Create DKIM in PowerMTA
To generate DKIM, run the command
1 2 |
openssl genpkey -algorithm RSA -out private.pem openssl rsa -pubout -in private.pem -out public.pem |
This will create 2 files. private.pem and public.pem
Create a file and copy content of the file private.pem in it.
1 |
/etc/pmta/DOMAIN_NAME_HERE.pem |
Public Key
The file public.pem contains the public key, this you need to put in your DNS zone.
public.pem file contains something that look like the following.
1 2 3 4 5 6 7 8 9 |
-----BEGIN PUBLIC KEY----- MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuTt4sgLkVtp3kFkOFcjl gFbl+62iqhhDSmNosLqW0Pna+rhyBUpPxtCingTi1IO6/vd9MCaTRe89gyTVy8QD gfERopy+uR3MVrpmHhvaAlqH++HIpJDl/y5PuQz/VRL6bUy6jM0TMmqrEWLUORuc JcuBP7p7Vwu+cNPuf962YblCqKj5qQlSNPiqVoQvZPYmj6mAvFg0/3dHVcP4j3rC gfLhSNzBKiQgewkUXoclT8209vGG82ER8nCMwBm16WfCHSAjEmKGAQ01xS32toiZ Khti9zKgrR2J6kbijMLB2ONQ0gvvbcwRgoJQQ5CkemAGlfsIhEvlfXbD0lkM5PwV vQIDAQAB -----END PUBLIC KEY----- |
NOTE: this is just an example, don’t use it.
You need to remove —–BEGIN PUBLIC KEY—– and —–END PUBLIC KEY—–, renew new line chars, so it look like one long string. For example
1 |
MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuTt4sgLkVtp3kFkOFcjl gFbl+62iqhhDSmNosLqW0Pna+rhyBUpPxtCingTi1IO6/vd9MCaTRe89gyTVy8QD gfERopy+uR3MVrpmHhvaAlqH++HIpJDl/y5PuQz/VRL6bUy6jM0TMmqrEWLUORuc JcuBP7p7Vwu+cNPuf962YblCqKj5qQlSNPiqVoQvZPYmj6mAvFg0/3dHVcP4j3rC gfLhSNzBKiQgewkUXoclT8209vGG82ER8nCMwBm16WfCHSAjEmKGAQ01xS32toiZ Khti9zKgrR2J6kbijMLB2ONQ0gvvbcwRgoJQQ5CkemAGlfsIhEvlfXbD0lkM5PwV vQIDAQAB |
Next you need to edit DNS record for your domain name. Create a TXT record with following name
1 |
default._domainkey.DOMAIN_NAME_HERE |
For the value, use
1 |
"v=DKIM1; k=rsa; p=PUBLIC_KEY_HERE" |
Example
1 |
"v=DKIM1; k=rsa; p=MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuTt4sgLkVtp3kFkOFcjl gFbl+62iqhhDSmNosLqW0Pna+rhyBUpPxtCingTi1IO6/vd9MCaTRe89gyTVy8QD gfERopy+uR3MVrpmHhvaAlqH++HIpJDl/y5PuQz/VRL6bUy6jM0TMmqrEWLUORuc JcuBP7p7Vwu+cNPuf962YblCqKj5qQlSNPiqVoQvZPYmj6mAvFg0/3dHVcP4j3rC gfLhSNzBKiQgewkUXoclT8209vGG82ER8nCMwBm16WfCHSAjEmKGAQ01xS32toiZ Khti9zKgrR2J6kbijMLB2ONQ0gvvbcwRgoJQQ5CkemAGlfsIhEvlfXbD0lkM5PwV vQIDAQAB" |
Enable DKIM Signing
To enabe DKIM signing, edit
1 |
vi /etc/pmta/config |
Add
1 |
domain-key default,serverok.in,/etc/pmta/default.serverok.in.pem |
This can be in your virtual mta setttings like
1 2 3 4 5 6 7 |
<virtual-mta vmta-1> #domain-key default,*,/etc/pmta/default.serverok.in.pem domain-key default,serverok.in,/etc/pmta/default.serverok.in.pem <domain *> max-msg-rate 100/h </domain> </virtual-mta> |
See PowerMTA