DKIM: Difference between revisions

From DWIKI
 
(47 intermediate revisions by the same user not shown)
Line 1: Line 1:
=DomainKeys Identified Mail=


==Links==
'''DomainKeys Identified Mail'''
*[http://dkimcore.org/tools/keycheck.html dkim check]
*[https://www.digitalocean.com/community/tutorials/how-to-install-and-configure-dkim-with-postfix-on-debian-wheezy DKIM and postfix]
*[http://dkim.org/ Homepage]
*http://www.opendkim.org/opendkim-README
*[http://www.sendmail.com/sm/wp/dkim// About DKIM]
*[[DKIM with Sendmail]]
*https://wiki.debian.org/OpenDKIM
*http://www.myiptest.com/staticpages/index.php/DomainKeys-DKIM-SPF-Validator-test
*[https://www.linode.com/docs/email/postfix/configure-spf-and-dkim-in-postfix-on-debian-9/ SPF and DKIM on Debian]


=Howto=
cd /etc/opendkim/keys


The 'selector' you choose here does not have to be the actual selector used in DNS. It is just the name used for storing the .txt and .private files
= Links =
opendkim-genkey -s somename -d domain.name
[https://dkimvalidator.com/ DKIMvalidator]
*[http://dkimcore.org/tools/keycheck.html dkim check]
*[https://www.digitalocean.com/community/tutorials/how-to-install-and-configure-dkim-with-postfix-on-debian-wheezy DKIM and postfix]
*[https://help.ubuntu.com/community/Postfix/dkim-milter https://help.ubuntu.com/community/Postfix/dkim-milter] Postfix and dkim-milter]
*[http://www.sendmail.com/sm/wp/dkim// About DKIM]
*[[DKIM_with_Sendmail|DKIM with Sendmail]]
*[https://wiki.debian.org/OpenDKIM https://wiki.debian.org/OpenDKIM]
*[http://www.myiptest.com/staticpages/index.php/DomainKeys-DKIM-SPF-Validator-test http://www.myiptest.com/staticpages/index.php/DomainKeys-DKIM-SPF-Validator-test]
*[https://www.linode.com/docs/email/postfix/configure-spf-and-dkim-in-postfix-on-debian-9/ SPF and DKIM on Debian]
*[[OpenDKIM]]


==SigningTable==
#somename is the first field in Keytable


  *@domain.nl somename
=HOWTO=
==Check if keys match==
  dig myselector._domainkey.example.com txt


==KeyTable==
and save the bit from "p=" to '''public.key.b64'''
Here the name of the selector is the one you publish in dns
openssl enc -base64 -d -in public.key.b64 -out public.key
   
  openssl rsa -pubin -inform DER -in public.key -noout -modulus
  somename domain.name:selectorname:/path/to/somename.private
and compare the shown modulus with
  openssl rsa -in private.key -noout -modulus


=Checking=
They should be identical
opendkim-testkey -v


This will try to fetch the key published in DNS, so "record not found" means DNS record not found.
= FAQ =
 
[[Category:Mail]]
=FAQ=
==opendkim: no signing table match for==
In opendkim.conf use:
refile:/etc/opendkim/SigningTable
 
==opendkim-testkey key not secure==
Probably means you have no DNSSEC

Latest revision as of 09:54, 23 January 2024

DomainKeys Identified Mail


Links

DKIMvalidator


HOWTO

Check if keys match

dig myselector._domainkey.example.com txt

and save the bit from "p=" to public.key.b64

openssl enc -base64 -d -in public.key.b64 -out public.key
openssl rsa -pubin -inform DER -in public.key -noout -modulus

and compare the shown modulus with

openssl rsa -in private.key -noout -modulus

They should be identical

FAQ