⬆️ ⬇️

Exim + OpenDKIM implementation for bulk email

Everything was ready to launch a new project, one problem remained - Gmail sent registration confirmation letters to spam. After reviewing the help of the Gmail service, I realized that the main problem is the lack of DKIM implementation on the server. In my case, Exim was engaged in sending letters. It was necessary to implement a bunch of Exim + DKIM. Alas, due to the change of the DKIM implementation utility on FreeBSD, all instructions are outdated. I had to blindly tune Exim + DKIM for several days. In this article I will describe all the steps for implementing Exim + DKIM.



DKIM is necessary for mass mailings and sending automatic emails from the site. Without this technology, spam filters Gmail do not miss emails sent by scripts. In order for Exim to send letters signed with the DKIM key, it is necessary to install an additional utility OpenDKIM. Previously, the dkim-filter utility was used, the developers stopped supporting it.



I advise you to read the article . It clearly states how to ensure that your letters do not fall into spam. The article is outdated for the implementation of the Exim + DKIM bundle, everything else is relevant.



The installation was implemented in 5 stages.



')

1. Installing OpenDKIM


cd /usr/ports/mail/opendkim

make install clean



2. Generate keys and configure OpenDKIM and DNS records


First you need to generate a pair of keys - external and internal. External will be stored in DNS records, and internal - on the server.



So, we generate keys:



opendkim-genkey -D /var/db/opendkim -d <domain.name> -s



/var/db/opendkim — ,

<domain.name> - (example.com)

selector — , (, mail). DNS exim`.



:



opendkim-genkey -D /var/db/opendkim -d example.com -s mail




, — mail.txt (mail — ) mail.private. :



cat /var/db/opendkim/mail.txt

mail._domainkey IN TXT ( "v=DKIM1; k=rsa; t=s; " "p=MIGfMA0GCSqGSIb3DQEBAQUAA4GN … mpwIDAQAB" ) ; ----- DKIM key mail for example.com.



mail.txt DNS example.com, ( ):



mail._domainkey IN TXT "v=DKIM1; k=rsa; t=s; p=MIGfMA0GCSqGS … wIDAQAB"



DNS :



_adsp._domainkey.example.com IN TXT "dkim=unknown"



mail.private , exim . :



chown mailnull:mail /var/db/opendkim/mail.private

chmod 600 /var/db/opendkim/mail.private



config opendkim mail.private. config:



vim (or something else) /usr/local/etc/opendkim.conf



# This is a simple config file for signing and verifying



LogWhy yes

Syslog yes

SyslogSuccess yes



Canonicalization relaxed/simple



Domain example.com

Selector mail

KeyFile /var/db/opendkim/mail.private



Socket inet:8891@localhost



ReportAddress support@example.com

SendReports yes



## Hosts to sign email for - 127.0.0.1 is default

## See the OPERATION section of opendkim(8) for more information

#

# InternalHosts 192.168.0.0/16, 10.0.0.0/8, 172.16.0.0/12



## For secondary mailservers - indicates not to sign or verify messages

## from these hosts

#

# PeerList XXXX



# PidFile /var/run/opendkim/opendkim.pid



, .



C opendkim` . Exim.



3. Exim

transports:



vim /usr/local/etc/exim/configure



begin transports :



DKIM_DOMAIN = ${lc:${domain:$h_from:}}

DKIM_FILE = /var/db/opendkim/mail.private #- !!!!

DKIM_PRIVATE_KEY = ${if exists{DKIM_FILE}{DKIM_FILE}{0}}



:



remote_smtp:

driver = smtp



:



remote_smtp:

driver = smtp

dkim_domain = DKIM_DOMAIN

dkim_selector = mail # - .

dkim_private_key = DKIM_PRIVATE_KEY



4. milter_opendkim

/usr/local/etc/rc.d/milter-opendkim start



5. Exim

/usr/local/etc/rc.d/exim reload



Exim , .



