Exim + OpenDKIM implementation for bulk email
Everything was ready to launch a new project, one problem remained - Gmail sent registration confirmation letters to spam. After reviewing the help of the Gmail service, I realized that the main problem is the lack of DKIM implementation on the server. In my case, Exim was engaged in sending letters. It was necessary to implement a bunch of Exim + DKIM. Alas, due to the change of the DKIM implementation utility on FreeBSD, all instructions are outdated. I had to blindly tune Exim + DKIM for several days. In this article I will describe all the steps for implementing Exim + DKIM.DKIM is necessary for mass mailings and sending automatic emails from the site. Without this technology, spam filters Gmail do not miss emails sent by scripts. In order for Exim to send letters signed with the DKIM key, it is necessary to install an additional utility OpenDKIM. Previously, the dkim-filter utility was used, the developers stopped supporting it.
I advise you to read the article . It clearly states how to ensure that your letters do not fall into spam. The article is outdated for the implementation of the Exim + DKIM bundle, everything else is relevant.
The installation was implemented in 5 stages.
')
1. Installing OpenDKIM
cd /usr/ports/mail/opendkimmake install clean2. Generate keys and configure OpenDKIM and DNS records
First you need to generate a pair of keys - external and internal. External will be stored in DNS records, and internal - on the server.
So, we generate keys:
opendkim-genkey -D /var/db/opendkim -d <domain.name> -s
/var/db/opendkim — ,
<domain.name> - (example.com)
selector — , (, mail). DNS exim`.
:
opendkim-genkey -D /var/db/opendkim -d example.com -s mail
, — mail.txt (mail — ) mail.private. :
cat /var/db/opendkim/mail.txt
mail._domainkey IN TXT ( "v=DKIM1; k=rsa; t=s; " "p=MIGfMA0GCSqGSIb3DQEBAQUAA4GN … mpwIDAQAB" ) ; ----- DKIM key mail for example.com.
mail.txt DNS example.com, ( ):
mail._domainkey IN TXT "v=DKIM1; k=rsa; t=s; p=MIGfMA0GCSqGS … wIDAQAB"
DNS :
_adsp._domainkey.example.com IN TXT "dkim=unknown"
mail.private , exim . :
chown mailnull:mail /var/db/opendkim/mail.private
chmod 600 /var/db/opendkim/mail.private
config opendkim mail.private. config:
vim (or something else) /usr/local/etc/opendkim.conf
# This is a simple config file for signing and verifying
LogWhy yes
Syslog yes
SyslogSuccess yes
Canonicalization relaxed/simple
Domain example.com
Selector mail
KeyFile /var/db/opendkim/mail.private
Socket inet:8891@localhost
ReportAddress support@example.com
SendReports yes
## Hosts to sign email for - 127.0.0.1 is default
## See the OPERATION section of opendkim(8) for more information
#
# InternalHosts 192.168.0.0/16, 10.0.0.0/8, 172.16.0.0/12
## For secondary mailservers - indicates not to sign or verify messages
## from these hosts
#
# PeerList XXXX
# PidFile /var/run/opendkim/opendkim.pid
, .
C opendkim` . Exim.
3. Exim
transports:
vim /usr/local/etc/exim/configure
begin transports :
DKIM_DOMAIN = ${lc:${domain:$h_from:}}
DKIM_FILE = /var/db/opendkim/mail.private #- !!!!
DKIM_PRIVATE_KEY = ${if exists{DKIM_FILE}{DKIM_FILE}{0}}
:
remote_smtp:
driver = smtp
:
remote_smtp:
driver = smtp
dkim_domain = DKIM_DOMAIN
dkim_selector = mail # - .
dkim_private_key = DKIM_PRIVATE_KEY
4. milter_opendkim
/usr/local/etc/rc.d/milter-opendkim start
5. Exim
/usr/local/etc/rc.d/exim reload
Exim , .
DKIM :
DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d= example.com; s=mail;
h=Date:Message-Id:From:Content-type:MIME-Version:Subject:To; bh=RUN…0qKg=;
b=EEla1LMRm…Q6CYJM/VHg=;
Received: from example by xxx.freehost.com.ua with local (Exim 4.80.1 (FreeBSD))
– DKIM .
, . "" . . . .opendkim-genkey -D /var/db/opendkim -d <domain.name> -s
/var/db/opendkim — ,
<domain.name> - (example.com)
selector — , (, mail). DNS exim`.
