Operations grimoire/Mail/DKIM: Difference between revisions

From Nasqueron Agora
No edit summary
No edit summary
 
(2 intermediate revisions by the same user not shown)
Line 3: Line 3:
== Add a domain ==
== Add a domain ==
To create a key with <code>unium</code> as DKIM selector for <domain.tld>:
To create a key with <code>unium</code> as DKIM selector for <domain.tld>:
<source lang="console">
$ add-dkim-domain domain.tld
</source>
To create a key with another selector:
<source lang="console">
<source lang="console">
$ mkdir /usr/local/etc/opendkim/keys/domain.tld
$ add-dkim-domain domain.tld <selector>
$ cd /usr/local/etc/opendkim/keys/domain.tld
$ opendkim-genkey -s unium -b 2048 -d domain.tld
$ chown opendkim unium.private
$ cd /usr/local/etc/opendkim
$ make clean all
</source>
</source>


Line 21: Line 23:
== Troubleshooting ==
== Troubleshooting ==
=== Can't load key from … Permission denied ===
=== Can't load key from … Permission denied ===
Keys must belong to opendkim user.
Keys must be readeable to opendkim user.


<source lang="console">
<source lang="console">
Line 28: Line 30:


DKIM must succeed: as long as this isn't fixed, Postfix won't send mail for this domain.
DKIM must succeed: as long as this isn't fixed, Postfix won't send mail for this domain.
[[Category:Mail]]

Latest revision as of 21:33, 24 October 2024

Mails are signed with OpenDKIM, an open-source implementation for DKIM.

Add a domain

To create a key with unium as DKIM selector for <domain.tld>:

$ add-dkim-domain domain.tld

To create a key with another selector:

$ add-dkim-domain domain.tld <selector>

Test

Send a mail from to another mail server.

You should see a DKIM pass.

You can also from a mailbox for this domain send a mail to check-auth@verifier.port25.com

Troubleshooting

Can't load key from … Permission denied

Keys must be readeable to opendkim user.

$ chown opendkim /usr/local/etc/opendkim/keys/*/*.private

DKIM must succeed: as long as this isn't fixed, Postfix won't send mail for this domain.