DKIM :



DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d= example.com; s=mail;

h=Date:Message-Id:From:Content-type:MIME-Version:Subject:To; bh=RUN…0qKg=;

b=EEla1LMRm…Q6CYJM/VHg=;


Received: from example by xxx.freehost.com.ua with local (Exim 4.80.1 (FreeBSD))



– DKIM .



, . "" . . . .
opendkim-genkey -D /var/db/opendkim -d <domain.name> -s



/var/db/opendkim — ,

<domain.name> - (example.com)

selector — , (, mail). DNS exim`.



:



opendkim-genkey -D /var/db/opendkim -d example.com -s mail




, — mail.txt (mail — ) mail.private. :



cat /var/db/opendkim/mail.txt

mail._domainkey IN TXT ( "v=DKIM1; k=rsa; t=s; " "p=MIGfMA0GCSqGSIb3DQEBAQUAA4GN … mpwIDAQAB" ) ; ----- DKIM key mail for example.com.



mail.txt DNS example.com, ( ):



mail._domainkey IN TXT "v=DKIM1; k=rsa; t=s; p=MIGfMA0GCSqGS … wIDAQAB"



DNS :



_adsp._domainkey.example.com IN TXT "dkim=unknown"



mail.private , exim . :



chown mailnull:mail /var/db/opendkim/mail.private

chmod 600 /var/db/opendkim/mail.private



config opendkim mail.private. config:



vim (or something else) /usr/local/etc/opendkim.conf



# This is a simple config file for signing and verifying



LogWhy yes

Syslog yes

SyslogSuccess yes



Canonicalization relaxed/simple



Domain example.com

Selector mail

KeyFile /var/db/opendkim/mail.private



Socket inet:8891@localhost



ReportAddress support@example.com

SendReports yes



## Hosts to sign email for - 127.0.0.1 is default

## See the OPERATION section of opendkim(8) for more information

#

# InternalHosts 192.168.0.0/16, 10.0.0.0/8, 172.16.0.0/12



## For secondary mailservers - indicates not to sign or verify messages

## from these hosts

#

# PeerList XXXX



# PidFile /var/run/opendkim/opendkim.pid



, .



C opendkim` . Exim.



3. Exim

transports:



vim /usr/local/etc/exim/configure



begin transports :



DKIM_DOMAIN = ${lc:${domain:$h_from:}}

DKIM_FILE = /var/db/opendkim/mail.private #- !!!!

DKIM_PRIVATE_KEY = ${if exists{DKIM_FILE}{DKIM_FILE}{0}}



:



remote_smtp:

driver = smtp



:



remote_smtp:

driver = smtp

dkim_domain = DKIM_DOMAIN

dkim_selector = mail # - .

dkim_private_key = DKIM_PRIVATE_KEY



4. milter_opendkim

/usr/local/etc/rc.d/milter-opendkim start



5. Exim

/usr/local/etc/rc.d/exim reload



Exim , .



DKIM :



DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d= example.com; s=mail;

h=Date:Message-Id:From:Content-type:MIME-Version:Subject:To; bh=RUN…0qKg=;

b=EEla1LMRm…Q6CYJM/VHg=;


Received: from example by xxx.freehost.com.ua with local (Exim 4.80.1 (FreeBSD))



– DKIM .



, . "" . . . .
opendkim-genkey -D /var/db/opendkim -d <domain.name> -s



/var/db/opendkim — ,

<domain.name> - (example.com)

selector — , (, mail). DNS exim`.