:
opendkim-genkey -D /var/db/opendkim -d example.com -s mail
, — mail.txt (mail — ) mail.private. :
cat /var/db/opendkim/mail.txt
mail._domainkey IN TXT ( "v=DKIM1; k=rsa; t=s; " "p=MIGfMA0GCSqGSIb3DQEBAQUAA4GN … mpwIDAQAB" ) ; ----- DKIM key mail for example.com.
mail.txt DNS example.com, ( ):
mail._domainkey IN TXT "v=DKIM1; k=rsa; t=s; p=MIGfMA0GCSqGS … wIDAQAB"
DNS :
_adsp._domainkey.example.com IN TXT "dkim=unknown"
mail.private , exim . :
chown mailnull:mail /var/db/opendkim/mail.private
chmod 600 /var/db/opendkim/mail.private
config opendkim mail.private. config:
vim (or something else) /usr/local/etc/opendkim.conf
# This is a simple config file for signing and verifying
LogWhy yes
Syslog yes
SyslogSuccess yes
Canonicalization relaxed/simple
Domain example.com
Selector mail
KeyFile /var/db/opendkim/mail.private
Socket inet:8891@localhost
ReportAddress support@example.com
SendReports yes
## Hosts to sign email for - 127.0.0.1 is default
## See the OPERATION section of opendkim(8) for more information
#
# InternalHosts 192.168.0.0/16, 10.0.0.0/8, 172.16.0.0/12
## For secondary mailservers - indicates not to sign or verify messages
## from these hosts
#
# PeerList XXXX
# PidFile /var/run/opendkim/opendkim.pid
, .
C opendkim` . Exim.
3. Exim
transports:
vim /usr/local/etc/exim/configure
begin transports :
DKIM_DOMAIN = ${lc:${domain:$h_from:}}
DKIM_FILE = /var/db/opendkim/mail.private #- !!!!
DKIM_PRIVATE_KEY = ${if exists{DKIM_FILE}{DKIM_FILE}{0}}
:
remote_smtp:
driver = smtp
:
remote_smtp:
driver = smtp
dkim_domain = DKIM_DOMAIN
dkim_selector = mail # - .
dkim_private_key = DKIM_PRIVATE_KEY
4. milter_opendkim
/usr/local/etc/rc.d/milter-opendkim start
5. Exim
/usr/local/etc/rc.d/exim reload
Exim , .
DKIM :
DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d= example.com; s=mail;
h=Date:Message-Id:From:Content-type:MIME-Version:Subject:To; bh=RUN…0qKg=;
b=EEla1LMRm…Q6CYJM/VHg=;
Received: from example by xxx.freehost.com.ua with local (Exim 4.80.1 (FreeBSD))
– DKIM .
, . "" . . . .opendkim-genkey -D /var/db/opendkim -d <domain.name> -s
/var/db/opendkim — ,
<domain.name> - (example.com)
selector — , (, mail). DNS exim`.
:
opendkim-genkey -D /var/db/opendkim -d example.com -s mail
, — mail.txt (mail — ) mail.private. :
cat /var/db/opendkim/mail.txt
mail._domainkey IN TXT ( "v=DKIM1; k=rsa; t=s; " "p=MIGfMA0GCSqGSIb3DQEBAQUAA4GN … mpwIDAQAB" ) ; ----- DKIM key mail for example.com.
mail.txt DNS example.com, ( ):
mail._domainkey IN TXT "v=DKIM1; k=rsa; t=s; p=MIGfMA0GCSqGS … wIDAQAB"
DNS :
_adsp._domainkey.example.com IN TXT "dkim=unknown"
mail.private , exim . :
chown mailnull:mail /var/db/opendkim/mail.private
chmod 600 /var/db/opendkim/mail.private
config opendkim mail.private. config:
vim (or something else) /usr/local/etc/opendkim.conf
# This is a simple config file for signing and verifying
LogWhy yes
Syslog yes
SyslogSuccess yes
Canonicalization relaxed/simple
Domain example.com
Selector mail
KeyFile /var/db/opendkim/mail.private
Socket inet:8891@localhost
ReportAddress support@example.com
SendReports yes
## Hosts to sign email for - 127.0.0.1 is default
## See the OPERATION section of opendkim(8) for more information
#
# InternalHosts 192.168.0.0/16, 10.0.0.0/8, 172.16.0.0/12
## For secondary mailservers - indicates not to sign or verify messages
## from these hosts
#
# PeerList XXXX
# PidFile /var/run/opendkim/opendkim.pid
, .
C opendkim` . Exim.
