"DKIM (DomainKeys Identified Mail) "* is an E-mail authentication method designed to detect spoofing of messages sent via e-mail
- First, go to "Settings → Options " and click "Mail Server (SMTP/POP3/IMAP) → Change ".
Check the OpenDKIM (exim) box and click Apply changes
- Add a mail domain under "Domains → Mail Domains → Create "
When adding it, you need to check the checkbox next to "Enable DKIM ".
The private and public keys for DKIM are generated in the /etc/exim4/ssl/ folder and are named your_domain.com.private your_domain.com.txt
note: on CentOS 7 the keys are generated in the folder /etc/exim/ssl/_
- We are interested in a file with the extension .txt, it contains a TXT record which should be added to DNS panel.
The contents of the file will be:
dkim._domainkey IN TXT `` v=DKIM1; k=rsa; p=MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKKCAQnqd4PQCLAbjeDO1QIcfFwtd5GojPl2suLjCjmL6l9Bc7nrRlvAlvnLOQlQRH2A38UwvG3eyln9GbKbK8/Vmyu+xmhoWpGVP/PkaneMx1c/E0pN35DUK4cVuingeZRZWLNIkPTRKcNUWuFK4FN2IblA1z1PRUXNCfWjUMPqkQIDAQAB" ; ----- DKIM key dkim for mytestdomain.com
dkim._domainkey - entered in the **"Host" field **
v=DKIM1; k=rsa; p=MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgIIBCgKKCAQEAQnqd4PQCLAbjeDO1QIcfFwtd5GojPl2suLjCjmL6l9Bc7nrRlvAlvnLOQlQRH2A38UwvG3eyln9GbKbK8/Vmyu+xmhoWpGVP/PkaneMx1c/E0pN35DUK4cVuingeZRZWLNIkPTRKcNUWuFK4FN2IblA1z1PRUXNCfWJUMPqkQidAQAB
is entered in the "Value " field.
** IMPORTANT:** When entering an entry in the DNS panel, make sure to remove the quotation marks at the beginning and end of the entry, as shown in the screenshot above.
Also, the key must be a single line - if there are line breaks, you must copy the key into notepad and remove them to make it a single long line.
To check whether the DKIM signature works is quite simple. You just need to send a letter from any mailbox of your domain to any third-party mail server and check the source code of the letter. The headers should contain the entry "dkim=pass". In the case of gmail or yandex signed letters are marked with special marks (see screenshot).
You can also check your mailbox signatures with mail-tester.com and mxtoolbox.com
"SPF (Sender Policy Framework) "* is an extension for the SMTP e-mail sending protocol.
SPF allows the owner of a domain, in a TXT record corresponding to the domain name, to specify a list of servers authorized to send email messages with return addresses in that domain.
Mail transfer agents that receive mail messages can query SPF information with a simple DNS query, thus verifying the sender's server.
SPF allows you to specify servers and IP addresses that are allowed to send mail from your domains. This feature is designed to block outgoing unwanted messages.
The SPF record is written in the TXT record of the domain. Actually you need to add a TXT record and put the SPF record in its value.
In the SPF record you have to specify the server IP from which the messages will be sent. Instead of 111.11.11.111, write the IP address of your server:
"v=spf1 +a +mx +ip4:111.11.11.111 ~all"
is entered in the "Value " field.