:



opendkim-genkey -D /var/db/opendkim -d example.com -s mail




, — mail.txt (mail — ) mail.private. :



cat /var/db/opendkim/mail.txt

mail._domainkey IN TXT ( "v=DKIM1; k=rsa; t=s; " "p=MIGfMA0GCSqGSIb3DQEBAQUAA4GN … mpwIDAQAB" ) ; ----- DKIM key mail for example.com.



mail.txt DNS example.com, ( ):



mail._domainkey IN TXT "v=DKIM1; k=rsa; t=s; p=MIGfMA0GCSqGS … wIDAQAB"



DNS :



_adsp._domainkey.example.com IN TXT "dkim=unknown"



mail.private , exim . :



chown mailnull:mail /var/db/opendkim/mail.private

chmod 600 /var/db/opendkim/mail.private



config opendkim mail.private. config:



vim (or something else) /usr/local/etc/opendkim.conf



# This is a simple config file for signing and verifying



LogWhy yes

Syslog yes

SyslogSuccess yes



Canonicalization relaxed/simple



Domain example.com

Selector mail

KeyFile /var/db/opendkim/mail.private



Socket inet:8891@localhost



ReportAddress support@example.com

SendReports yes



## Hosts to sign email for - 127.0.0.1 is default

## See the OPERATION section of opendkim(8) for more information

#

# InternalHosts 192.168.0.0/16, 10.0.0.0/8, 172.16.0.0/12



## For secondary mailservers - indicates not to sign or verify messages

## from these hosts

#

# PeerList XXXX



# PidFile /var/run/opendkim/opendkim.pid



, .



C opendkim` . Exim.



3. Exim

transports:



vim /usr/local/etc/exim/configure



begin transports :



DKIM_DOMAIN = ${lc:${domain:$h_from:}}

DKIM_FILE = /var/db/opendkim/mail.private #- !!!!

DKIM_PRIVATE_KEY = ${if exists{DKIM_FILE}{DKIM_FILE}{0}}



:



remote_smtp:

driver = smtp



:



remote_smtp:

driver = smtp

dkim_domain = DKIM_DOMAIN

dkim_selector = mail # - .

dkim_private_key = DKIM_PRIVATE_KEY



4. milter_opendkim

/usr/local/etc/rc.d/milter-opendkim start



5. Exim

/usr/local/etc/rc.d/exim reload



Exim , .



DKIM :



DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d= example.com; s=mail;

h=Date:Message-Id:From:Content-type:MIME-Version:Subject:To; bh=RUN…0qKg=;

b=EEla1LMRm…Q6CYJM/VHg=;


Received: from example by xxx.freehost.com.ua with local (Exim 4.80.1 (FreeBSD))



– DKIM .



, . "" . . . .
opendkim-genkey -D /var/db/opendkim -d <domain.name> -s



/var/db/opendkim — ,

<domain.name> - (example.com)

selector — , (, mail). DNS exim`.



:



opendkim-genkey -D /var/db/opendkim -d example.com -s mail




, — mail.txt (mail — ) mail.private. :



cat /var/db/opendkim/mail.txt

mail._domainkey IN TXT ( "v=DKIM1; k=rsa; t=s; " "p=MIGfMA0GCSqGSIb3DQEBAQUAA4GN … mpwIDAQAB" ) ; ----- DKIM key mail for example.com.



mail.txt DNS example.com, ( ):



mail._domainkey IN TXT "v=DKIM1; k=rsa; t=s; p=MIGfMA0GCSqGS … wIDAQAB"



DNS :



_adsp._domainkey.example.com IN TXT "dkim=unknown"



mail.private , exim . :



chown mailnull:mail /var/db/opendkim/mail.private

chmod 600 /var/db/opendkim/mail.private



config opendkim mail.private. config:



vim (or something else) /usr/local/etc/opendkim.conf



# This is a simple config file for signing and verifying



LogWhy yes

Syslog yes

SyslogSuccess yes



Canonicalization relaxed/simple



Domain example.com

Selector mail

KeyFile /var/db/opendkim/mail.private



Socket inet:8891@localhost



ReportAddress support@example.com

SendReports yes



## Hosts to sign email for - 127.0.0.1 is default

## See the OPERATION section of opendkim(8) for more information

#

# InternalHosts 192.168.0.0/16, 10.0.0.0/8, 172.16.0.0/12



## For secondary mailservers - indicates not to sign or verify messages

## from these hosts

#

# PeerList XXXX



# PidFile /var/run/opendkim/opendkim.pid



, .



