Difference between revisions of "DKIM"

From DWIKI
⧼monobook-jumptonavigation⧽⧼monobook-jumptosearch⧽
m
 
(11 intermediate revisions by the same user not shown)
Line 1: Line 1:
=DomainKeys Identified Mail=
 
  
==Links==
+
= DomainKeys Identified Mail =
*[http://dkimcore.org/tools/keycheck.html dkim check]
+
 
*[https://www.digitalocean.com/community/tutorials/how-to-install-and-configure-dkim-with-postfix-on-debian-wheezy DKIM and postfix]
+
== Links ==
*[http://dkim.org/ Homepage]
+
 
*http://www.opendkim.org/opendkim-README
+
*[http://dkimcore.org/tools/keycheck.html dkim check]  
*[http://www.sendmail.com/sm/wp/dkim// About DKIM]
+
*[https://www.digitalocean.com/community/tutorials/how-to-install-and-configure-dkim-with-postfix-on-debian-wheezy DKIM and postfix]
*[[DKIM with Sendmail]]
+
*[https://help.ubuntu.com/community/Postfix/dkim-milter https://help.ubuntu.com/community/Postfix/dkim-milter] Postfix and dkim-milter]  
*https://wiki.debian.org/OpenDKIM
+
*[http://dkim.org/ Homepage]  
*http://www.myiptest.com/staticpages/index.php/DomainKeys-DKIM-SPF-Validator-test
+
*[http://www.opendkim.org/opendkim-README http://www.opendkim.org/opendkim-README]
*[https://www.linode.com/docs/email/postfix/configure-spf-and-dkim-in-postfix-on-debian-9/ SPF and DKIM on Debian]
+
*[http://www.sendmail.com/sm/wp/dkim// About DKIM]  
 +
*[[DKIM_with_Sendmail|DKIM with Sendmail]]  
 +
*[https://wiki.debian.org/OpenDKIM https://wiki.debian.org/OpenDKIM]
 +
*[http://www.myiptest.com/staticpages/index.php/DomainKeys-DKIM-SPF-Validator-test http://www.myiptest.com/staticpages/index.php/DomainKeys-DKIM-SPF-Validator-test]
 +
*[https://www.linode.com/docs/email/postfix/configure-spf-and-dkim-in-postfix-on-debian-9/ SPF and DKIM on Debian]  
 +
*[https://tweenpath.net/opendkim-postfix-smtp-relay-server-on-debian-7/  DKIM on relay server]
 +
 
 +
 
 +
 
 +
 
 +
= OpenDKIM Howto =
  
=OpenDKIM Howto=
 
 
  cd /etc/opendkim/keys
 
  cd /etc/opendkim/keys
  
 
The 'selector' you choose here does not have to be the actual selector used in DNS. It is just the name used for storing the .txt and .private files
 
The 'selector' you choose here does not have to be the actual selector used in DNS. It is just the name used for storing the .txt and .private files
 +
 
  opendkim-genkey -s somename -d domain.name
 
  opendkim-genkey -s somename -d domain.name
 +
 
Make sure the key ends up in /etc/opendkim/keys and is readable for user opendkim
 
Make sure the key ends up in /etc/opendkim/keys and is readable for user opendkim
  
==SigningTable==
+
== SigningTable ==
#somename is the first field in Keytable
+
 
 +
#somename is the first field in Keytable  
 +
 
 +
*@domain.name somename
 +
 
 +
== KeyTable ==
  
*@domain.nl somename
+
Here the name of the selector (the part before ._domainkey) is the one you publish in dns
  
==KeyTable==
 
Here the name of the selector is the one you publish in dns
 
 
 
  somename domain.name:selectorname:/path/to/somename.private
 
  somename domain.name:selectorname:/path/to/somename.private
  
=Checking=
+
==Configuration file /etc/opendkim.conf==
opendkim-testkey -v
+
Mode    s
 +
KeyTable        /etc/opendkim/KeyTable
 +
SigningTable    refile:/etc/opendkim/SigningTable
 +
== Postfix ==
  
This will try to fetch the key published in DNS, so "record not found" means DNS record not found.
+
In /etc/postfix/main.cf:
 +
 
 +
 
 +
 
 +
milter_protocol = 2
 +
milter_default_action = accept
 +
smtpd_milters = inet:localhost:8891
 +
non_smtpd_milters = inet:localhost:8891
 +
 
 +
 
 +
 
 +
= Checking =
 +
 
 +
opendkim-testkey -d domain.name -s selectorname -v -k keys/keyname.private
 +
 
 +
This will try to fetch the key published in DNS, so "record not found" means DNS record not found. No output is good output.
 +
 
 +
*[https://www.dmarcanalyzer.com/nl/dkim-record-validatie/ https://www.dmarcanalyzer.com/nl/dkim-record-validatie/]
 +
 
 +
= FAQ =
 +
 
 +
== opendkim: no signing table match for ==
  
=FAQ=
 
==opendkim: no signing table match for==
 
 
In opendkim.conf use:
 
In opendkim.conf use:
 +
 
  refile:/etc/opendkim/SigningTable
 
  refile:/etc/opendkim/SigningTable
  
==opendkim-testkey key not secure==
+
== opendkim-testkey key not secure ==
 +
 
 
Probably means you have no DNSSEC
 
Probably means you have no DNSSEC
 +
 +
 
 +
 +
== opendkim: /etc/opendkim.conf: /etc/opendkim/keys/default.private: open(): No such file or directory ==
 +
 +
Means it's defined in opendkim.conf, and you're not using KeyTable
 +
 +
 
 +
 +
== This doesn't seem to be a valid RSA public key: RSA.xs:178: OpenSSL error: bad base64 decode ==
 +
 +
??

Latest revision as of 12:49, 30 September 2021

DomainKeys Identified Mail

Links

 


OpenDKIM Howto

cd /etc/opendkim/keys

The 'selector' you choose here does not have to be the actual selector used in DNS. It is just the name used for storing the .txt and .private files

opendkim-genkey -s somename -d domain.name

Make sure the key ends up in /etc/opendkim/keys and is readable for user opendkim

SigningTable

  1. somename is the first field in Keytable
*@domain.name somename

KeyTable

Here the name of the selector (the part before ._domainkey) is the one you publish in dns

somename domain.name:selectorname:/path/to/somename.private

Configuration file /etc/opendkim.conf

Mode s KeyTable /etc/opendkim/KeyTable SigningTable refile:/etc/opendkim/SigningTable

Postfix

In /etc/postfix/main.cf:

 

milter_protocol = 2
milter_default_action = accept
smtpd_milters = inet:localhost:8891
non_smtpd_milters = inet:localhost:8891

 

Checking

opendkim-testkey -d domain.name -s selectorname -v -k keys/keyname.private

This will try to fetch the key published in DNS, so "record not found" means DNS record not found. No output is good output.

FAQ

opendkim: no signing table match for

In opendkim.conf use:

refile:/etc/opendkim/SigningTable

opendkim-testkey key not secure

Probably means you have no DNSSEC

 

opendkim: /etc/opendkim.conf: /etc/opendkim/keys/default.private: open(): No such file or directory

Means it's defined in opendkim.conf, and you're not using KeyTable

 

This doesn't seem to be a valid RSA public key: RSA.xs:178: OpenSSL error: bad base64 decode

??