Latest revision as of 07:12, 29 April 2026

DomainKeys Identified Mail

Links

DKIM checks

DKIMvalidator

DKIM documentation

dkim key rotation

DKIM tags

https://mxtoolbox.com/dmarc/dkim/dkim-signature-tags

Tools

dkimverify

HOWTO

Find published dkim key

In mailheader look for 'd=' and 's=' to get domain and selector, then

dig <selector>._domainkey.<domain> TXT

Check if keys match

dig myselector._domainkey.example.com txt

and save the bit from "p=" to public.key.b64 You will probably need to remove the quotes/spaces:

| sed 's/[\" \"|\"$]//g'

openssl enc -base64 -d -in public.key.b64 -out public.key
openssl rsa -pubin -inform DER -in public.key -noout -modulus

and compare the shown modulus with

openssl rsa -in private.key -noout -modulus

They should be identical

FAQ

@@ Line 1: / Line 1: @@
-=DomainKeys Identified Mail=
-==Links==
+'''DomainKeys Identified Mail'''
-*[http://dkimcore.org/tools/keycheck.html dkim check]
-*[https://www.digitalocean.com/community/tutorials/how-to-install-and-configure-dkim-with-postfix-on-debian-wheezy DKIM and postfix]
-*{https://help.ubuntu.com/community/Postfix/dkim-milter Postfix and dkim-milter]
-*[http://dkim.org/ Homepage]
-*http://www.opendkim.org/opendkim-README
-*[http://www.sendmail.com/sm/wp/dkim// About DKIM]
-*[[DKIM with Sendmail]]
-*https://wiki.debian.org/OpenDKIM
-*http://www.myiptest.com/staticpages/index.php/DomainKeys-DKIM-SPF-Validator-test
-*[https://www.linode.com/docs/email/postfix/configure-spf-and-dkim-in-postfix-on-debian-9/ SPF and DKIM on Debian]
-=OpenDKIM Howto=
- cd /etc/opendkim/keys
-The 'selector' you choose here does not have to be the actual selector used in DNS. It is just the name used for storing the .txt and .private files
+= Links =
- opendkim-genkey -s somename -d domain.name
+==DKIM checks==
-Make sure the key ends up in /etc/opendkim/keys and is readable for user opendkim
+[https://dkimvalidator.com/ DKIMvalidator]
+*[http://dkimcore.org/tools/keycheck.html dkim check]
+*[http://www.myiptest.com/staticpages/index.php/DomainKeys-DKIM-SPF-Validator-test http://www.myiptest.com/staticpages/index.php/DomainKeys-DKIM-SPF-Validator-test]
+==DKIM documentation==
+*[https://www.digitalocean.com/community/tutorials/how-to-install-and-configure-dkim-with-postfix-on-debian-wheezy DKIM and postfix]
+*[https://help.ubuntu.com/community/Postfix/dkim-milter Postfix and dkim-milter]
+*[https://www.samlogic.net/articles/dkim--cname-or-txt.htm DKIM with CNAME or TXT]
+*[http://www.sendmail.com/sm/wp/dkim// About DKIM]
+*[[DKIM_with_Sendmail|DKIM with Sendmail]]
+*[https://wiki.debian.org/OpenDKIM https://wiki.debian.org/OpenDKIM]
+*[https://www.linode.com/docs/email/postfix/configure-spf-and-dkim-in-postfix-on-debian-9/ SPF and DKIM on Debian]
+*[[OpenDKIM]]
-==SigningTable==
+*[https://diziet.dreamwidth.org/16025.html dkim key rotation]
-#somename is the first field in Keytable
- *@domain.name somename
+=DKIM tags=
+* https://mxtoolbox.com/dmarc/dkim/dkim-signature-tags
-==KeyTable==
-Here the name of the selector (the part before ._domainkey) is the one you publish in dns
- somename domain.name:selectorname:/path/to/somename.private
+=Tools=
+==dkimverify==
-= Checking =
+=HOWTO=
+==Find published dkim key==
+In mailheader look for 'd=' and 's=' to get domain and selector, then
+ dig <selector>._domainkey.<domain> TXT
-  opendkim-testkey -d domain.name -s selectorname -v -k keys/keyname.private
+==Check if keys match==
+  dig myselector._domainkey.example.com txt
-This will try to fetch the key published in DNS, so "record not found" means DNS record not found. No output is good output.
+and save the bit from "p=" to '''public.key.b64'''
+You will probably need to remove the quotes/spaces:
+ | sed 's/[\" \"|\"$]//g'
-=FAQ=
+ openssl enc -base64 -d -in public.key.b64 -out public.key
-==opendkim: no signing table match for==
+ openssl rsa -pubin -inform DER -in public.key -noout -modulus
-In opendkim.conf use:
+and compare the shown modulus with
-  refile:/etc/opendkim/SigningTable
+  openssl rsa -in private.key -noout -modulus
-==opendkim-testkey key not secure==
+They should be identical
-Probably means you have no DNSSEC
+= FAQ =
-==opendkim: /etc/opendkim.conf: /etc/opendkim/keys/default.private: open(): No such file or directory==
+[[Category:Mail]]
-Means it's defined in opendkim.conf, and you're not using KeyTable

Anonymous

Search

DKIM: Difference between revisions

Namespaces

More

Page actions

Latest revision as of 07:12, 29 April 2026

Contents

Links

DKIM checks

DKIM documentation

DKIM tags

Tools

dkimverify

HOWTO

Find published dkim key

Check if keys match

FAQ

Navigation

Navigation

Wiki tools

Wiki tools

Anonymous

Search

DKIM: Difference between revisions

Latest revision as of 07:12, 29 April 2026

Links

DKIM checks

DKIM documentation

DKIM tags

Tools

dkimverify

HOWTO

Find published dkim key

Check if keys match

FAQ

Navigation

Wiki tools

Page tools

Categories