DKIM - Revision history

http://wiki.qmailtoaster.org:80/index.php?action=history&feed=atom&title=DKIM DKIM - Revision history 2026-04-08T12:08:51Z Revision history for this page on the wiki MediaWiki 1.41.0 http://wiki.qmailtoaster.org:80/index.php?title=DKIM&diff=1384&oldid=prev Ebroch: Created page with "Back<br> Source: [https://manuel.mausz.at/coding/qmail-dkim/ Manuel Mausz'] Perl script 1. DKIM sign all email with global key '''Set up signing framework''' # yum -y install perl-XML-Simple perl-Mail-DKIM perl-XML-Parser # qmailctl stop # cd /var/qmail/bin # mv qmail-remote qmail-remote.orig  <!--# wget http..." 2024-10-19T18:09:13Z

<p>Created page with "<a href="/index.php?title=Configuration#How_to_Setup_DKIM_with_Qmail_Toaster" title="Configuration">Back</a><br> Source: [https://manuel.mausz.at/coding/qmail-dkim/ Manuel Mausz'] Perl script 1. DKIM sign all email with global key '''Set up signing framework''' # yum -y install perl-XML-Simple perl-Mail-DKIM perl-XML-Parser # qmailctl stop # cd /var/qmail/bin # mv qmail-remote qmail-remote.orig  <br /> <br /> # wget https://raw.githubusercontent.com/qmtoaster/dkim/master/mail-dkim-0.3.pl<br /> # chmod 755 mail-dkim-0.3.pl && chown root:qmail mail-dkim-0.3.pl<br /> # ln -s mail-dkim-0.3.pl qmail-remote<br /> # mkdir /var/qmail/control/dkim<br /> # chown -R qmailr:qmail /var/qmail/control/dkim<br /> # cd /var/qmail/control/dkim<br /> # wget https://raw.githubusercontent.com/qmtoaster/dkim/master/signconf.xml<br /> # openssl genrsa -out global.key 2048 && chmod 644 global.key<br /> # openssl rsa -in global.key -pubout -out global.txt<br /> # perl -pi -e 's/-----BEGIN PUBLIC KEY-----/dkim1._domainkey IN TXT "k=rsa; p=/g; s/-----END PUBLIC KEY-----/"/g; s/\n//g' global.txt<br /> # qmailctl start<br /> # cat signconf.xml<span style="color:tomato"><br /> <dkimsign><br /> &lt;!-- per default sign all mails using dkim --&gt;<br /> <global algorithm="rsa-sha1" domain="/var/qmail/control/me" keyfile="/var/qmail/control/dkim/global.key" method="simple" selector="dkim1"><br /> <types id="dkim" /><br /> <types id="domainkey" method="nofws" /><br /> </global><br /> </dkimsign></span><br /> # cat global.txt<span style="color:tomato"><br /> dkim1._domainkey IN TXT "k=rsa; p=******************************"</span><br><br /> '''Create DNS TXT record from the above file 'public.txt''''<br /> Host Text<br /> dkim1._domainkey v=DKIM1; k=rsa; p=*************************<br><br /> '''Your DKIM global key setup is done. Send email to Yahoo or GMail, inspect header.'''<br /> <br /> 2. DKIM sign domain with specific key<br /> # cd /var/qmail/control/dkim<br /> # openssl genrsa -out dom.com.key 2048 && chmod 644 dom.com.key<br /> # openssl rsa -in dom.com.key -pubout -out dom.com.txt<br /> # perl -pi -e 's/-----BEGIN PUBLIC KEY-----/dkim1._domainkey IN TXT "k=rsa; p=/g; s/-----END PUBLIC KEY-----/"/g; s/\n//g' dom.com.txt<br /> # cat dom.com.txt<span style="color:tomato"><br /> dkim1._domainkey IN TXT "k=rsa; p=******************************"</span><br><br /> '''Create DNS TXT record from the above file 'dom.com.txt''''<br /> Host Text<br /> dkim1._domainkey v=DKIM1; k=rsa; p=*************************<br><br /> # cat signconf.xml<span style="color:tomato"><br /> <dkimsign><br /> &lt;!-- per default sign all mails using dkim --&gt;<br /> <global algorithm="rsa-sha1" domain="/var/qmail/control/me" keyfile="/var/qmail/control/dkim/global.key" method="simple" selector="dkim1"><br /> <types id="dkim" /><br /> <types id="domainkey" method="nofws" /><br /> </global><span style="color:red"><strong><br><br /> &lt;!