Tag: dkim

  • Google Workspace DKIM authentication settings failed.

    Google Workspace DKIM authentication settings failed.

    When generating DKIM in google Google Workspace I got the following error message.

    DKIM authentication settings failed

    This error happens when you have a newly activated Google Workspace account.

    As per Google support instructions at

    https://support.google.com/a/answer/174126

    You need to wait 24 to 78 hours before activating DKIM.

    Important: After you create your Google Workspace account and turn on Gmail, you must wait 24–72 hours before you can generate a DKIM key.

  • Create DKIM in PowerMTA

    To generate DKIM, run the command

    openssl genpkey -algorithm RSA -out private.pem
openssl rsa -pubout -in private.pem -out public.pem

    This will create 2 files. private.pem and public.pem

    Create a file and copy the content of the file private.pem in it.

    /etc/pmta/DOMAIN_NAME_HERE.pem

    Public Key

    The file public.pem contains the public key, which you need to put in your DNS zone.

    public.pem file contains something that looks like the following.

    -----BEGIN PUBLIC KEY-----
MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuTt4sgLkVtp3kFkOFcjl
gFbl+62iqhhDSmNosLqW0Pna+rhyBUpPxtCingTi1IO6/vd9MCaTRe89gyTVy8QD
gfERopy+uR3MVrpmHhvaAlqH++HIpJDl/y5PuQz/VRL6bUy6jM0TMmqrEWLUORuc
JcuBP7p7Vwu+cNPuf962YblCqKj5qQlSNPiqVoQvZPYmj6mAvFg0/3dHVcP4j3rC
gfLhSNzBKiQgewkUXoclT8209vGG82ER8nCMwBm16WfCHSAjEmKGAQ01xS32toiZ
Khti9zKgrR2J6kbijMLB2ONQ0gvvbcwRgoJQQ5CkemAGlfsIhEvlfXbD0lkM5PwV
vQIDAQAB
-----END PUBLIC KEY-----

    NOTE: This is just an example, don’t use it.

    You need to remove —–BEGIN PUBLIC KEY—– and —–END PUBLIC KEY—–, and remove line chars, so it looks like one long string. For example

    MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuTt4sgLkVtp3kFkOFcjl gFbl+62iqhhDSmNosLqW0Pna+rhyBUpPxtCingTi1IO6/vd9MCaTRe89gyTVy8QD gfERopy+uR3MVrpmHhvaAlqH++HIpJDl/y5PuQz/VRL6bUy6jM0TMmqrEWLUORuc JcuBP7p7Vwu+cNPuf962YblCqKj5qQlSNPiqVoQvZPYmj6mAvFg0/3dHVcP4j3rC gfLhSNzBKiQgewkUXoclT8209vGG82ER8nCMwBm16WfCHSAjEmKGAQ01xS32toiZ Khti9zKgrR2J6kbijMLB2ONQ0gvvbcwRgoJQQ5CkemAGlfsIhEvlfXbD0lkM5PwV vQIDAQAB

    Next, you need to edit the DNS record for your domain name. Create a TXT record with the following name

    default._domainkey.DOMAIN_NAME_HERE

    For the value, use

    "v=DKIM1; k=rsa; p=PUBLIC_KEY_HERE"

    Example

    "v=DKIM1; k=rsa; p=MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuTt4sgLkVtp3kFkOFcjl gFbl+62iqhhDSmNosLqW0Pna+rhyBUpPxtCingTi1IO6/vd9MCaTRe89gyTVy8QD gfERopy+uR3MVrpmHhvaAlqH++HIpJDl/y5PuQz/VRL6bUy6jM0TMmqrEWLUORuc JcuBP7p7Vwu+cNPuf962YblCqKj5qQlSNPiqVoQvZPYmj6mAvFg0/3dHVcP4j3rC gfLhSNzBKiQgewkUXoclT8209vGG82ER8nCMwBm16WfCHSAjEmKGAQ01xS32toiZ Khti9zKgrR2J6kbijMLB2ONQ0gvvbcwRgoJQQ5CkemAGlfsIhEvlfXbD0lkM5PwV vQIDAQAB"

    Enable DKIM Signing

    To enable DKIM signing, edit

    vi /etc/pmta/config

    Add

    domain-key default,serverok.in,/etc/pmta/default.serverok.in.pem

    You can also add this in virtual MTA settings.

    See PowerMTA

  • Enable DKIM on Cpanel Server

    DKIM (DomainKeys Identified Mail) is a way to digitally sign your out going emails. This help prevent spam.

    On Cpanel server, you can install for a site, run

    /usr/local/cpanel/bin/dkim_keys_install CPANEL_USERNAME

    If you want to enable DKIM on all sites on a cpanel server, run following as user root.

    wget https://raw.githubusercontent.com/serverok/server-setup/master/cpanel/dkim-spf-all.sh
bash dkim-spf-all.sh

    This will also enable SPF.