C opendkim` . Exim.



3. Exim

transports:



vim /usr/local/etc/exim/configure



begin transports :



DKIM_DOMAIN = ${lc:${domain:$h_from:}}

DKIM_FILE = /var/db/opendkim/mail.private #- !!!!

DKIM_PRIVATE_KEY = ${if exists{DKIM_FILE}{DKIM_FILE}{0}}



:



remote_smtp:

driver = smtp



:



remote_smtp:

driver = smtp

dkim_domain = DKIM_DOMAIN

dkim_selector = mail # - .

dkim_private_key = DKIM_PRIVATE_KEY



4. milter_opendkim

/usr/local/etc/rc.d/milter-opendkim start



5. Exim

/usr/local/etc/rc.d/exim reload



Exim , .



DKIM :



DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d= example.com; s=mail;

h=Date:Message-Id:From:Content-type:MIME-Version:Subject:To; bh=RUN…0qKg=;

b=EEla1LMRm…Q6CYJM/VHg=;


Received: from example by xxx.freehost.com.ua with local (Exim 4.80.1 (FreeBSD))



– DKIM .



, . "" . . . .
opendkim-genkey -D /var/db/opendkim -d <domain.name> -s



/var/db/opendkim — ,

<domain.name> - (example.com)

selector — , (, mail). DNS exim`.



:



opendkim-genkey -D /var/db/opendkim -d example.com -s mail




, — mail.txt (mail — ) mail.private. :



cat /var/db/opendkim/mail.txt

mail._domainkey IN TXT ( "v=DKIM1; k=rsa; t=s; " "p=MIGfMA0GCSqGSIb3DQEBAQUAA4GN … mpwIDAQAB" ) ; ----- DKIM key mail for example.com.



mail.txt DNS example.com, ( ):



mail._domainkey IN TXT "v=DKIM1; k=rsa; t=s; p=MIGfMA0GCSqGS … wIDAQAB"



DNS :



_adsp._domainkey.example.com IN TXT "dkim=unknown"



mail.private , exim . :



chown mailnull:mail /var/db/opendkim/mail.private

chmod 600 /var/db/opendkim/mail.private



config opendkim mail.private. config:



vim (or something else) /usr/local/etc/opendkim.conf



# This is a simple config file for signing and verifying



LogWhy yes

Syslog yes

SyslogSuccess yes



Canonicalization relaxed/simple



Domain example.com

Selector mail

KeyFile /var/db/opendkim/mail.private



Socket inet:8891@localhost



ReportAddress support@example.com

SendReports yes



## Hosts to sign email for - 127.0.0.1 is default

## See the OPERATION section of opendkim(8) for more information

#

# InternalHosts 192.168.0.0/16, 10.0.0.0/8, 172.16.0.0/12



## For secondary mailservers - indicates not to sign or verify messages

## from these hosts

#

# PeerList XXXX



# PidFile /var/run/opendkim/opendkim.pid



, .



C opendkim` . Exim.



3. Exim

transports:



vim /usr/local/etc/exim/configure



begin transports :



DKIM_DOMAIN = ${lc:${domain:$h_from:}}

DKIM_FILE = /var/db/opendkim/mail.private #- !!!!

DKIM_PRIVATE_KEY = ${if exists{DKIM_FILE}{DKIM_FILE}{0}}



:



remote_smtp:

driver = smtp



:



remote_smtp:

driver = smtp

dkim_domain = DKIM_DOMAIN

dkim_selector = mail # - .

dkim_private_key = DKIM_PRIVATE_KEY



4. milter_opendkim

/usr/local/etc/rc.d/milter-opendkim start



5. Exim

/usr/local/etc/rc.d/exim reload



Exim , .



DKIM :



DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d= example.com; s=mail;

h=Date:Message-Id:From:Content-type:MIME-Version:Subject:To; bh=RUN…0qKg=;

b=EEla1LMRm…Q6CYJM/VHg=;


Received: from example by xxx.freehost.com.ua with local (Exim 4.80.1 (FreeBSD))



– DKIM .



