Latest revision as of 10:54, 23 January 2024

DomainKeys Identified Mail

Links

HOWTO

Check if keys match

dig myselector._domainkey.example.com txt

and save the bit from "p=" to public.key.b64

openssl enc -base64 -d -in public.key.b64 -out public.key
openssl rsa -pubin -inform DER -in public.key -noout -modulus

and compare the shown modulus with

openssl rsa -in private.key -noout -modulus

They should be identical

FAQ

@@ Line 1: / Line 1: @@
-= DomainKeys Identified Mail =
+'''DomainKeys Identified Mail'''
-== Links ==
+= Links =
+[https://dkimvalidator.com/ DKIMvalidator]
 *[http://dkimcore.org/tools/keycheck.html dkim check]
 *[https://www.digitalocean.com/community/tutorials/how-to-install-and-configure-dkim-with-postfix-on-debian-wheezy DKIM and postfix]
 *[https://help.ubuntu.com/community/Postfix/dkim-milter https://help.ubuntu.com/community/Postfix/dkim-milter] Postfix and dkim-milter]
-*[http://dkim.org/ Homepage]
-*[http://www.opendkim.org/opendkim-README http://www.opendkim.org/opendkim-README]
 *[http://www.sendmail.com/sm/wp/dkim// About DKIM]
 *[[DKIM_with_Sendmail|DKIM with Sendmail]]
@@ Line 14: / Line 13: @@
 *[http://www.myiptest.com/staticpages/index.php/DomainKeys-DKIM-SPF-Validator-test http://www.myiptest.com/staticpages/index.php/DomainKeys-DKIM-SPF-Validator-test]
 *[https://www.linode.com/docs/email/postfix/configure-spf-and-dkim-in-postfix-on-debian-9/ SPF and DKIM on Debian]
+*[[OpenDKIM]]
-&nbsp;
-= OpenDKIM Howto =
+=HOWTO=
+==Check if keys match==
+ dig myselector._domainkey.example.com txt
-  cd /etc/opendkim/keys
+and save the bit from "p=" to '''public.key.b64'''
+  openssl enc -base64 -d -in public.key.b64 -out public.key
+ openssl rsa -pubin -inform DER -in public.key -noout -modulus
+and compare the shown modulus with
+ openssl rsa -in private.key -noout -modulus
-The 'selector' you choose here does not have to be the actual selector used in DNS. It is just the name used for storing the .txt and .private files
+They should be identical
- opendkim-genkey -s somename -d domain.name
-Make sure the key ends up in /etc/opendkim/keys and is readable for user opendkim
-== SigningTable ==
-#somename is the first field in Keytable
- *@domain.name somename
-== KeyTable ==
-Here the name of the selector (the part before ._domainkey) is the one you publish in dns
- somename domain.name:selectorname:/path/to/somename.private
-== Postfix ==
-In /etc/postfix/main.cf:
-&nbsp;
- milter_protocol = 2
- milter_default_action = accept
- smtpd_milters = inet:localhost:8891
- non_smtpd_milters = inet:localhost:8891
-= Checking =
- opendkim-testkey -d domain.name -s selectorname -v -k keys/keyname.private
-This will try to fetch the key published in DNS, so "record not found" means DNS record not found. No output is good output.
-*[https://www.dmarcanalyzer.com/nl/dkim-record-validatie/ https://www.dmarcanalyzer.com/nl/dkim-record-validatie/]
 = FAQ =
+[[Category:Mail]]
-== opendkim: no signing table match for ==
-In opendkim.conf use:
- refile:/etc/opendkim/SigningTable
-== opendkim-testkey key not secure ==
-Probably means you have no DNSSEC
-&nbsp;
-== opendkim: /etc/opendkim.conf: /etc/opendkim/keys/default.private: open(): No such file or directory ==
-Means it's defined in opendkim.conf, and you're not using KeyTable
-== This doesn't seem to be a valid RSA public key: RSA.xs:178: OpenSSL error: bad base64 decode ==
-??

Anonymous

Search

DKIM: Difference between revisions

Namespaces

More

Page actions

Latest revision as of 10:54, 23 January 2024

Contents

Links

HOWTO

Check if keys match

FAQ

Navigation

Navigation

Wiki tools

Wiki tools

Anonymous

Search

DKIM: Difference between revisions

Latest revision as of 10:54, 23 January 2024

Links

HOWTO

Check if keys match

FAQ

Navigation

Wiki tools

Page tools

Categories