-- dkim sign dom.com --&gt;<br /> <dom.com domain="dom.com" keyfile="/var/qmail/control/dkim/dom.com.key" selector="dkim1"><br /> <types id="dkim" /><br /> <types id="domainkey" method="nofws" /><br /> </dom.com></span></strong><br><br /> </dkimsign></span><br /> 3. DKIM no signing for domain<br /> <br /> # cd /var/qmail/control/dkim<br /> # cat signconf.xml<span style="color:tomato"><br /> <dkimsign><br /> &lt;!-- per default sign all mails using dkim --&gt;<br /> <global algorithm="rsa-sha1" domain="/var/qmail/control/me" keyfile="/var/qmail/control/dkim/global.key" method="simple" selector="dkim1"><br /> <types id="dkim" /><br /> <types id="domainkey" method="nofws" /><br /> </global><br><br /> &lt;!-- dkim sign dom.com --&gt;<br /> <dom.com domain="dom.com" keyfile="/var/qmail/control/dkim/dom.com.key" selector="dkim1"><br /> <types id="dkim" /><br /> <types id="domainkey" method="nofws" /><br /> </dom.com><br><span style="color:red"><strong><strong><br /> &lt;!-- no dkim signing nosigndom.com --&gt;<br /> <nosigndom.com /></span></strong><br><br /> </dkimsign></span><br /> <br /> 4. DKIM verification (Spamassassin preferred):<br /> <br /> Assumes: <br /> a. 'QMAILQUEUE="/var/qmail/bin/simscan"' defined in /etc/tcprules.d/tcp.smtp <br /> b. /var/qmail/bin/qmail-queue is a link.<br /> c. 'export DKVERIFY=1' and '/usr/bin/softlimit -m 128000000' in /var/qmail/supervise/smtp/run<br /> # qmailctl stop<br /> # cd /var/qmail/bin<br /> # wget http://www.qmailtoaster.org/dkimverify.pl<br /> # wget http://www.qmailtoaster.org/qmail-queue.pl.sh<br /> # chown root:root dkimverify.pl<br /> # chown qmailq:qmail qmail-queue.pl.sh<br /> # chmod 755 dkimverify.pl<br /> # chmod 4777 qmail-queue.pl.sh<br /> # unlink qmail-queue<br /> # ln -s qmail-queue.pl.sh qmail-queue<br /> # qmailctl start<br /> Send email to user on the host<br /> Check email header dkim verification<br /> <br /> <br /> Notes: <br /> 1) In order to test your settings, simply send an email to: check-auth@verifier.port25.com and/or check-auth2@verifier.port25.com<br /> with the suject of "test" (without the quotes) and "Just testing" in the body (also without quotes). It is best but not required<br /> to have a subject and body because this service will also show you how spamassassin rated your email. If you have a GMAIL/Yahoo<br /> email account sending to either or both accounts DKIM signatures could be verified.<br /> Click to test<br /> 2) To test your DKIM signature wiith OpenDKIM's 'opendkim-testkey' utility install opendkim and run the utility:<br /> a) # yum install epel-release opendkim*<br /> b) # opendkim-testkey -vvvv -d otherdomain.com -k /var/qmail/control/dkim/otherdomain.com.key -s dkim1<br><br /> opendkim-testkey: using default configfile /etc/opendkim.conf<br /> opendkim-testkey: /var/qmail/control/dkim/otherdomain.com.key: WARNING: unsafe permissions<br /> opendkim-testkey: key loaded from /var/qmail/control/dkim/otherdomain.com.key<br /> opendkim-testkey: checking key 'dkim1._domainkey.otherdomain.com'<br /> opendkim-testkey: key OK<br><br /> 3) Testing DKIM signatures sending from Roundcube webmail I found that plain text formatted email caused DKIM failure sending<br /> to port25.com and GMAIL recipients, but when sending the same email in Roundcube's html format the DKIM signature was verified<br /> and passed. The same email DKIM signature passed with Squirrelmail, Thunderbird, and OpenDKIM's 'opendkim-testkey' program. It <br /> seems that certain email clients will add or subtract characters in the email header causing DKIM to fail. This may be happening <br /> in Roundcube while other clients do not affect the email header adversely. I have a help request in the Roundcube user's list<br /> for this issue. Hopefully, this issue is merely a configuration setting, if not, that it is resolved soon.</div>

Ebroch