, . "" . . . .
opendkim-genkey -D /var/db/opendkim -d <domain.name> -s



/var/db/opendkim — ,

<domain.name> - (example.com)

selector — , (, mail). DNS exim`.



:



opendkim-genkey -D /var/db/opendkim -d example.com -s mail




, — mail.txt (mail — ) mail.private. :



cat /var/db/opendkim/mail.txt

mail._domainkey IN TXT ( "v=DKIM1; k=rsa; t=s; " "p=MIGfMA0GCSqGSIb3DQEBAQUAA4GN … mpwIDAQAB" ) ; ----- DKIM key mail for example.com.



mail.txt DNS example.com, ( ):



mail._domainkey IN TXT "v=DKIM1; k=rsa; t=s; p=MIGfMA0GCSqGS … wIDAQAB"



DNS :



_adsp._domainkey.example.com IN TXT "dkim=unknown"



mail.private , exim . :



chown mailnull:mail /var/db/opendkim/mail.private

chmod 600 /var/db/opendkim/mail.private



config opendkim mail.private. config:



vim (or something else) /usr/local/etc/opendkim.conf



# This is a simple config file for signing and verifying



LogWhy yes

Syslog yes

SyslogSuccess yes



Canonicalization relaxed/simple



Domain example.com

Selector mail

KeyFile /var/db/opendkim/mail.private



Socket inet:8891@localhost



ReportAddress support@example.com

SendReports yes



## Hosts to sign email for - 127.0.0.1 is default

## See the OPERATION section of opendkim(8) for more information

#

# InternalHosts 192.168.0.0/16, 10.0.0.0/8, 172.16.0.0/12



## For secondary mailservers - indicates not to sign or verify messages

## from these hosts

#

# PeerList XXXX



# PidFile /var/run/opendkim/opendkim.pid



, .



C opendkim` . Exim.



3. Exim

transports:



vim /usr/local/etc/exim/configure



begin transports :



DKIM_DOMAIN = ${lc:${domain:$h_from:}}

DKIM_FILE = /var/db/opendkim/mail.private #- !!!!

DKIM_PRIVATE_KEY = ${if exists{DKIM_FILE}{DKIM_FILE}{0}}



:



remote_smtp:

driver = smtp



:



remote_smtp:

driver = smtp

dkim_domain = DKIM_DOMAIN

dkim_selector = mail # - .

dkim_private_key = DKIM_PRIVATE_KEY



4. milter_opendkim

/usr/local/etc/rc.d/milter-opendkim start



5. Exim

/usr/local/etc/rc.d/exim reload



Exim , .



DKIM :



DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d= example.com; s=mail;

h=Date:Message-Id:From:Content-type:MIME-Version:Subject:To; bh=RUN…0qKg=;

b=EEla1LMRm…Q6CYJM/VHg=;


Received: from example by xxx.freehost.com.ua with local (Exim 4.80.1 (FreeBSD))



– DKIM .



, . "" . . . .
opendkim-genkey -D /var/db/opendkim -d <domain.name> -s



/var/db/opendkim — ,

<domain.name> - (example.com)

selector — , (, mail). DNS exim`.



:



opendkim-genkey -D /var/db/opendkim -d example.com -s mail




, — mail.txt (mail — ) mail.private. :



cat /var/db/opendkim/mail.txt

mail._domainkey IN TXT ( "v=DKIM1; k=rsa; t=s; " "p=MIGfMA0GCSqGSIb3DQEBAQUAA4GN … mpwIDAQAB" ) ; ----- DKIM key mail for example.com.



mail.txt DNS example.com, ( ):



mail._domainkey IN TXT "v=DKIM1; k=rsa; t=s; p=MIGfMA0GCSqGS … wIDAQAB"



DNS :



