DKIM (DomainKeys Identified Mail) is an e-mail authentication mechanism that helps fight email forgery. It adds a digital signature to outgoing messages, and the recipient can check the domain's DNS record that the message was indeed sent from the specified domain and that its content was not modified during delivery.
On a VPS or dedicated server, DKIM is quite easy to set up because you have full control over the mail server and its configuration.
In the example below, we configure DKIM for the domain example.com
Create a directory for DKIM keys
First, let's prepare the directory where the private key will be stored:
Generating private and public keys
Generate a private key (it remains only on the server):
Next, based on the private key, we create a public key, which we then add to DNS:
Setting the file owner
Exim on Debian usually runs from the user Debian-exim, so we change the owner of the directory and keys:
Connect DKIM in the Exim configuration
Open the Exim configuration template:
-
main file:
/etc/exim4/exim4.conf.template
We add the following parameters before the section remote_smtp:
If you are using split configuration (conf.d) then these lines should be added to the file:
-
/etc/exim4/conf.d/transport/30_exim4-config_remote_smtp
Restart Exim and check the parameters
Applying changes:
We check that the DKIM parameters have been picked up:
Adding a DKIM record to DNS
Now you need to create a TXT record in the DNS zone of the domain. The record name is formed as follows:
Where email is the selector (DKIM_SELECTOR) from the Exim configuration.
We insert the public key in DKIM format into the value of the TXT record, for example:
Explanation of parameters:
-
v=DKIM1— DKIM version -
h=sha256— hash algorithm (usuallysha256is used, sometimessha1) -
k=rsa— key type -
p=...— public key (corresponds to the contents of the fileexample.com.pub)