mirror of
https://github.com/docker-mailserver/docker-mailserver.git
synced 2024-01-19 02:48:50 +00:00
106 lines
3.6 KiB
Markdown
106 lines
3.6 KiB
Markdown
To enable DKIM signature, you must have created your mail accounts.
|
|
Once its done, just run from inside the directory of docker-compose.yml:
|
|
|
|
docker run --rm \
|
|
-v "$(pwd)/config":/tmp/docker-mailserver \
|
|
-ti tvial/docker-mailserver:latest generate-dkim-config
|
|
|
|
The default keysize is 2048 for now. If you need to change it (e.g. your DNS-Provider limits the size) provide the size as the first parameter of the command
|
|
|
|
docker run --rm \
|
|
-v "$(pwd)/config":/tmp/docker-mailserver \
|
|
-ti tvial/docker-mailserver:latest generate-dkim-config 2048
|
|
|
|
Now the keys are generated, you can configure your DNS server by just pasting the content of `config/opendkim/keys/domain.tld/mail.txt` in your `domain.tld.hosts` zone.
|
|
|
|
After generating DKIM keys you should restart the app.
|
|
|
|
```
|
|
; OpenDKIM
|
|
mail._domainkey IN TXT ( "v=DKIM1; k=rsa; "
|
|
"p=AZERTYUIOPQSDFGHJKLMWXCVBN/AZERTYUIOPQSDFGHJKLMWXCVBN/AZERTYUIOPQSDFGHJKLMWXCVBN/AZERTYUIOPQSDFGHJKLMWXCVBN/AZERTYUIOPQSDFGHJKLMWXCVBN/AZERTYUIOPQSDFGHJKLMWXCVBN/AZERTYUIOPQSDFGHJKLMWXCVBN/AZERTYUIOPQSDFGHJKLMWXCVBN" ) ; ----- DKIM key mail for domain.tld
|
|
|
|
```
|
|
|
|
## Configuration using a web interface:
|
|
|
|
1. Generate a new record of the type `TXT`.
|
|
2. Paste `mail._domainkey` the `Name` txt field.
|
|
3. In the `Target` or `Value` field fill in `v=DKIM1; k=rsa; p=AZERTYUGHJKLMWX...`.
|
|
4. In `TTL` (time to live): Time span in seconds. How long the DNS server should cache the `TXT` record.
|
|
5. Save.
|
|
|
|
Note: Sometimes the key in `config/opendkim/keys/domain.tld/mail.txt` can be on multiple lines, if so then you need to concatenate the values
|
|
```
|
|
; OpenDKIM
|
|
mail._domainkey IN TXT ( "v=DKIM1; k=rsa; "
|
|
"p=AZERTYUIOPQSDF..."
|
|
"asdfQWERTYUIOPQSDF..." ) ; ----- DKIM key mail for domain.tld
|
|
```
|
|
the target (or value) field must then have all the parts together `v=DKIM1; k=rsa; p=AZERTYUIOPQSDF...asdfQWERTYUIOPQSDF...`
|
|
|
|
|
|
## Verify-only
|
|
|
|
If you want DKIM to only verify incoming emails, the following version of /etc/opendkim.conf may be useful (right now there is no easy mechanism for installing it other than forking the repo):
|
|
```
|
|
# This is a simple config file verifying messages only
|
|
|
|
#LogWhy yes
|
|
Syslog yes
|
|
SyslogSuccess yes
|
|
|
|
Socket inet:12301@localhost
|
|
PidFile /var/run/opendkim/opendkim.pid
|
|
|
|
ReportAddress postmaster@my-domain.com
|
|
SendReports yes
|
|
|
|
Mode v
|
|
```
|
|
|
|
## Debugging
|
|
|
|
### Tools
|
|
|
|
* [DKIM-verifer](https://addons.mozilla.org/en-US/thunderbird/addon/dkim-verifier): A add-on for the mail client Thunderbird.
|
|
|
|
### DKIM TXT Record
|
|
|
|
You can debug your TXT records with the `dig` tool.
|
|
|
|
```
|
|
dig TXT mail._domainkey.domain.tld
|
|
```
|
|
|
|
Output:
|
|
|
|
```
|
|
; <<>> DiG 9.10.3-P4-Debian <<>> TXT mail._domainkey.domain.tld
|
|
;; global options: +cmd
|
|
;; Got answer:
|
|
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 39669
|
|
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1
|
|
|
|
;; OPT PSEUDOSECTION:
|
|
; EDNS: version: 0, flags:; udp: 512
|
|
;; QUESTION SECTION:
|
|
;mail._domainkey.domain.tld. IN TXT
|
|
|
|
;; ANSWER SECTION:
|
|
mail._domainkey.domain.tld. 3600 IN TXT "v=DKIM1; k=rsa; p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCxBSjG6RnWAdU3oOlqsdf2WC0FOUmU8uHVrzxPLW2R3yRBPGLrGO1++yy3tv6kMieWZwEBHVOdefM6uQOQsZ4brahu9lhG8sFLPX4MaKYN/NR6RK4gdjrZu+MYSdfk3THgSbNwIDAQAB"
|
|
|
|
;; Query time: 50 msec
|
|
;; SERVER: 127.0.1.1#53(127.0.1.1)
|
|
;; WHEN: Wed Sep 07 18:22:57 CEST 2016
|
|
;; MSG SIZE rcvd: 310
|
|
```
|
|
|
|
## Switch off DKIM
|
|
Simply remove dkim key by recreating the mailserver-container.
|
|
|
|
## DMARC
|
|
|
|
DMARC Guide: https://github.com/internetstandards/toolbox-wiki/blob/master/DMARC-how-to.md
|
|
|