Create DKIM in PowerMTA
To generate DKIM, run the command
openssl genpkey -algorithm RSA -out private.pem
openssl rsa -pubout -in private.pem -out public.pem
This will create 2 files. private.pem and public.pem
Create a file and copy the content of the file private.pem in it.
/etc/pmta/DOMAIN_NAME_HERE.pem
Public Key
The file public.pem contains the public key, which you need to put in your DNS zone.
public.pem file contains something that looks like the following.
-----BEGIN PUBLIC KEY-----
MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuTt4sgLkVtp3kFkOFcjl
gFbl+62iqhhDSmNosLqW0Pna+rhyBUpPxtCingTi1IO6/vd9MCaTRe89gyTVy8QD
gfERopy+uR3MVrpmHhvaAlqH++HIpJDl/y5PuQz/VRL6bUy6jM0TMmqrEWLUORuc
JcuBP7p7Vwu+cNPuf962YblCqKj5qQlSNPiqVoQvZPYmj6mAvFg0/3dHVcP4j3rC
gfLhSNzBKiQgewkUXoclT8209vGG82ER8nCMwBm16WfCHSAjEmKGAQ01xS32toiZ
Khti9zKgrR2J6kbijMLB2ONQ0gvvbcwRgoJQQ5CkemAGlfsIhEvlfXbD0lkM5PwV
vQIDAQAB
-----END PUBLIC KEY-----
NOTE: This is just an example, don’t use it.
You need to remove —–BEGIN PUBLIC KEY—– and —–END PUBLIC KEY—–, and remove line chars, so it looks like one long string. For example
MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuTt4sgLkVtp3kFkOFcjl gFbl+62iqhhDSmNosLqW0Pna+rhyBUpPxtCingTi1IO6/vd9MCaTRe89gyTVy8QD gfERopy+uR3MVrpmHhvaAlqH++HIpJDl/y5PuQz/VRL6bUy6jM0TMmqrEWLUORuc JcuBP7p7Vwu+cNPuf962YblCqKj5qQlSNPiqVoQvZPYmj6mAvFg0/3dHVcP4j3rC gfLhSNzBKiQgewkUXoclT8209vGG82ER8nCMwBm16WfCHSAjEmKGAQ01xS32toiZ Khti9zKgrR2J6kbijMLB2ONQ0gvvbcwRgoJQQ5CkemAGlfsIhEvlfXbD0lkM5PwV vQIDAQAB
Next, you need to edit the DNS record for your domain name. Create a TXT record with the following name
default._domainkey.DOMAIN_NAME_HERE
For the value, use
"v=DKIM1; k=rsa; p=PUBLIC_KEY_HERE"
Example
"v=DKIM1; k=rsa; p=MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuTt4sgLkVtp3kFkOFcjl gFbl+62iqhhDSmNosLqW0Pna+rhyBUpPxtCingTi1IO6/vd9MCaTRe89gyTVy8QD gfERopy+uR3MVrpmHhvaAlqH++HIpJDl/y5PuQz/VRL6bUy6jM0TMmqrEWLUORuc JcuBP7p7Vwu+cNPuf962YblCqKj5qQlSNPiqVoQvZPYmj6mAvFg0/3dHVcP4j3rC gfLhSNzBKiQgewkUXoclT8209vGG82ER8nCMwBm16WfCHSAjEmKGAQ01xS32toiZ Khti9zKgrR2J6kbijMLB2ONQ0gvvbcwRgoJQQ5CkemAGlfsIhEvlfXbD0lkM5PwV vQIDAQAB"
Enable DKIM Signing
To enable DKIM signing, edit
vi /etc/pmta/config
Add
domain-key default,serverok.in,/etc/pmta/default.serverok.in.pem
You can also add this in virtual MTA settings.
See PowerMTA