"DKIM (DomainKeys Identified Mail) "* is an E-mail authentication method designed to detect spoofing of email messages. Dkim allows the recipient to verify that the email was actually sent from a claimed domain.

    Let's create a directory where we will store our private key.

    mkdir /etc/exim4/dkim  
    

    Next, we will generate a private key, which will be only on the server and a public key, which we will then make into the DNS record.

    Go to the folder ``/etc/exim4/dkim

    cd /etc/exim4/dkim  
    

    Generate a private key ``example.com.key

    # openssl genrsa -out example.com.key 1024
    Generating RSA private key, 1024 bit long modulus  
    ..........................++++++
    ..................++++++
    e is 65537 (0x10001)  
    

    Next, generate a public key example.com.public from our private key example.com.key

    # openssl rsa -pubout -in example.com.key -out example.com.public
    writing RSA key  
    

    Change the owner of the directory /etc/exim4/dkim and all files inside to Debian-exim, this is the user under which Exim runs.

    chown -R debian-exim:debian-exim /etc/exim4/dkim  
    

    Modify the Exim configuration file /etc/exim4/exim4.conf.template to use our private key. To do this, open it and put the following lines before the remote_smtp section:

    # DKIM:
    DKIM_DOMAIN = ${lc:${domain:$h_from:}}  
    DKIM_KEY_FILE = /etc/exim4/dkim/DKIM_DOMAIN.key  
    DKIM_PRIVATE_KEY = ${if exists{DKIM_KEY_FILE}{DKIM_KEY_FILE}{0}}  
    DKIM_SELECTOR = email  
    

    !In case you chose to split configs into smaller ones when installing Exim, then the lines above need to be added to the configuration file /etc/exim4/conf.d/transport/30_exim4-config_remote_smtp

    Save the changes and restart Exim:

    service exim4 restart  
    

    To check the configuration, you can use the following command:

    exim -bP transports | grep dkim  
    

    Now we have to create in the DNS zone of our domain a record of type TXT, in which we put our public key in the appropriate format. In the name field we specify:

    email._domainkey  
    

    Where email - this is the selector from the previous item settings.
    And in the field of the record itself, specify the following line:

    v=DKIM1; h=sha256; k=rsa; p=0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDcbu6mvGWmF65Suqazr3Krb2Ky/EXs8qaT1yMDfc00YJD77dq6jCnAwxQUHHuKanlGd1uqomTzs5MBuzw0TCEhzIyyiD+ZBbJQa85a7OhdLoDs7MkwlF2Asqj4k44CpJo0c7gAySdbIQNaY9YpTW0L1TatwIDAQAB  
    

    v=DKIM1 - DKIM version
    h=sha256 - preferred hash algorithm, can be sha1 and sha256
    k=rsa - type of public key p=0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQD..................7OhdLoDs7MkwlF2Asqj4k44CpJo0c7gAySdbIQNaY9YpTW0L1TatwIDAQAB - public key which is in file /etc/exim4/dkim/example.com.public