DKIM + Exim for Ubuntu
Instructions for setting up DKIM on a server without a control panel
«DKIM (DomainKeys Identified Mail)» is an email authentication method designed to detect forged messages sent via email. DKIM allows the recipient to verify that a message was indeed sent from the claimed domain. On a VPS or a dedicated server, this setup is easy to implement since you have full control over the mail server.
In this example, we’ll configure DKIM for the domain example.com
.
Create a directory to store the private key:
mkdir /etc/exim4/dkim
Next, generate a private key that will remain on the server and a public key, which will later be added to your DNS record.
Navigate to the /etc/exim4/dkim
directory:
cd /etc/exim4/dkim
Generate the private key example.com.key
:
# openssl genrsa -out example.com.key 1024
Generating RSA private key, 1024 bit long modulus
..........................++++++
..................++++++
e is 65537 (0x10001)
Then generate the public key example.com.pub
from the private key example.com.key
:
# openssl rsa -pubout -in example.com.key -out example.com.pub
writing RSA key
Change the owner of the /etc/exim4/dkim
directory and all files inside to Debian-exim
, since Exim runs under this user:
chown -R Debian-exim:Debian-exim /etc/exim4/dkim
Update the Exim configuration file /etc/exim4/exim4.conf.template
to use the private key. Add the following lines before the remote_smtp
section:
DKIM_CANON = relaxed
DKIM_DOMAIN = example.com
DKIM_PRIVATE_KEY = /etc/exim4/dkim/example.com.key
DKIM_SELECTOR = email
If you installed Exim with split configuration files, add these lines to
/etc/exim4/conf.d/transport/30_exim4-config_remote_smtp
instead.
Save the changes and restart Exim:
service exim4 restart
To check the configuration, run:
exim -bP transports | grep dkim
Next, create a TXT record in your domain’s DNS zone containing the public key in the correct format. Set the record name to:
email._domainkey
Where email
is the selector from the previous step.
Set the record value to:
v=DKIM1; h=sha256; k=rsa; p=0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDcbu6mvGWmF65Suqazr3Krb2Ky/EXs8qaT1yMDfc00YJD77dq6jCnAwxQUHHuKanlELGd1uqomTzs5MBuzw0TCEhzIyyiD+ZZBbJQa85a7OhdLoDs7MkwlF2Asqj4k44CpJo0c7gAySdbIQNaY9YpTW0L1TatwIDAQAB
v=DKIM1
— DKIM versionh=sha256
— preferred hash algorithm (can besha1
orsha256
)k=rsa
— type of public keyp=...
— the public key corresponding to the file/etc/exim4/dkim/example.com.pub