3. Exim
transports:
vim /usr/local/etc/exim/configure
begin transports :
DKIM_DOMAIN = ${lc:${domain:$h_from:}}
DKIM_FILE = /var/db/opendkim/mail.private #- !!!!
DKIM_PRIVATE_KEY = ${if exists{DKIM_FILE}{DKIM_FILE}{0}}
:
remote_smtp:
driver = smtp
:
remote_smtp:
driver = smtp
dkim_domain = DKIM_DOMAIN
dkim_selector = mail # - .
dkim_private_key = DKIM_PRIVATE_KEY
4. milter_opendkim
/usr/local/etc/rc.d/milter-opendkim start
5. Exim
/usr/local/etc/rc.d/exim reload
Exim , .
DKIM :
DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d= example.com; s=mail;
h=Date:Message-Id:From:Content-type:MIME-Version:Subject:To; bh=RUN…0qKg=;
b=EEla1LMRm…Q6CYJM/VHg=;
Received: from example by xxx.freehost.com.ua with local (Exim 4.80.1 (FreeBSD))
– DKIM .
, . "" . . . .opendkim-genkey -D /var/db/opendkim -d <domain.name> -s
/var/db/opendkim — ,
<domain.name> - (example.com)
selector — , (, mail). DNS exim`.
:
opendkim-genkey -D /var/db/opendkim -d example.com -s mail
, — mail.txt (mail — ) mail.private. :
cat /var/db/opendkim/mail.txt
mail._domainkey IN TXT ( "v=DKIM1; k=rsa; t=s; " "p=MIGfMA0GCSqGSIb3DQEBAQUAA4GN … mpwIDAQAB" ) ; ----- DKIM key mail for example.com.
mail.txt DNS example.com, ( ):
mail._domainkey IN TXT "v=DKIM1; k=rsa; t=s; p=MIGfMA0GCSqGS … wIDAQAB"
DNS :
_adsp._domainkey.example.com IN TXT "dkim=unknown"
mail.private , exim . :
chown mailnull:mail /var/db/opendkim/mail.private
chmod 600 /var/db/opendkim/mail.private
config opendkim mail.private. config:
vim (or something else) /usr/local/etc/opendkim.conf
# This is a simple config file for signing and verifying
LogWhy yes
Syslog yes
SyslogSuccess yes
Canonicalization relaxed/simple
Domain example.com
Selector mail
KeyFile /var/db/opendkim/mail.private
Socket inet:8891@localhost
ReportAddress support@example.com
SendReports yes
## Hosts to sign email for - 127.0.0.1 is default
## See the OPERATION section of opendkim(8) for more information
#
# InternalHosts 192.168.0.0/16, 10.0.0.0/8, 172.16.0.0/12
## For secondary mailservers - indicates not to sign or verify messages
## from these hosts
#
# PeerList XXXX
# PidFile /var/run/opendkim/opendkim.pid
, .
C opendkim` . Exim.
3. Exim
transports:
vim /usr/local/etc/exim/configure
begin transports :
DKIM_DOMAIN = ${lc:${domain:$h_from:}}
DKIM_FILE = /var/db/opendkim/mail.private #- !!!!
DKIM_PRIVATE_KEY = ${if exists{DKIM_FILE}{DKIM_FILE}{0}}
:
remote_smtp:
driver = smtp
:
remote_smtp:
driver = smtp
dkim_domain = DKIM_DOMAIN
dkim_selector = mail # - .
dkim_private_key = DKIM_PRIVATE_KEY
4. milter_opendkim
/usr/local/etc/rc.d/milter-opendkim start
5. Exim
/usr/local/etc/rc.d/exim reload
Exim , .
DKIM :
DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d= example.com; s=mail;
h=Date:Message-Id:From:Content-type:MIME-Version:Subject:To; bh=RUN…0qKg=;
b=EEla1LMRm…Q6CYJM/VHg=;
Received: from example by xxx.freehost.com.ua with local (Exim 4.80.1 (FreeBSD))
– DKIM .
, . "" . . . .
opendkim-genkey -D /var/db/opendkim -d <domain.name> -s
/var/db/opendkim — ,
<domain.name> - (example.com)
selector — , (, mail). DNS exim`.