_adsp._domainkey.example.com IN TXT "dkim=unknown"



mail.private , exim . :



chown mailnull:mail /var/db/opendkim/mail.private

chmod 600 /var/db/opendkim/mail.private



config opendkim mail.private. config:



vim (or something else) /usr/local/etc/opendkim.conf



# This is a simple config file for signing and verifying



LogWhy yes

Syslog yes

SyslogSuccess yes



Canonicalization relaxed/simple



Domain example.com

Selector mail

KeyFile /var/db/opendkim/mail.private



Socket inet:8891@localhost



ReportAddress support@example.com

SendReports yes



## Hosts to sign email for - 127.0.0.1 is default

## See the OPERATION section of opendkim(8) for more information

#

# InternalHosts 192.168.0.0/16, 10.0.0.0/8, 172.16.0.0/12



## For secondary mailservers - indicates not to sign or verify messages

## from these hosts

#

# PeerList XXXX



# PidFile /var/run/opendkim/opendkim.pid



, .



C opendkim` . Exim.



3. Exim

transports:



vim /usr/local/etc/exim/configure



begin transports :



DKIM_DOMAIN = ${lc:${domain:$h_from:}}

DKIM_FILE = /var/db/opendkim/mail.private #- !!!!

DKIM_PRIVATE_KEY = ${if exists{DKIM_FILE}{DKIM_FILE}{0}}



:



remote_smtp:

driver = smtp



:



remote_smtp:

driver = smtp

dkim_domain = DKIM_DOMAIN

dkim_selector = mail # - .

dkim_private_key = DKIM_PRIVATE_KEY



4. milter_opendkim

/usr/local/etc/rc.d/milter-opendkim start



5. Exim

/usr/local/etc/rc.d/exim reload



Exim , .



DKIM :



DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d= example.com; s=mail;

h=Date:Message-Id:From:Content-type:MIME-Version:Subject:To; bh=RUN…0qKg=;

b=EEla1LMRm…Q6CYJM/VHg=;


Received: from example by xxx.freehost.com.ua with local (Exim 4.80.1 (FreeBSD))



– DKIM .



, . "" . . . .
opendkim-genkey -D /var/db/opendkim -d <domain.name> -s



/var/db/opendkim — ,

<domain.name> - (example.com)

selector — , (, mail). DNS exim`.



:



opendkim-genkey -D /var/db/opendkim -d example.com -s mail




, — mail.txt (mail — ) mail.private. :



cat /var/db/opendkim/mail.txt

mail._domainkey IN TXT ( "v=DKIM1; k=rsa; t=s; " "p=MIGfMA0GCSqGSIb3DQEBAQUAA4GN … mpwIDAQAB" ) ; ----- DKIM key mail for example.com.



mail.txt DNS example.com, ( ):



mail._domainkey IN TXT "v=DKIM1; k=rsa; t=s; p=MIGfMA0GCSqGS … wIDAQAB"



DNS :



_adsp._domainkey.example.com IN TXT "dkim=unknown"



mail.private , exim . :



chown mailnull:mail /var/db/opendkim/mail.private

chmod 600 /var/db/opendkim/mail.private



config opendkim mail.private. config:



vim (or something else) /usr/local/etc/opendkim.conf



# This is a simple config file for signing and verifying



LogWhy yes

Syslog yes

SyslogSuccess yes



Canonicalization relaxed/simple



Domain example.com

Selector mail

KeyFile /var/db/opendkim/mail.private



Socket inet:8891@localhost



ReportAddress support@example.com

SendReports yes



## Hosts to sign email for - 127.0.0.1 is default

## See the OPERATION section of opendkim(8) for more information

#

# InternalHosts 192.168.0.0/16, 10.0.0.0/8, 172.16.0.0/12



## For secondary mailservers - indicates not to sign or verify messages

## from these hosts

#

# PeerList XXXX



# PidFile /var/run/opendkim/opendkim.pid



, .



C opendkim` . Exim.



3. Exim

transports:



vim /usr/local/etc/exim/configure



begin transports :



DKIM_DOMAIN = ${lc:${domain:$h_from:}}

DKIM_FILE = /var/db/opendkim/mail.private #- !!!!

