"DKIM (DomainKeys Identified Mail) "* is an E-mail authentication method designed to detect spoofing of email messages. Dkim allows the recipient to verify that the email was actually sent from a claimed domain.

Let's create a directory where we will store our private key.

mkdir /etc/exim4/dkim  

Next, we will generate a private key, which will be only on the server and a public key, which we will then make into the DNS record.

Go to the folder ``/etc/exim4/dkim

cd /etc/exim4/dkim  

Generate a private key ``example.com.key

# openssl genrsa -out example.com.key 1024
Generating RSA private key, 1024 bit long modulus  
e is 65537 (0x10001)  

Next, generate a public key example.com.pub from our private key example.com.key

# openssl rsa -pubout -in example.com.key -out example.com.pub
writing RSA key  

Change the owner of the directory /etc/exim4/dkim and all files inside to Debian-exim, this is the user under which Exim runs.

chown -R debian-exim:debian-exim /etc/exim4/dkim  

Modify the Exim configuration file /etc/exim4/exim4.conf.template to use our private key. To do this, open it and put the following lines before the remote_smtp section:

DKIM_CANON = relaxed  
DKIM_DOMAIN = example.com  
DKIM_PRIVATE_KEY = /etc/exim4/dkim/example.com.key  

!In case you chose to split configs into smaller ones when installing Exim, then the lines above need to be added to the configuration file /etc/exim4/conf.d/transport/30_exim4-config_remote_smtp

Save the changes and restart Exim:

service exim4 restart  

To check the configuration, you can use the following command:

exim -bP transports | grep dkim  

Now we have to create in the DNS zone of our domain a record of type TXT, in which we put our public key in the appropriate format. In the name field we specify:


Where email - this is the selector from the previous item settings.
And in the field of the record itself, specify the following line:

v=DKIM1; h=sha256; k=rsa; p=0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDcbu6mvGWmF65Suqazr3Krb2Ky/EXs8qaT1yMDfc00YJD77dq6jCnAwxQUHHuKanlGd1uqomTzs5MBuzw0TCEhzIyyiD+ZBbJQa85a7OhdLoDs7MkwlF2Asqj4k44CpJo0c7gAySdbIQNaY9YpTW0L1TatwIDAQAB  

v=DKIM1 - DKIM version
h=sha256 - preferred hash algorithm, can be sha1 and sha256
k=rsa - type of public key p=0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQD..................7OhdLoDs7MkwlF2Asqj4k44CpJo0c7gAySdbIQNaY9YpTW0L1TatwIDAQAB - public key which is in file /etc/exim4/dkim/example.com.pub

Updated Nov. 22, 2023