Guide updated on 29th of December 2011

Implement DKIM


DomainKeys Identified Mail (DKIM) defines a domain-level authentication framework for email using public-key cryptography and key server technology to permit verification of the source and contents of messages by either Mail Transport Agents (MTAs) or Mail User Agents (MUAs).

DKIM is synthesized and enhanced Yahoo!'s DomainKeys and Cisco's Identified Internet Mail specifications. It enables mail servers to cryptographically sign the outbound messages they send, and allows the recipients of these signed messages to verify that they were sent by a server which is authorized to send mail for that domain.

More information available on http://www.dkim.org

Install Debian libdkim-dev package

aptitude install libdkim-dev

Replace the original qmail-remote binary by the qmail-remote DKIM wrapper script from Joerg Backschues + create spool directory

mv /var/qmail/bin/qmail-remote /var/qmail/bin/qmail-remote.orig
cp /downloads/scripts/qmail-remote /var/qmail/bin/qmail-remote
chown root:qmail /var/qmail/bin/qmail-remote
chmod 0755 /var/qmail/bin/qmail-remote

mkdir -p /var/domainkeys
chown qmailr:qmail /var/domainkeys
chmod 0700 /var/domainkeys

Create your key

chmod +x /downloads/scripts/domainkey
/downloads/scripts/domainkey your-domain

Then you just have to put the TXT record in your DNS domain zone file !

List of optional features


Users comments
Thibs - 02/09/2011 16:57

Hello Georgi,

I really wanted to thank you for your site http://www.pc-freak.net/blog/

It's really useful and I've found a lot of tips !

I'll read http://www.pc-freak.net/blog/how-to-enable-domain-keys-dkim-in-qmail-toaster-based-mail-server-install-on-debian-linux/ and adapt this page with your tips !

Friendly Regards!

 

 

Hip0 - 02/09/2011 13:28

Heya Thibs,

 

Some time ago, I've written a step by step tutorial explaining very widely the possible problems and solutions whether domainkeys needs to be implemented. Some of the readers might want to take a look.

http://www.pc-freak.net/blog/how-to-enable-domain-keys-dkim-in-qmail-toaster-based-mail-server-install-on-debian-linux/

 

You've done great job with this site!

I really enjoy and consult for so many things related to qmail.

Keep the good work up! ;)

 

Best,

Georgi

Jeff - 12/03/2011 16:47

I used Fred's way and got it to work.  Thanks Fred.

Jeff - 11/03/2011 22:39

When I implemented this, it has references to bardenhagen.com (which is not my domain) and I dont understand why it is in my DKIM-Signature.

 

DKIM-Signature:         a=rsa-sha1; c=relaxed; d=bardenhagen.com; s=MDaemon; l=2; t=1299877577; x=1300741577; h=Received:From; b=p bmGCt8boZlqmkLDpBovDtS/tc5qI/783O6kTd0C8oHohT6vOEX0pJ0wgRDTTafrG RzYcIxwaOWQ0pA4LZ18wEyvki0qR1CobzBLBb17Ynovoh6fxD5KWxmzDcDe4DTst KtYOmX97UElAKAVK9MwSiYDiSuwCQZhXalErmkYKHU=

Fred - 01/10/2010 01:32

There is another alternative described on http://manuel.mausz.at/coding/qmail-dkim/


Color Coded Qmail Installation Key
  Regular Black Text     Qmail installation notes and summaries by the author.
  Bold Black Text     Commands to be run by you, the installer.
  Bold/Regular Red Text    Vital and/or critical information.
  Regular Blue text     Denotes helpful tips and hints or hyperlinks.
  Regular Orange Text     Command line output.
  Bold/Regular green text     Denotes the contents of a file or script.