-
Notifications
You must be signed in to change notification settings - Fork 24
dns dkim
From Wikipedia https://en.wikipedia.org/wiki/DomainKeys_Identified_Mail
DomainKeys Identified Mail (DKIM) is an email authentication method designed to detect forged sender addresses in emails (email spoofing), a technique often used in phishing and email spam.
Setting up DKIM is highly recommended to reduce the chance for your emails ending up in the recipient's Spam folder.
First you need to generate a private and public key for DKIM:
openssl genrsa -traditional -out dkim.key 1024
openssl rsa -in dkim.key -pubout -out dkim.pub.keyYou will need the files dkim.key and dkim.pub.key for the next steps.
For email gurus, we have chosen 1024 key length instead of 2048 for DNS simplicity as some registrars don't play well with long TXT record.
Set up DKIM by adding a TXT record for dkim._domainkey.mydomain.com. with the following value:
v=DKIM1; k=rsa; p=PUBLIC_KEY
with PUBLIC_KEY being your dkim.pub.key but
- remove the
-----BEGIN PUBLIC KEY-----and-----END PUBLIC KEY----- - join all the lines on a single line.
For example, if your dkim.pub.key is
-----BEGIN PUBLIC KEY-----
ab
cd
ef
gh
-----END PUBLIC KEY-----
then the PUBLIC_KEY would be abcdefgh.
You can get the PUBLIC_KEY by running this command:
sed "s/-----BEGIN PUBLIC KEY-----/v=DKIM1; k=rsa; p=/g" $(pwd)/dkim.pub.key | \
sed 's/-----END PUBLIC KEY-----//g' | \
tr -d '\n' | awk 1To verify, the following command:
dig @1.1.1.1 dkim._domainkey.mydomain.com txtshould return the above value.
If you use custom domains registered to simplelogin, you need to enable signing outgoing emails from those domains in their DNS Zones.
Create a CNAME record that points dkim._domainkey.customdomain.tld to dkim._domainkey.mydomain.com.
The sl-email container is responsible for signing outgoing messages before handing over delivery of those messages to Postfix.
Note: most Postfix configurations are documented with OpenDKIM for signing emails. SimpleLogin does not need OpenDKIM as signing happens within the sl-email container, before handing over outgoing messages to the postfix container for ultimate delivery to the target recipient.