DKIM + Exim on Ubuntu

DKIM (DomainKeys Identified Mail) is an email authentication method that lets recipients verify a message was actually sent from the claimed domain. On a VPS or dedicated server, setting up DKIM is straightforward — you have full control over the mail server.

The examples below use example.com as the domain.

Generating the keys

Create a directory to store the keys:

mkdir /etc/exim4/dkim
cd /etc/exim4/dkim

Generate the private key:

openssl genrsa -out example.com.key 1024

Generate the public key from the private key:

openssl rsa -pubout -in example.com.key -out example.com.pub

Transfer ownership of the directory to Debian-exim, the user Exim runs as:

chown -R Debian-exim:Debian-exim /etc/exim4/dkim

Configuring Exim

Open /etc/exim4/exim4.conf.template and add the following lines before the remote_smtp section:

DKIM_CANON = relaxed
DKIM_DOMAIN = example.com
DKIM_PRIVATE_KEY = /etc/exim4/dkim/example.com.key
DKIM_SELECTOR = email

If you chose the split-configuration option when installing Exim, add these lines to /etc/exim4/conf.d/transport/30_exim4-config_remote_smtp instead.

Save the changes and restart Exim:

service exim4 restart

Verify the configuration:

exim -bP transports | grep dkim

Adding the DNS record

In your domain's DNS zone, create a TXT record:

Record name:

email._domainkey

Where email is the selector defined in the Exim configuration.

Record value:

v=DKIM1; h=sha256; k=rsa; p=0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDcbu6mvGWmF65Suqazr3Krb2Ky/EXs8qaT1yMDfc00YJD77dq6jCnAwxQUHHuKanlELGd1uqomTzs5MBuzw0TCEhzIyyiD+ZZBbJQa85a7OhdLoDs7MkwlF2Asqj4k44CpJo0c7gAySdbIQNaY9YpTW0L1TatwIDAQAB

Record parameters:

• v=DKIM1 — DKIM version.
• h=sha256 — preferred hashing algorithm (sha1 or sha256).
• k=rsa — public key type.
• p=... — the public key from /etc/exim4/dkim/example.com.pub.