Intro

This tutorial describes how to enable DKIM signing with Postfix for your new mail domain example.com and has been tested on Debian Squeeze 6.

Generate a DKIM key for your new mail domain example.com

# cd /var/lib/dkim/
# amavisd-new genrsa example.com.pem
# chmod 0600 example.com.pem
# chown amavis: example.com.pem

 Tell amavisd to DKIM sign mails for your domain example.com

Open /etc/amavis/conf.d/50-user and search for “# Add dkim_key here.”. Add your new domain example.com after the existing domain(s). Maybe you should sort them alphabetically for faster find.

# vi /etc/amavis/conf.d/50-user 

dkim_key("example.com", "dkim", "/var/lib/dkim/example.com.pem");

Add your new domain example.com to @local_domains_maps in /etc/amavis/conf.d/50-user.

The line should now read something like this, after you have added example.com to it:

@local_domains_maps = ( [".$mydomain", "loremipsum.com", "example.com"] );

Activate DKIM signing for your new domain example.com

/etc/init.d/amavis restart

Verify that amavisd uses the newly created DKIM domain key

# amavisd-new showkeys example.com
 ; key#2, domain example.com, /var/lib/dkim/example.com.pem
 dkim._domainkey.example.com. 3600 TXT (
 "v=DKIM1; p="
 "MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDI7ZEV3um7Lj5xa8Z0Y+Kxv0QV"
 "kRqBfLFTv2w4YJxu+EQT6HREEEgbvJOoK8VPlXed3lBY++HF2Rfg3mXfdT+zttvn"
 "r+TMGnJKXjBFoTus9WqHqVTBqLONicmkbFt7W9c1WgegoXxQh6uyJRMB5MB8jLEF"
 "n1PGbLAeSU1a0vy9LQIDAQAB")

Clean up the DKIM string (only if not using BIND)

If you don’t use BIND, you need to clean the DKIM string to be in a single line. Otherwise the whole multiline string can directly be posted to your BIND config.

v=DKIM1; p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDI7ZEV3um7Lj5xa8Z0Y+Kxv0QVkRqBfLFTv2w4YJxu+EQT6HREEEgbvJOoK8VPlXed3lBY++HF2Rfg3mXfdT+zttvnr+TMGnJKXjBFoTus9WqHqVTBqLONicmkbFt7W9c1WgegoXxQh6uyJRMB5MB8jLEFn1PGbLAeSU1a0vy9LQIDAQAB

Create a DNS DKIM record, type TXT for your domain (only if not using BIND)

Create a TXT DNS record named “dkim._domainkey.example.com” in your DNS console / managment interface:

dkim._domainkey.example.com

Put the clean DKIM string in the value field of the TXT record:

v=DKIM1; p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDI7ZEV3um7Lj5xa8Z0Y+Kxv0QVkRqBfLFTv2w4YJxu+EQT6HREEEgbvJOoK8VPlXed3lBY++HF2Rfg3mXfdT+zttvnr+TMGnJKXjBFoTus9WqHqVTBqLONicmkbFt7W9c1WgegoXxQh6uyJRMB5MB8jLEFn1PGbLAeSU1a0vy9LQIDAQAB

After setting up the DKIM DNS entry you should wait a few minutes before proceeding though DNS cycles.

Verify correct DKIM function

# amavisd-new testkeys
TESTING#1: dkim._domainkey.loremipsum.com => pass
TESTING#2: dkim._domainkey.example.com => pass

Help, i’m getting an error: “…invalid -> (public key: not available)”

TESTING#2: dkim._domainkey.example.com => invalid (public key: not available)

Something with your config or your new DKIM domain key seems to be wrong. Maybe the DNS change has not been spreaded to all root DNS servers? Wait a few minutes and try again!

Benjamin Wiedmann

Benjamin Wiedmann is an IT Professional, Software Developer, Photograph and Musician. Read more...

More Posts - Website

Follow Me:
TwitterLinkedInGoogle Plus


Benjamin Wiedmann

Benjamin Wiedmann is an IT Professional, Software Developer, Photograph and Musician. Read more...

0 Comments

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.