:
opendkim-genkey -D /var/db/opendkim -d example.com -s mail, — mail.txt (mail — ) mail.private. :
cat /var/db/opendkim/mail.txtmail._domainkey IN TXT ( "v=DKIM1; k=rsa; t=s; " "p=MIGfMA0GCSqGSIb3DQEBAQUAA4GN … mpwIDAQAB" ) ; ----- DKIM key mail for example.com.mail.txt DNS example.com, ( ):
mail._domainkey IN TXT "v=DKIM1; k=rsa; t=s; p=MIGfMA0GCSqGS … wIDAQAB"DNS :
_adsp._domainkey.example.com IN TXT "dkim=unknown"mail.private , exim . :
chown mailnull:mail /var/db/opendkim/mail.privatechmod 600 /var/db/opendkim/mail.privateconfig opendkim mail.private. config:
vim (or something else) /usr/local/etc/opendkim.conf# This is a simple config file for signing and verifying
LogWhy yes
Syslog yes
SyslogSuccess yes
Canonicalization relaxed/simple
Domain example.com
Selector mail
KeyFile /var/db/opendkim/mail.private
Socket inet:8891@localhost
ReportAddress support@example.com
SendReports yes
## Hosts to sign email for - 127.0.0.1 is default
## See the OPERATION section of opendkim(8) for more information
#
# InternalHosts 192.168.0.0/16, 10.0.0.0/8, 172.16.0.0/12
## For secondary mailservers - indicates not to sign or verify messages
## from these hosts
#
# PeerList XXXX
# PidFile /var/run/opendkim/opendkim.pid
, .
C opendkim` . Exim.
3. Exim
transports:
vim /usr/local/etc/exim/configurebegin transports :
DKIM_DOMAIN = ${lc:${domain:$h_from:}}DKIM_FILE = /var/db/opendkim/mail.private #- !!!!DKIM_PRIVATE_KEY = ${if exists{DKIM_FILE}{DKIM_FILE}{0}}:
remote_smtp:driver = smtp:
remote_smtp:driver = smtpdkim_domain = DKIM_DOMAINdkim_selector = mail # - .dkim_private_key = DKIM_PRIVATE_KEY4. milter_opendkim
/usr/local/etc/rc.d/milter-opendkim start5. Exim
/usr/local/etc/rc.d/exim reloadExim , .
DKIM :
DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d= example.com; s=mail;
h=Date:Message-Id:From:Content-type:MIME-Version:Subject:To; bh=RUN…0qKg=;
b=EEla1LMRm…Q6CYJM/VHg=;Received: from example by xxx.freehost.com.ua with local (Exim 4.80.1 (FreeBSD))– DKIM .
, . "" . . . .
opendkim-genkey -D /var/db/opendkim -d <domain.name> -s
/var/db/opendkim — ,
<domain.name> - (example.com)
selector — , (, mail). DNS exim`.
:
opendkim-genkey -D /var/db/opendkim -d example.com -s mail
, — mail.txt (mail — ) mail.private. :
cat /var/db/opendkim/mail.txt
mail._domainkey IN TXT ( "v=DKIM1; k=rsa; t=s; " "p=MIGfMA0GCSqGSIb3DQEBAQUAA4GN … mpwIDAQAB" ) ; ----- DKIM key mail for example.com.
mail.txt DNS example.com, ( ):
mail._domainkey IN TXT "v=DKIM1; k=rsa; t=s; p=MIGfMA0GCSqGS … wIDAQAB"
DNS :
_adsp._domainkey.example.com IN TXT "dkim=unknown"
mail.private , exim . :
chown mailnull:mail /var/db/opendkim/mail.private
chmod 600 /var/db/opendkim/mail.private
config opendkim mail.private. config:
vim (or something else) /usr/local/etc/opendkim.conf
# This is a simple config file for signing and verifying
LogWhy yes
Syslog yes
SyslogSuccess yes
Canonicalization relaxed/simple
Domain example.com
Selector mail
KeyFile /var/db/opendkim/mail.private
Socket inet:8891@localhost
ReportAddress support@example.com
SendReports yes
## Hosts to sign email for - 127.0.0.1 is default
## See the OPERATION section of opendkim(8) for more information
#
# InternalHosts 192.168.0.0/16, 10.0.0.0/8, 172.16.0.0/12
## For secondary mailservers - indicates not to sign or verify messages
## from these hosts
#
# PeerList XXXX
# PidFile /var/run/opendkim/opendkim.pid
, .
C opendkim` . Exim.
3. Exim
transports:
vim /usr/local/etc/exim/configure
begin transports :
DKIM_DOMAIN = ${lc:${domain:$h_from:}}
DKIM_FILE = /var/db/opendkim/mail.private #- !!!!
