DKIMvalidator

DKIM documentation

dkim key rotation

DKIM tags

https://mxtoolbox.com/dmarc/dkim/dkim-signature-tags

Tools

dkimverify

HOWTO

Find published dkim key

In mailheader look for 'd=' and 's=' to get domain and selector, then

dig <selector>._domainkey.<domain> TXT

Check if keys match

dig myselector._domainkey.example.com txt

and save the bit from "p=" to public.key.b64 You will probably need to remove the quotes/spaces:

| sed 's/[\" \"|\"$]//g'

openssl enc -base64 -d -in public.key.b64 -out public.key
openssl rsa -pubin -inform DER -in public.key -noout -modulus

and compare the shown modulus with

openssl rsa -in private.key -noout -modulus

They should be identical

FAQ

@@ Line 1: / Line 1: @@
-=DomainKeys Identified Mail=
-==Links==
+'''DomainKeys Identified Mail'''
-*[http://dkimcore.org/tools/keycheck.html dkim check]
-*[https://www.digitalocean.com/community/tutorials/how-to-install-and-configure-dkim-with-postfix-on-debian-wheezy DKIM and postfix]
-*{https://help.ubuntu.com/community/Postfix/dkim-milter Postfix and dkim-milter]
-*[http://dkim.org/ Homepage]
-*http://www.opendkim.org/opendkim-README
-*[http://www.sendmail.com/sm/wp/dkim// About DKIM]
-*[[DKIM with Sendmail]]
-*https://wiki.debian.org/OpenDKIM
-*http://www.myiptest.com/staticpages/index.php/DomainKeys-DKIM-SPF-Validator-test
-*[https://www.linode.com/docs/email/postfix/configure-spf-and-dkim-in-postfix-on-debian-9/ SPF and DKIM on Debian]
-=OpenDKIM Howto=
- cd /etc/opendkim/keys
-The 'selector' you choose here does not have to be the actual selector used in DNS. It is just the name used for storing the .txt and .private files
+= Links =
- opendkim-genkey -s somename -d domain.name
+==DKIM checks==
-Make sure the key ends up in /etc/opendkim/keys and is readable for user opendkim
+[https://dkimvalidator.com/ DKIMvalidator]
+*[http://dkimcore.org/tools/keycheck.html dkim check]
+*[http://www.myiptest.com/staticpages/index.php/DomainKeys-DKIM-SPF-Validator-test http://www.myiptest.com/staticpages/index.php/DomainKeys-DKIM-SPF-Validator-test]
+==DKIM documentation==
+*[https://www.digitalocean.com/community/tutorials/how-to-install-and-configure-dkim-with-postfix-on-debian-wheezy DKIM and postfix]
+*[https://help.ubuntu.com/community/Postfix/dkim-milter Postfix and dkim-milter]
+*[https://www.samlogic.net/articles/dkim--cname-or-txt.htm DKIM with CNAME or TXT]
+*[http://www.sendmail.com/sm/wp/dkim// About DKIM]
+*[[DKIM_with_Sendmail|DKIM with Sendmail]]
+*[https://wiki.debian.org/OpenDKIM https://wiki.debian.org/OpenDKIM]
+*[https://www.linode.com/docs/email/postfix/configure-spf-and-dkim-in-postfix-on-debian-9/ SPF and DKIM on Debian]
+*[[OpenDKIM]]
-==SigningTable==
+*[https://diziet.dreamwidth.org/16025.html dkim key rotation]
-#somename is the first field in Keytable
- *@domain.name somename
+=DKIM tags=
+* https://mxtoolbox.com/dmarc/dkim/dkim-signature-tags
-==KeyTable==
-Here the name of the selector (the part before ._domainkey) is the one you publish in dns
- somename domain.name:selectorname:/path/to/somename.private
-=Checking=
+=Tools=
- opendkim-testkey -d domain.name -s selectorname -v
+==dkimverify==
-This will try to fetch the key published in DNS, so "record not found" means DNS record not found.
+=HOWTO=
-No output is good output.
+==Find published dkim key==
+In mailheader look for 'd=' and 's=' to get domain and selector, then
+ dig <selector>._domainkey.<domain> TXT
-=FAQ=
+==Check if keys match==
-==opendkim: no signing table match for==
+ dig myselector._domainkey.example.com txt
-In opendkim.conf use:
- refile:/etc/opendkim/SigningTable
-==opendkim-testkey key not secure==
+and save the bit from "p=" to '''public.key.b64'''
-Probably means you have no DNSSEC
+You will probably need to remove the quotes/spaces:
+ | sed 's/[\" \"|\"$]//g'
+ openssl enc -base64 -d -in public.key.b64 -out public.key
+ openssl rsa -pubin -inform DER -in public.key -noout -modulus
+and compare the shown modulus with
+ openssl rsa -in private.key -noout -modulus
-==opendkim: /etc/opendkim.conf: /etc/opendkim/keys/default.private: open(): No such file or directory==
+They should be identical
-Means it's defined in opendkim.conf, and you're not using KeyTable
+= FAQ =
+[[Category:Mail]]

Anonymous

Search

DKIM: Difference between revisions

Namespaces

More

Page actions

Latest revision as of 07:12, 29 April 2026

Contents

Links

DKIM checks

DKIM documentation

DKIM tags

Tools

dkimverify

HOWTO

Find published dkim key

Check if keys match

FAQ

Navigation

Navigation

Wiki tools

Wiki tools

Anonymous

Search

DKIM: Difference between revisions

Latest revision as of 07:12, 29 April 2026

Links

DKIM checks

DKIM documentation

DKIM tags

Tools

dkimverify

HOWTO

Find published dkim key

Check if keys match

FAQ

Navigation

Wiki tools

Page tools

Categories