DKIM_PRIVATE_KEY = ${if exists{DKIM_FILE}{DKIM_FILE}{0}}



:



remote_smtp:

driver = smtp



:



remote_smtp:

driver = smtp

dkim_domain = DKIM_DOMAIN

dkim_selector = mail # - .

dkim_private_key = DKIM_PRIVATE_KEY



4. milter_opendkim

/usr/local/etc/rc.d/milter-opendkim start



5. Exim

/usr/local/etc/rc.d/exim reload



Exim , .



DKIM :



DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d= example.com; s=mail;

h=Date:Message-Id:From:Content-type:MIME-Version:Subject:To; bh=RUN…0qKg=;

b=EEla1LMRm…Q6CYJM/VHg=;


Received: from example by xxx.freehost.com.ua with local (Exim 4.80.1 (FreeBSD))



– DKIM .



, . "" . . . .
opendkim-genkey -D /var/db/opendkim -d <domain.name> -s



/var/db/opendkim — ,

<domain.name> - (example.com)

selector — , (, mail). DNS exim`.



:



opendkim-genkey -D /var/db/opendkim -d example.com -s mail




, — mail.txt (mail — ) mail.private. :



cat /var/db/opendkim/mail.txt

mail._domainkey IN TXT ( "v=DKIM1; k=rsa; t=s; " "p=MIGfMA0GCSqGSIb3DQEBAQUAA4GN … mpwIDAQAB" ) ; ----- DKIM key mail for example.com.



mail.txt DNS example.com, ( ):



mail._domainkey IN TXT "v=DKIM1; k=rsa; t=s; p=MIGfMA0GCSqGS … wIDAQAB"



DNS :



_adsp._domainkey.example.com IN TXT "dkim=unknown"



mail.private , exim . :



chown mailnull:mail /var/db/opendkim/mail.private

chmod 600 /var/db/opendkim/mail.private



config opendkim mail.private. config:



vim (or something else) /usr/local/etc/opendkim.conf



# This is a simple config file for signing and verifying



LogWhy yes

Syslog yes

SyslogSuccess yes



Canonicalization relaxed/simple



Domain example.com

Selector mail

KeyFile /var/db/opendkim/mail.private



Socket inet:8891@localhost



ReportAddress support@example.com

SendReports yes



## Hosts to sign email for - 127.0.0.1 is default

## See the OPERATION section of opendkim(8) for more information

#

# InternalHosts 192.168.0.0/16, 10.0.0.0/8, 172.16.0.0/12



## For secondary mailservers - indicates not to sign or verify messages

## from these hosts

#

# PeerList XXXX



# PidFile /var/run/opendkim/opendkim.pid



, .



C opendkim` . Exim.



3. Exim

transports:



vim /usr/local/etc/exim/configure



begin transports :



DKIM_DOMAIN = ${lc:${domain:$h_from:}}

DKIM_FILE = /var/db/opendkim/mail.private #- !!!!

DKIM_PRIVATE_KEY = ${if exists{DKIM_FILE}{DKIM_FILE}{0}}



:



remote_smtp:

driver = smtp



:



remote_smtp:

driver = smtp

dkim_domain = DKIM_DOMAIN

dkim_selector = mail # - .

dkim_private_key = DKIM_PRIVATE_KEY



4. milter_opendkim

/usr/local/etc/rc.d/milter-opendkim start



5. Exim

/usr/local/etc/rc.d/exim reload



Exim , .



DKIM :



DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d= example.com; s=mail;

h=Date:Message-Id:From:Content-type:MIME-Version:Subject:To; bh=RUN…0qKg=;

b=EEla1LMRm…Q6CYJM/VHg=;


Received: from example by xxx.freehost.com.ua with local (Exim 4.80.1 (FreeBSD))



– DKIM .



, . "" . . . .

Source: https://habr.com/ru/post/163577/



All Articles