DKIM: Difference between revisions

From DWIKI
 
(52 intermediate revisions by the same user not shown)
Line 1: Line 1:
=DomainKeys Identified Mail=


==Links==
'''DomainKeys Identified Mail'''
*[http://dkimcore.org/tools/keycheck.html dkim check]
*[https://www.digitalocean.com/community/tutorials/how-to-install-and-configure-dkim-with-postfix-on-debian-wheezy DKIM and postfix]
*[http://dkim.org/ Homepage]
*http://www.opendkim.org/opendkim-README
*[http://www.sendmail.com/sm/wp/dkim// About DKIM]
*[[DKIM with Sendmail]]
*https://wiki.debian.org/OpenDKIM
*http://www.myiptest.com/staticpages/index.php/DomainKeys-DKIM-SPF-Validator-test


=Howto=
cd /etc/opendkim/keys


The 'selector' you choose here does not have to be the actual selector used in DNS. It is just the name used for storing the .txt and .private files
= Links =
opendkim-genkey -s somename -d domain.name
[https://dkimvalidator.com/ DKIMvalidator]
*[http://dkimcore.org/tools/keycheck.html dkim check]
*[https://www.digitalocean.com/community/tutorials/how-to-install-and-configure-dkim-with-postfix-on-debian-wheezy DKIM and postfix]
*[https://help.ubuntu.com/community/Postfix/dkim-milter Postfix and dkim-milter]
*[https://www.samlogic.net/articles/dkim--cname-or-txt.htm DKIM with CNAME or TXT]
*[http://www.sendmail.com/sm/wp/dkim// About DKIM]
*[[DKIM_with_Sendmail|DKIM with Sendmail]]
*[https://wiki.debian.org/OpenDKIM https://wiki.debian.org/OpenDKIM]
*[http://www.myiptest.com/staticpages/index.php/DomainKeys-DKIM-SPF-Validator-test http://www.myiptest.com/staticpages/index.php/DomainKeys-DKIM-SPF-Validator-test]
*[https://www.linode.com/docs/email/postfix/configure-spf-and-dkim-in-postfix-on-debian-9/ SPF and DKIM on Debian]
*[[OpenDKIM]]


==SigningTable==
=HOWTO=
#somename is the first field in Keytable
==Check if keys match==
dig myselector._domainkey.example.com txt


  *@domain.nl somename
and save the bit from "p=" to '''public.key.b64'''
openssl enc -base64 -d -in public.key.b64 -out public.key
openssl rsa -pubin -inform DER -in public.key -noout -modulus
and compare the shown modulus with
  openssl rsa -in private.key -noout -modulus


==KeyTable==
They should be identical
Here the name of the selector is the one you publish in dns
lookupname domain.name:selectorname:/path/to/somename.private


 
= FAQ =
=Checking=
[[Category:Mail]]
opendkim-testkey -v
 
This will try to fetch the key published in DNS!
 
=FAQ=
==opendkim: no signing table match for==
In opendkim.conf use:
refile:/etc/opendkik/SigningTable
 
 
==opendkim-testkey key not secure==
Probably means you have no DNSSEC

Latest revision as of 08:41, 27 August 2024

DomainKeys Identified Mail


Links

DKIMvalidator

HOWTO

Check if keys match

dig myselector._domainkey.example.com txt

and save the bit from "p=" to public.key.b64

openssl enc -base64 -d -in public.key.b64 -out public.key
openssl rsa -pubin -inform DER -in public.key -noout -modulus

and compare the shown modulus with

openssl rsa -in private.key -noout -modulus

They should be identical

FAQ