IRedMail/FAQ/Enable.DKIM.Signing.For.New.Mail.Domain/RHEL

From iRedMail
Jump to: navigation, search

Contents


This tutorial describes how to enable DKIM signing for new mail domains new_domain.com on below Linux distributions:

  • Red Hat Enterprise Linux
  • CentOS
  • Scientific Linux

Generate DKIM key for new mail domain

Terminal:
# cd /var/lib/dkim/
# amavisd genrsa new_domain.com.pem
# chmod 0644 new_domain.com.pem

Enable DKIM signing for new mail domain in Amavisd

Open Amavisd config file /etc/amavisd.conf, search for "# Add dkim_key here.", and add it alongside the others, preferably in alphabetic order so you can find it faster.

File: /etc/amavisd.conf
dkim_key("new_domain.com", "dkim", "/var/lib/dkim/new_domain.com.pem");

Add your new domain in @local_domains_maps in /etc/amavisd.conf. The line should now read something like this:

File: /etc/amavisd.conf
@local_domains_maps = ( [".$mydomain", "firstdomain.com", "new_domain.com"] );  # list of all local domains

Restart amavisd service:

Terminal:
# /etc/init.d/amavisd restart

Test that new key to make sure it was installed properly:

Terminal:
# amavisd showkeys new_domain.com
; key#1, domain new_domain.com, /var/lib/dkim/new_domain.com.pem
dkim._domainkey.new_domain.com.   3600 TXT (
  "v=DKIM1; p="
  "MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDYArsr2BKbdhv9efugByf7LhaK"
  "txFUt0ec5+1dWmcDv0WH0qZLFK711sibNN5LutvnaiuH+w3Kr8Ylbw8gq2j0UBok"
  "FcMycUvOBd7nsYn/TUrOua3Nns+qKSJBy88IWSh2zHaGbjRYujyWSTjlPELJ0H+5"
  "EV711qseo/omquskkwIDAQAB")
  • If you have your own Bind DNS server running, add exactly what was printed above to the zone file in you nameserver(s). Make sure you have also updated the serial of the zone file, then restart named service:
Terminal:
  • If you hosted domain names in ISP like GoDaddy, create a new DNS record, host record is dkim._domainkey.new_domain.com, record type is TXT, then copy output of above command into one line, like below, it's value of DNS record dkim._domainkey.new_domain.com:
File:
v=DKIM1; p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDYArsr2BKbdhv9efugByf7LhaKtxFUt0ec5+1dWmcDv0WH0qZLFK711sibNN5LutvnaiuH+w3Kr8Ylbw8gq2j0UBokFcMycUvOBd7nsYn/TUrOua3Nns+qKSJBy88IWSh2zHaGbjRYujyWSTjlPELJ0H+5EV711qseo/omquskkwIDAQAB

Verify DKIM signing

After your new DNS records is working, verify that everything is ok by sending mails from new_domain.com to the autoresponders from this page: DKIM Reflectors

Personal tools