"DKIM (DomainKeys Identified Mail) "* is an E-mail authentication method designed to detect spoofing of email messages. Dkim allows the recipient to verify that the email was actually sent from a claimed domain.
Let's create a directory where we will store our private key.
mkdir /etc/exim4/dkim
Next, we will generate a private key, which will be only on the server and a public key, which we will then make into the DNS record.
Go to the folder ``/etc/exim4/dkim
cd /etc/exim4/dkim
Generate a private key ``example.com.key
# openssl genrsa -out example.com.key 1024
Generating RSA private key, 1024 bit long modulus
..........................++++++
..................++++++
e is 65537 (0x10001)
Next, generate a public key example.com.public from our private key example.com.key
# openssl rsa -pubout -in example.com.key -out example.com.public
writing RSA key
Change the owner of the directory /etc/exim4/dkim and all files inside to Debian-exim, this is the user under which Exim runs.
chown -R debian-exim:debian-exim /etc/exim4/dkim
Modify the Exim configuration file /etc/exim4/exim4.conf.template to use our private key. To do this, open it and put the following lines before the remote_smtp section:
# DKIM:
DKIM_DOMAIN = ${lc:${domain:$h_from:}}
DKIM_KEY_FILE = /etc/exim4/dkim/DKIM_DOMAIN.key
DKIM_PRIVATE_KEY = ${if exists{DKIM_KEY_FILE}{DKIM_KEY_FILE}{0}}
DKIM_SELECTOR = email
!In case you chose to split configs into smaller ones when installing Exim, then the lines above need to be added to the configuration file /etc/exim4/conf.d/transport/30_exim4-config_remote_smtp
Save the changes and restart Exim:
service exim4 restart
To check the configuration, you can use the following command:
exim -bP transports | grep dkim
Now we have to create in the DNS zone of our domain a record of type TXT, in which we put our public key in the appropriate format. In the name field we specify:
email._domainkey
Where email - this is the selector from the previous item settings.
And in the field of the record itself, specify the following line:
v=DKIM1; h=sha256; k=rsa; p=0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDcbu6mvGWmF65Suqazr3Krb2Ky/EXs8qaT1yMDfc00YJD77dq6jCnAwxQUHHuKanlGd1uqomTzs5MBuzw0TCEhzIyyiD+ZBbJQa85a7OhdLoDs7MkwlF2Asqj4k44CpJo0c7gAySdbIQNaY9YpTW0L1TatwIDAQAB
v=DKIM1 - DKIM version
h=sha256 - preferred hash algorithm, can be sha1 and sha256
k=rsa - type of public key p=0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQD..................7OhdLoDs7MkwlF2Asqj4k44CpJo0c7gAySdbIQNaY9YpTW0L1TatwIDAQAB - public key which is in file /etc/exim4/dkim/example.com.public