User Tools

Site Tools


how_to:signing_outgoing_mail_with_dkim

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revisionPrevious revision
Next revision
Previous revision
how_to:signing_outgoing_mail_with_dkim [2018/11/14 10:45] – external edit 127.0.0.1how_to:signing_outgoing_mail_with_dkim [2020/07/22 10:32] (current) paul
Line 7: Line 7:
 To be able to do this yourself, you need to have access to the DNS server for your domain. This might be your own DNS server, or one provided by your domain registry.  To be able to do this yourself, you need to have access to the DNS server for your domain. This might be your own DNS server, or one provided by your domain registry. 
  
-Now you need to generate a public key to put into a TXT record for your domainTo do this, search for a DKIM key generator, like [[http://dkimcore.org]], and enter the domain you want to put DKIM onto. This will generate a public key and a private key, and also a selector. The selector will look something like **<number>.<domain name>**.+Now you need to generate a public key / private key pair to sign & verify your messagesThere is a DKIM generator on our website at [[https://www.pscs.co.uk/tools/dkim]]. For the selector name use one or more valid DNS name parts. You should not re-use selector names. For simplicitywe suggest using 's1' the first time you generate a certificate, then 's2' the second time, and so on.
  
-On the DNS server, create a new TXT record, with a host name of the <selector>._domainkey.<domain name> - for instance **1532654.example._domainkey.example.com**. Copy the public key from the key generator, and paste it into the TXT record's data. Remember to remove the speech marks and any spaces in the key. Apply the changes on the DNS server.+On the DNS server, create a new TXT record, with a host name of the <selector>._domainkey.<domain name> - for instance **s1._domainkey.example.com**. Copy the public key from the key generator, and paste it into the TXT record's data. Apply the changes on the DNS server.
  
-Now you need to sort out the private key. Copy the private key (including the BEGIN/END lines) and paste it into a text editor, like notepad. This document needs to be saved into the VPOP3 directory, as a file called **domainkey_<domain name>_<selector>.key** (e.g. **domainkey_example.com_1532654.example.key**). +Now you need to sort out the private key. Copy the private key (including the BEGIN/END lines) and paste it into a text editor, like notepad. This document needs to be saved into the VPOP3 directory, as a file called **domainkey_<domain name>_<selector>.key** (e.g. **domainkey_example.com_s1.key**). 
  
 Now go onto VPOP3 and click the **Services** tab, and **SMTP Server**, then click the **spam reduction** tab. Once there, change the **DKIM Signing** box to **All Local Senders**, and add the selector to the **DKIM Selector** box. Then click Submit. Now go onto VPOP3 and click the **Services** tab, and **SMTP Server**, then click the **spam reduction** tab. Once there, change the **DKIM Signing** box to **All Local Senders**, and add the selector to the **DKIM Selector** box. Then click Submit.
Line 17: Line 17:
 Now, when you send a message through your VPOP3 server from the appropriate domain, VPOP3 will generate a DKIM signature for the message.  Now, when you send a message through your VPOP3 server from the appropriate domain, VPOP3 will generate a DKIM signature for the message. 
  
 +====Multiple domains====
 If you can send mail from several different domains, just have several different domainkey_.....key files in the VPOP3 directory and VPOP3 will choose between them as appropriate. If there isn't a domainkey_.....key file for a particular sender, then VPOP3 will not generate a DKIM signature for that message. If you can send mail from several different domains, just have several different domainkey_.....key files in the VPOP3 directory and VPOP3 will choose between them as appropriate. If there isn't a domainkey_.....key file for a particular sender, then VPOP3 will not generate a DKIM signature for that message.
 +
 +Note that the //selector// must be the same for all domains, so rename the .key files and DNS hostnames as appropriate. The selector can be any text that is a valid DNS host name, so it can be random text, or something simple like 's1' or whatever you prefer. You should not reuse selector names as that can cause confusion if a signing certificate changes but the selector is the same.
how_to/signing_outgoing_mail_with_dkim.1542192349.txt.gz · Last modified: 2018/11/14 10:45 by 127.0.0.1