SOLVED
DKIM implementation with on premise installtion
1 Accepted Solution
Correct answer by
Hello All,
Answer from @Jonathon_wodnicki on the other post worked at the end - Post about DKIM
I guess it would be beneficial that it is added to the official documentation.
Apart from what @Jonathon_wodnicki wrote:
For DKIM:
Create a TXT record:
Hostname: selector._domainkey
Value: v=DKIM1; p=base64 encoding of pub key
Follow these steps for the key pair:
- Create a private key: openssl genrsa -out dkim_private.pem 2048
- Get its public key: openssl rsa -in dkim_private.pem -pubout -outform der 2>/dev/null | openssl base64 -A
- Create a long text xtk:option with internal name selector_RSA_PRIVATE_KEY_domain and
fill value with contents of dkim_private.pem. Selector is from the hostname field,
domain is the fqdn.
- Set hostname to _domainkey.subdomain if desired
also the following 'minor' settings have to be done:
In Administration -> Campaign management -> Non Deliverables Management -> Mail Rule Sets -> Domain management
You need to enable DKIM for domain you want to have DKIM. I have enabled it for all (no idea if that's good practice but ootb this was not checked, i might change it in the future)
Also restart the MTA
The option looks like:
Here you need to add Private key as long text option
selector_RSA_PRIVATE_KEY_domain
After this is set and you send yourself email and you can see in the header that email is signed
Received: from xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx ... X-MC-Unique: xxxxxxxxxxxxxxxxxxxxxxxxx DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; s=selector; d=domain-email.com; h=from:subject:date:to:reply-to:mime-version:x-mailer:message- .... .....
Also Public Key has to be added to the TXT record in domain settings. If its not added the email header will contain following:
dkim=none ("invalid DKIM record")
Marcel
Correct answer by
Hello All,
Answer from @Jonathon_wodnicki on the other post worked at the end - Post about DKIM
I guess it would be beneficial that it is added to the official documentation.
Apart from what @Jonathon_wodnicki wrote:
For DKIM:
Create a TXT record:
Hostname: selector._domainkey
Value: v=DKIM1; p=base64 encoding of pub key
Follow these steps for the key pair:
- Create a private key: openssl genrsa -out dkim_private.pem 2048
- Get its public key: openssl rsa -in dkim_private.pem -pubout -outform der 2>/dev/null | openssl base64 -A
- Create a long text xtk:option with internal name selector_RSA_PRIVATE_KEY_domain and
fill value with contents of dkim_private.pem. Selector is from the hostname field,
domain is the fqdn.
- Set hostname to _domainkey.subdomain if desired
also the following 'minor' settings have to be done:
In Administration -> Campaign management -> Non Deliverables Management -> Mail Rule Sets -> Domain management
You need to enable DKIM for domain you want to have DKIM. I have enabled it for all (no idea if that's good practice but ootb this was not checked, i might change it in the future)
Also restart the MTA
The option looks like:
Here you need to add Private key as long text option
selector_RSA_PRIVATE_KEY_domain
After this is set and you send yourself email and you can see in the header that email is signed
Received: from xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx ... X-MC-Unique: xxxxxxxxxxxxxxxxxxxxxxxxx DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; s=selector; d=domain-email.com; h=from:subject:date:to:reply-to:mime-version:x-mailer:message- .... .....
Also Public Key has to be added to the TXT record in domain settings. If its not added the email header will contain following:
dkim=none ("invalid DKIM record")
Marcel
Related Conversations
