Authenticate emails with DKIM on Debian or Ubuntu Linux

DKIM (DomainKeys Identified Mail) is a standard used to authenticate the emails senders and fight against spam and phishing.

This post describes how to authenticate emails with DKIM on Debian or Ubuntu Linux.

Prerequisites

  • Have a server running Debian or Ubuntu Linux (see Install and set up Linux Debian 7).
  • Access to DNS records of domain mydomain.com used as the emails sender.
  • Login as root.

Install and set up Exim

Exim is a mail server (Mail Transfer Agent or MTA) that lets you send emails from Linux.

apt-get install exim4
dpkg-reconfigure exim4-config

General type of mail configuration: internet site; mail is sent and received directly using SMTP
System mail name: myhostname.mydomain.com
IP-addresses to listen on for incoming SMTP connections: 127.0.0.1 ; ::1
Other destinations for which mail is accepted:
Domains to relay mail for:
Machines to relay mail for:
Keep number of DNS-queries minimal (Dial-on-Demand)? No
Delivery method for local mail: mbox format in /var/mail/
Split configuration into small files? No

Generate public and private DKIM keys

cd /etc/exim4
openssl genrsa -out dkim.private 1024
openssl rsa -in dkim.private -out dkim.public -pubout -outform PEM

Create DKIM DNS record

The public key is in the /etc/exim4/dkim.public file.

cat /etc/exim4/dkim.public

-----BEGIN PUBLIC KEY-----
abCdefGhijKLm
noPQRsTuvWxyZ
-----END PUBLIC KEY-----

The DKIM DNS record is a TXT record containing the public DKIM key without line breaks (see Create and configure DNS records for a domain).

dkim._domainkey.mydomain.com TXT "k=rsa; p=abCdefGhijKLmnoPQRsTuvWxyZ"

Set up Exim

nano /etc/exim4/exim4.conf.template

After line CONFDIR = /etc/exim4, add:

# DKIM loading
DKIM_CANON = relaxed
DKIM_DOMAIN = ${sender_address_domain}
DKIM_PRIVATE_KEY = CONFDIR/dkim.private
DKIM_SELECTOR = dkim

service exim4 restart

Leave a Reply

Your email address will not be published. Required fields are marked *

*