DKIM_PRIVATE_KEY = ${if exists{DKIM_FILE}{DKIM_FILE}{0}}
:
remote_smtp:
driver = smtp
:
remote_smtp:
driver = smtp
dkim_domain = DKIM_DOMAIN
dkim_selector = mail # - .
dkim_private_key = DKIM_PRIVATE_KEY
4. milter_opendkim
/usr/local/etc/rc.d/milter-opendkim start
5. Exim
/usr/local/etc/rc.d/exim reload
Exim , .
DKIM :
DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d= example.com; s=mail;
h=Date:Message-Id:From:Content-type:MIME-Version:Subject:To; bh=RUN…0qKg=;
b=EEla1LMRm…Q6CYJM/VHg=;
Received: from example by xxx.freehost.com.ua with local (Exim 4.80.1 (FreeBSD))
– DKIM .
, . "" . . . .opendkim-genkey -D /var/db/opendkim -d <domain.name> -s
/var/db/opendkim — ,
<domain.name> - (example.com)
selector — , (, mail). DNS exim`.
:
opendkim-genkey -D /var/db/opendkim -d example.com -s mail
, — mail.txt (mail — ) mail.private. :
cat /var/db/opendkim/mail.txt
mail._domainkey IN TXT ( "v=DKIM1; k=rsa; t=s; " "p=MIGfMA0GCSqGSIb3DQEBAQUAA4GN … mpwIDAQAB" ) ; ----- DKIM key mail for example.com.
mail.txt DNS example.com, ( ):
mail._domainkey IN TXT "v=DKIM1; k=rsa; t=s; p=MIGfMA0GCSqGS … wIDAQAB"
DNS :
_adsp._domainkey.example.com IN TXT "dkim=unknown"
mail.private , exim . :
chown mailnull:mail /var/db/opendkim/mail.private
chmod 600 /var/db/opendkim/mail.private
config opendkim mail.private. config:
vim (or something else) /usr/local/etc/opendkim.conf
# This is a simple config file for signing and verifying
LogWhy yes
Syslog yes
SyslogSuccess yes
Canonicalization relaxed/simple
Domain example.com
Selector mail
KeyFile /var/db/opendkim/mail.private
Socket inet:8891@localhost
ReportAddress support@example.com
SendReports yes
## Hosts to sign email for - 127.0.0.1 is default
## See the OPERATION section of opendkim(8) for more information
#
# InternalHosts 192.168.0.0/16, 10.0.0.0/8, 172.16.0.0/12
## For secondary mailservers - indicates not to sign or verify messages
## from these hosts
#
# PeerList XXXX
# PidFile /var/run/opendkim/opendkim.pid
, .
C opendkim` . Exim.
3. Exim
transports:
vim /usr/local/etc/exim/configure
begin transports :
DKIM_DOMAIN = ${lc:${domain:$h_from:}}
DKIM_FILE = /var/db/opendkim/mail.private #- !!!!
DKIM_PRIVATE_KEY = ${if exists{DKIM_FILE}{DKIM_FILE}{0}}
:
remote_smtp:
driver = smtp
:
remote_smtp:
driver = smtp
dkim_domain = DKIM_DOMAIN
dkim_selector = mail # - .
dkim_private_key = DKIM_PRIVATE_KEY
4. milter_opendkim
/usr/local/etc/rc.d/milter-opendkim start
5. Exim
/usr/local/etc/rc.d/exim reload
Exim , .
DKIM :
DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d= example.com; s=mail;
h=Date:Message-Id:From:Content-type:MIME-Version:Subject:To; bh=RUN…0qKg=;
b=EEla1LMRm…Q6CYJM/VHg=;
Received: from example by xxx.freehost.com.ua with local (Exim 4.80.1 (FreeBSD))
– DKIM .
, . "" . . . .
opendkim-genkey -D /var/db/opendkim -d <domain.name> -s
/var/db/opendkim — ,
<domain.name> - (example.com)
selector — , (, mail). DNS exim`.
