DKIM + Exim for Ubuntu

Instructions for setting up DKIM on a server without a control panel

«DKIM (DomainKeys Identified Mail)» is an email authentication method designed to detect forged messages sent via email. DKIM allows the recipient to verify that a message was indeed sent from the claimed domain. On a VPS or a dedicated server, this setup is easy to implement since you have full control over the mail server.

In this example, we’ll configure DKIM for the domain example.com.

Create a directory to store the private key:

mkdir /etc/exim4/dkim

Next, generate a private key that will remain on the server and a public key, which will later be added to your DNS record.

Navigate to the /etc/exim4/dkim directory:

cd /etc/exim4/dkim

Generate the private key example.com.key:

# openssl genrsa -out example.com.key 1024
Generating RSA private key, 1024 bit long modulus
..........................++++++
..................++++++
e is 65537 (0x10001)

Then generate the public key example.com.pub from the private key example.com.key:

# openssl rsa -pubout -in example.com.key -out example.com.pub
writing RSA key

Change the owner of the /etc/exim4/dkim directory and all files inside to Debian-exim, since Exim runs under this user:

chown -R Debian-exim:Debian-exim /etc/exim4/dkim

Update the Exim configuration file /etc/exim4/exim4.conf.template to use the private key. Add the following lines before the remote_smtp section:

DKIM_CANON = relaxed
DKIM_DOMAIN = example.com
DKIM_PRIVATE_KEY = /etc/exim4/dkim/example.com.key
DKIM_SELECTOR = email

If you installed Exim with split configuration files, add these lines to /etc/exim4/conf.d/transport/30_exim4-config_remote_smtp instead.

Save the changes and restart Exim:

service exim4 restart

To check the configuration, run:

exim -bP transports | grep dkim

Next, create a TXT record in your domain’s DNS zone containing the public key in the correct format. Set the record name to:

email._domainkey

Where email is the selector from the previous step.

Set the record value to:

v=DKIM1; h=sha256; k=rsa; p=0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDcbu6mvGWmF65Suqazr3Krb2Ky/EXs8qaT1yMDfc00YJD77dq6jCnAwxQUHHuKanlELGd1uqomTzs5MBuzw0TCEhzIyyiD+ZZBbJQa85a7OhdLoDs7MkwlF2Asqj4k44CpJo0c7gAySdbIQNaY9YpTW0L1TatwIDAQAB
  • v=DKIM1 — DKIM version
  • h=sha256 — preferred hash algorithm (can be sha1 or sha256)
  • k=rsa — type of public key
  • p=... — the public key corresponding to the file /etc/exim4/dkim/example.com.pub
Need help?Our engineers will help you free of charge with any question in minutesContact us