Operations grimoire/Mail/DKIM: Difference between revisions

Latest revision as of 21:33, 24 October 2024

Mails are signed with OpenDKIM, an open-source implementation for DKIM.

To create a key with unium as DKIM selector for <domain.tld>:

$ add-dkim-domain domain.tld

To create a key with another selector:

$ add-dkim-domain domain.tld <selector>

Send a mail from to another mail server.

You should see a DKIM pass.

You can also from a mailbox for this domain send a mail to check-authverifier.port25.com

Keys must be readeable to opendkim user.

$ chown opendkim /usr/local/etc/opendkim/keys/*/*.private

DKIM must succeed: as long as this isn't fixed, Postfix won't send mail for this domain.

@@ Line 1: / Line 1: @@
+Mails are signed with OpenDKIM, an open-source implementation for DKIM.
 == Add a domain ==
 To create a key with <code>unium</code> as DKIM selector for <domain.tld>:
 <source lang="console">
-$ mkdir /etc/opendkim/keys/domain.tld
+$ add-dkim-domain domain.tld
-$ cd /etc/opendkim/keys/domain.tld
+</source>
-$ opendkim-genkey -s unium -d domain.tld
-$ chown opendkim unium.private
+To create a key with another selector:
-$ cd /etc/opendkim
-$ make clean all
+<source lang="console">
+$ add-dkim-domain domain.tld <selector>
 </source>
@@ Line 19: / Line 23: @@
 == Troubleshooting ==
 === Can't load key from … Permission denied ===
-Keys must belong to opendkim user.
+Keys must be readeable to opendkim user.
 <source lang="console">
-$ chown opendkim /etc/opendkim/keys/*/*.private
+$ chown opendkim /usr/local/etc/opendkim/keys/*/*.private
 </source>
 DKIM must succeed: as long as this isn't fixed, Postfix won't send mail for this domain.
+[[Category:Mail]]