Operations grimoire/Mail/DKIM: Difference between revisions

From Nasqueron Agora
(→‎Add a domain: Let's try 2048 keys)
(Going to deploy this on FreeBSD, so /usr/local/etc)
Line 2: Line 2:
To create a key with <code>unium</code> as DKIM selector for <domain.tld>:
To create a key with <code>unium</code> as DKIM selector for <domain.tld>:
<source lang="console">
<source lang="console">
$ mkdir /etc/opendkim/keys/domain.tld
$ mkdir /usr/local/etc/opendkim/keys/domain.tld
$ cd /etc/opendkim/keys/domain.tld
$ cd /usr/local/etc/opendkim/keys/domain.tld
$ opendkim-genkey -s unium -b 2048 -d domain.tld
$ opendkim-genkey -s unium -b 2048 -d domain.tld
$ chown opendkim unium.private
$ chown opendkim unium.private
$ cd /etc/opendkim
$ cd /usr/local/etc/opendkim
$ make clean all
$ make clean all
</source>
</source>
Line 22: Line 22:


<source lang="console">
<source lang="console">
$ chown opendkim /etc/opendkim/keys/*/*.private
$ chown opendkim /usr/local/etc/opendkim/keys/*/*.private
</source>
</source>


DKIM must succeed: as long as this isn't fixed, Postfix won't send mail for this domain.
DKIM must succeed: as long as this isn't fixed, Postfix won't send mail for this domain.

Revision as of 13:42, 20 October 2024

Add a domain

To create a key with unium as DKIM selector for <domain.tld>: 

$ mkdir /usr/local/etc/opendkim/keys/domain.tld
$ cd /usr/local/etc/opendkim/keys/domain.tld
$ opendkim-genkey -s unium -b 2048 -d domain.tld
$ chown opendkim unium.private
$ cd /usr/local/etc/opendkim
$ make clean all

Test

Send a mail from to another mail server.

You should see a DKIM pass.

You can also from a mailbox for this domain send a mail to check-auth@verifier.port25.com

Troubleshooting

Can't load key from … Permission denied

Keys must belong to opendkim user. 

$ chown opendkim /usr/local/etc/opendkim/keys/*/*.private

DKIM must succeed: as long as this isn't fixed, Postfix won't send mail for this domain.

Retrieved from "https://agora.nasqueron.org/index.php?title=Operations_grimoire/Mail/DKIM&oldid=1655"