:
opendkim-genkey -D /var/db/opendkim -d example.com -s mail, — mail.txt (mail — ) mail.private. :
cat /var/db/opendkim/mail.txtmail._domainkey IN TXT ( "v=DKIM1; k=rsa; t=s; " "p=MIGfMA0GCSqGSIb3DQEBAQUAA4GN … mpwIDAQAB" ) ; ----- DKIM key mail for example.com.mail.txt DNS example.com, ( ):
mail._domainkey IN TXT "v=DKIM1; k=rsa; t=s; p=MIGfMA0GCSqGS … wIDAQAB"DNS :
_adsp._domainkey.example.com IN TXT "dkim=unknown"mail.private , exim . :
chown mailnull:mail /var/db/opendkim/mail.privatechmod 600 /var/db/opendkim/mail.privateconfig opendkim mail.private. config:
vim (or something else) /usr/local/etc/opendkim.conf# This is a simple config file for signing and verifying
LogWhy yes
Syslog yes
SyslogSuccess yes
Canonicalization relaxed/simple
Domain example.com
Selector mail
KeyFile /var/db/opendkim/mail.private
Socket inet:8891@localhost
ReportAddress support@example.com
SendReports yes
## Hosts to sign email for - 127.0.0.1 is default
## See the OPERATION section of opendkim(8) for more information
#
# InternalHosts 192.168.0.0/16, 10.0.0.0/8, 172.16.0.0/12
## For secondary mailservers - indicates not to sign or verify messages
## from these hosts
#
# PeerList XXXX
# PidFile /var/run/opendkim/opendkim.pid
, .
C opendkim` . Exim.
3. Exim
transports:
vim /usr/local/etc/exim/configurebegin transports :
DKIM_DOMAIN = ${lc:${domain:$h_from:}}DKIM_FILE = /var/db/opendkim/mail.private #- !!!!DKIM_PRIVATE_KEY = ${if exists{DKIM_FILE}{DKIM_FILE}{0}}:
remote_smtp:driver = smtp:
remote_smtp:driver = smtpdkim_domain = DKIM_DOMAINdkim_selector = mail # - .dkim_private_key = DKIM_PRIVATE_KEY4. milter_opendkim
/usr/local/etc/rc.d/milter-opendkim start5. Exim
/usr/local/etc/rc.d/exim reloadExim , .
DKIM :
DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d= example.com; s=mail;
h=Date:Message-Id:From:Content-type:MIME-Version:Subject:To; bh=RUN…0qKg=;
b=EEla1LMRm…Q6CYJM/VHg=;Received: from example by xxx.freehost.com.ua with local (Exim 4.80.1 (FreeBSD))– DKIM .
, . "" . . . .
opendkim-genkey -D /var/db/opendkim -d <domain.name> -s
/var/db/opendkim — ,
<domain.name> - (example.com)
selector — , (, mail). DNS exim`.
:
opendkim-genkey -D /var/db/opendkim -d example.com -s mail
, — mail.txt (mail — ) mail.private. :
cat /var/db/opendkim/mail.txt
mail._domainkey IN TXT ( "v=DKIM1; k=rsa; t=s; " "p=MIGfMA0GCSqGSIb3DQEBAQUAA4GN … mpwIDAQAB" ) ; ----- DKIM key mail for example.com.
mail.txt DNS example.com, ( ):
mail._domainkey IN TXT "v=DKIM1; k=rsa; t=s; p=MIGfMA0GCSqGS … wIDAQAB"
DNS :
_adsp._domainkey.example.com IN TXT "dkim=unknown"
mail.private , exim . :
chown mailnull:mail /var/db/opendkim/mail.private
chmod 600 /var/db/opendkim/mail.private
config opendkim mail.private. config:
vim (or something else) /usr/local/etc/opendkim.conf
# This is a simple config file for signing and verifying
LogWhy yes
Syslog yes
SyslogSuccess yes
Canonicalization relaxed/simple
Domain example.com
Selector mail
KeyFile /var/db/opendkim/mail.private
Socket inet:8891@localhost
ReportAddress support@example.com
SendReports yes
## Hosts to sign email for - 127.0.0.1 is default
## See the OPERATION section of opendkim(8) for more information
#
# InternalHosts 192.168.0.0/16, 10.0.0.0/8, 172.16.0.0/12
## For secondary mailservers - indicates not to sign or verify messages
## from these hosts
#
# PeerList XXXX
# PidFile /var/run/opendkim/opendkim.pid
, .
C opendkim` . Exim.
3. Exim
transports:
vim /usr/local/etc/exim/configure
begin transports :
DKIM_DOMAIN = ${lc:${domain:$h_from:}}
DKIM_FILE = /var/db/opendkim/mail.private #- !!!!
DKIM_PRIVATE_KEY = ${if exists{DKIM_FILE}{DKIM_FILE}{0}}
:
remote_smtp:
driver = smtp
:
remote_smtp:
driver = smtp
dkim_domain = DKIM_DOMAIN
dkim_selector = mail # - .
dkim_private_key = DKIM_PRIVATE_KEY
4. milter_opendkim
/usr/local/etc/rc.d/milter-opendkim start
5. Exim
/usr/local/etc/rc.d/exim reload
Exim , .
