DKIM
From DWIKI
DomainKeys Identified Mail
Links
- dkim check
- DKIM and postfix
- https://help.ubuntu.com/community/Postfix/dkim-milter Postfix and dkim-milter]
- DKIM Homepage
- http://www.opendkim.org/opendkim-README
- About DKIM
- DKIM with Sendmail
- https://wiki.debian.org/OpenDKIM
- http://www.myiptest.com/staticpages/index.php/DomainKeys-DKIM-SPF-Validator-test
- SPF and DKIM on Debian
- DKIM on relay server
OpenDKIM Howto
cd /etc/opendkim/keys
The 'selector' you choose here does not have to be the actual selector used in DNS. It is just the name used for storing the .txt and .private files
opendkim-genkey -s somename -d domain.name
Make sure the key ends up in /etc/opendkim/keys and is readable for user opendkim
SigningTable
- somename is the first field in Keytable
*@domain.name somename
KeyTable
Here the name of the selector (the part before ._domainkey) is the one you publish in dns
somename domain.name:selectorname:/path/to/somename.private
Configuration file /etc/opendkim.conf
Mode s KeyTable /etc/opendkim/KeyTable SigningTable refile:/etc/opendkim/SigningTable
Postfix
In /etc/postfix/main.cf:
milter_protocol = 2 milter_default_action = accept smtpd_milters = inet:localhost:8891 non_smtpd_milters = inet:localhost:8891
Checking
opendkim-testkey -d domain.name -s selectorname -v -k keys/keyname.private
This will try to fetch the key published in DNS, so "record not found" means DNS record not found. No output is good output.
FAQ
opendkim: no signing table match for
In opendkim.conf use:
refile:/etc/opendkim/SigningTable
opendkim-testkey key not secure
Probably means you have no DNSSEC
opendkim: /etc/opendkim.conf: /etc/opendkim/keys/default.private: open(): No such file or directory
Means it's defined in opendkim.conf, and you're not using KeyTable
This doesn't seem to be a valid RSA public key: RSA.xs:178: OpenSSL error: bad base64 decode
??