3.5 KiB
To enable DKIM signature, you must have created your mail accounts. Once its done, just run from inside the directory of docker-compose.yml:
docker run --rm \
-v "$(pwd)/config":/tmp/docker-mailserver \
-ti tvial/docker-mailserver:latest generate-dkim-config
The default keysize is 2048 for now. If you need to change it (e.g. your DNS-Provider limits the size) provide the size as the first parameter of the command
docker run --rm \
-v "$(pwd)/config":/tmp/docker-mailserver \
-ti tvial/docker-mailserver:latest generate-dkim-config 2048
Now the keys are generated, you can configure your DNS server by just pasting the content of config/opendkim/keys/domain.tld/mail.txt
in your domain.tld.hosts
zone.
After generating DKIM keys you should restart the app.
; OpenDKIM
mail._domainkey IN TXT ( "v=DKIM1; k=rsa; "
"p=AZERTYUIOPQSDFGHJKLMWXCVBN/AZERTYUIOPQSDFGHJKLMWXCVBN/AZERTYUIOPQSDFGHJKLMWXCVBN/AZERTYUIOPQSDFGHJKLMWXCVBN/AZERTYUIOPQSDFGHJKLMWXCVBN/AZERTYUIOPQSDFGHJKLMWXCVBN/AZERTYUIOPQSDFGHJKLMWXCVBN/AZERTYUIOPQSDFGHJKLMWXCVBN" ) ; ----- DKIM key mail for domain.tld
Configuration using a web interface:
- Generate a new record of the type
TXT
. - Paste
mail._domainkey
theName
txt field. - In the
Target
orValue
field fill inv=DKIM1; k=rsa; p=AZERTYUGHJKLMWX...
. - In
TTL
(time to live): Time span in seconds. How long the DNS server should cache theTXT
record. - Save.
Note: Sometimes the key in config/opendkim/keys/domain.tld/mail.txt
can be on multiple lines, if so then you need to concatenate the values
; OpenDKIM
mail._domainkey IN TXT ( "v=DKIM1; k=rsa; "
"p=AZERTYUIOPQSDF..."
"asdfQWERTYUIOPQSDF..." ) ; ----- DKIM key mail for domain.tld
the target (or value) field must then have all the parts together v=DKIM1; k=rsa; p=AZERTYUIOPQSDF...asdfQWERTYUIOPQSDF...
Verify-only
If you want DKIM to only verify incoming emails, the following version of /etc/opendkim.conf may be useful (right now there is no easy mechanism for installing it other than forking the repo):
# This is a simple config file verifying messages only
#LogWhy yes
Syslog yes
SyslogSuccess yes
Socket inet:12301@localhost
PidFile /var/run/opendkim/opendkim.pid
ReportAddress postmaster@my-domain.com
SendReports yes
Mode v
Debugging
Tools
- DKIM-verifer: A add-on for the mail client Thunderbird.
DKIM TXT Record
You can debug your TXT records with the dig
tool.
dig TXT mail._domainkey.domain.tld
Output:
; <<>> DiG 9.10.3-P4-Debian <<>> TXT mail._domainkey.domain.tld
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 39669
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 512
;; QUESTION SECTION:
;mail._domainkey.domain.tld. IN TXT
;; ANSWER SECTION:
mail._domainkey.domain.tld. 3600 IN TXT "v=DKIM1; k=rsa; p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCxBSjG6RnWAdU3oOlqsdf2WC0FOUmU8uHVrzxPLW2R3yRBPGLrGO1++yy3tv6kMieWZwEBHVOdefM6uQOQsZ4brahu9lhG8sFLPX4MaKYN/NR6RK4gdjrZu+MYSdfk3THgSbNwIDAQAB"
;; Query time: 50 msec
;; SERVER: 127.0.1.1#53(127.0.1.1)
;; WHEN: Wed Sep 07 18:22:57 CEST 2016
;; MSG SIZE rcvd: 310
Switch off DKIM
Simply remove dkim key by recreating the mailserver-container.