DKIM :
DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d= example.com; s=mail;
h=Date:Message-Id:From:Content-type:MIME-Version:Subject:To; bh=RUN…0qKg=;
b=EEla1LMRm…Q6CYJM/VHg=;
Received: from example by xxx.freehost.com.ua with local (Exim 4.80.1 (FreeBSD))
– DKIM .
, . "" . . . .opendkim-genkey -D /var/db/opendkim -d <domain.name> -s
/var/db/opendkim — ,
<domain.name> - (example.com)
selector — , (, mail). DNS exim`.
:
opendkim-genkey -D /var/db/opendkim -d example.com -s mail
, — mail.txt (mail — ) mail.private. :
cat /var/db/opendkim/mail.txt
mail._domainkey IN TXT ( "v=DKIM1; k=rsa; t=s; " "p=MIGfMA0GCSqGSIb3DQEBAQUAA4GN … mpwIDAQAB" ) ; ----- DKIM key mail for example.com.
mail.txt DNS example.com, ( ):
mail._domainkey IN TXT "v=DKIM1; k=rsa; t=s; p=MIGfMA0GCSqGS … wIDAQAB"
DNS :
_adsp._domainkey.example.com IN TXT "dkim=unknown"
mail.private , exim . :
chown mailnull:mail /var/db/opendkim/mail.private
chmod 600 /var/db/opendkim/mail.private
config opendkim mail.private. config:
vim (or something else) /usr/local/etc/opendkim.conf
# This is a simple config file for signing and verifying
LogWhy yes
Syslog yes
SyslogSuccess yes
Canonicalization relaxed/simple
Domain example.com
Selector mail
KeyFile /var/db/opendkim/mail.private
Socket inet:8891@localhost
ReportAddress support@example.com
SendReports yes
## Hosts to sign email for - 127.0.0.1 is default
## See the OPERATION section of opendkim(8) for more information
#
# InternalHosts 192.168.0.0/16, 10.0.0.0/8, 172.16.0.0/12
## For secondary mailservers - indicates not to sign or verify messages
## from these hosts
#
# PeerList XXXX
# PidFile /var/run/opendkim/opendkim.pid
, .
C opendkim` . Exim.
3. Exim
transports:
vim /usr/local/etc/exim/configure
begin transports :
DKIM_DOMAIN = ${lc:${domain:$h_from:}}
DKIM_FILE = /var/db/opendkim/mail.private #- !!!!
DKIM_PRIVATE_KEY = ${if exists{DKIM_FILE}{DKIM_FILE}{0}}
:
remote_smtp:
driver = smtp
:
remote_smtp:
driver = smtp
dkim_domain = DKIM_DOMAIN
dkim_selector = mail # - .
dkim_private_key = DKIM_PRIVATE_KEY
4. milter_opendkim
/usr/local/etc/rc.d/milter-opendkim start
5. Exim
/usr/local/etc/rc.d/exim reload
Exim , .
DKIM :
DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d= example.com; s=mail;
h=Date:Message-Id:From:Content-type:MIME-Version:Subject:To; bh=RUN…0qKg=;
b=EEla1LMRm…Q6CYJM/VHg=;
Received: from example by xxx.freehost.com.ua with local (Exim 4.80.1 (FreeBSD))
– DKIM .
, . "" . . . .
opendkim-genkey -D /var/db/opendkim -d <domain.name> -s
/var/db/opendkim — ,
<domain.name> - (example.com)
selector — , (, mail). DNS exim`.
:
opendkim-genkey -D /var/db/opendkim -d example.com -s mail, — mail.txt (mail — ) mail.private. :
cat /var/db/opendkim/mail.txtmail._domainkey IN TXT ( "v=DKIM1; k=rsa; t=s; " "p=MIGfMA0GCSqGSIb3DQEBAQUAA4GN … mpwIDAQAB" ) ; ----- DKIM key mail for example.com.mail.txt DNS example.com, ( ):
mail._domainkey IN TXT "v=DKIM1; k=rsa; t=s; p=MIGfMA0GCSqGS … wIDAQAB"DNS :
_adsp._domainkey.example.com IN TXT "dkim=unknown"mail.private , exim . :
chown mailnull:mail /var/db/opendkim/mail.privatechmod 600 /var/db/opendkim/mail.privateconfig opendkim mail.private. config:
vim (or something else) /usr/local/etc/opendkim.conf# This is a simple config file for signing and verifying
LogWhy yes
Syslog yes
SyslogSuccess yes
Canonicalization relaxed/simple
Domain example.com
Selector mail
KeyFile /var/db/opendkim/mail.private
Socket inet:8891@localhost
ReportAddress support@example.com
SendReports yes
## Hosts to sign email for - 127.0.0.1 is default
## See the OPERATION section of opendkim(8) for more information
#
# InternalHosts 192.168.0.0/16, 10.0.0.0/8, 172.16.0.0/12
## For secondary mailservers - indicates not to sign or verify messages
## from these hosts
#
# PeerList XXXX
# PidFile /var/run/opendkim/opendkim.pid
, .
C opendkim` . Exim.
3. Exim
transports:
vim /usr/local/etc/exim/configurebegin transports :
DKIM_DOMAIN = ${lc:${domain:$h_from:}}DKIM_FILE = /var/db/opendkim/mail.private #- !!!!DKIM_PRIVATE_KEY = ${if exists{DKIM_FILE}{DKIM_FILE}{0}}:
remote_smtp:driver = smtp:
remote_smtp:driver = smtpdkim_domain = DKIM_DOMAINdkim_selector = mail # - .dkim_private_key = DKIM_PRIVATE_KEY4. milter_opendkim
/usr/local/etc/rc.d/milter-opendkim start5. Exim
/usr/local/etc/rc.d/exim reloadExim , .
DKIM :
DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d= example.com; s=mail;
h=Date:Message-Id:From:Content-type:MIME-Version:Subject:To; bh=RUN…0qKg=;
b=EEla1LMRm…Q6CYJM/VHg=;Received: from example by xxx.freehost.com.ua with local (Exim 4.80.1 (FreeBSD))– DKIM .
, . "" . . . .
opendkim-genkey -D /var/db/opendkim -d <domain.name> -s
/var/db/opendkim — ,
<domain.name> - (example.com)
selector — , (, mail). DNS exim`.
:
opendkim-genkey -D /var/db/opendkim -d example.com -s mail
, — mail.txt (mail — ) mail.private. :
cat /var/db/opendkim/mail.txt
mail._domainkey IN TXT ( "v=DKIM1; k=rsa; t=s; " "p=MIGfMA0GCSqGSIb3DQEBAQUAA4GN … mpwIDAQAB" ) ; ----- DKIM key mail for example.com.
mail.txt DNS example.com, ( ):
mail._domainkey IN TXT "v=DKIM1; k=rsa; t=s; p=MIGfMA0GCSqGS … wIDAQAB"
DNS :
_adsp._domainkey.example.com IN TXT "dkim=unknown"
mail.private , exim . :
chown mailnull:mail /var/db/opendkim/mail.private
chmod 600 /var/db/opendkim/mail.private
config opendkim mail.private. config:
vim (or something else) /usr/local/etc/opendkim.conf
# This is a simple config file for signing and verifying
LogWhy yes
Syslog yes
SyslogSuccess yes
Canonicalization relaxed/simple
Domain example.com
Selector mail
KeyFile /var/db/opendkim/mail.private
Socket inet:8891@localhost
ReportAddress support@example.com
SendReports yes
## Hosts to sign email for - 127.0.0.1 is default
## See the OPERATION section of opendkim(8) for more information
#
# InternalHosts 192.168.0.0/16, 10.0.0.0/8, 172.16.0.0/12
## For secondary mailservers - indicates not to sign or verify messages
## from these hosts
#
# PeerList XXXX
# PidFile /var/run/opendkim/opendkim.pid
, .
C opendkim` . Exim.
3. Exim
transports:
vim /usr/local/etc/exim/configure
begin transports :
DKIM_DOMAIN = ${lc:${domain:$h_from:}}
DKIM_FILE = /var/db/opendkim/mail.private #- !!!!
DKIM_PRIVATE_KEY = ${if exists{DKIM_FILE}{DKIM_FILE}{0}}
:
remote_smtp:
driver = smtp
:
remote_smtp:
driver = smtp
dkim_domain = DKIM_DOMAIN
dkim_selector = mail # - .
dkim_private_key = DKIM_PRIVATE_KEY
4. milter_opendkim
/usr/local/etc/rc.d/milter-opendkim start
5. Exim
/usr/local/etc/rc.d/exim reload
Exim , .
DKIM :
DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d= example.com; s=mail;
h=Date:Message-Id:From:Content-type:MIME-Version:Subject:To; bh=RUN…0qKg=;
b=EEla1LMRm…Q6CYJM/VHg=;
Received: from example by xxx.freehost.com.ua with local (Exim 4.80.1 (FreeBSD))
– DKIM .
, . "" . . . .Source: https://habr.com/ru/post/163577/
All Articles