Frozenstar Domain Keys Identified Mail (DKIM)

Frozenstar mail system has implemented OpenDKIM.
DomainKeys Identified Mail (DKIM) is a method for E-mail authentication, allowing a person who receives email to verify that the message actually comes from the domain that it claims to have come from. The need for this type of authentication arises because spam often has forged headers.

DKIM uses public-key cryptography to allow the sender to electronically sign legitimate emails in a way that can be verified by recipients.

DKIM also guards against tampering with mail, offering almost end-to-end integrity from a signing to a verifying Mail transfer agent (MTA).

Key generation for dkim-milter and its setup with DNS

The opendkim-tools package provides a tool, opendkim-genkey for creating your key pairs:

opendkim-genkey -t -s mail -d

This will generate two files: mail.private which is your private key, and mail.txt which is your DNS record containing your public key.

The -s argument supplies the selector (in our case “mail”), the -d argument supplies the domain, and the -t argument says that we are running DKIM in test mode. This indicates that verifiers shouldn’t drop your mail if something’s wrong with the signature. Its seems that the majority using DKIM run it in test mode.

Copy your private key in place:

cp mail.private /etc/mail/dkim.key

Now create your DNS record as supplied in mail.txt, which should look like this, that’s frozenstar domainkeys:

 201701._domainkey	IN	TXT	( "v=DKIM1; h=rsa-sha256; k=rsa; s=email; "
	  "VbQ0tq2iGj/iP9gJwLNMQWPAHJjUuXXkVKGZ9uP2n21AoXUlWD2iz7mfwbEOZNLuSSkCwGrLciymQYvQg712SnhbTTd+OoMZMuufbGxXyLDgRBStNdnADkIdfDGS2lE+Sfg++9hijJKe/n/gcJen2d5f407HsMx3T6+3RDAmoLvTkUmklPe3JuciU5ntIhR6HyntgvajMiGSTNuWR9csrnJoew82U2Y8pzsCAwEAAQ==" )  ; ----- DKIM key 201701 for

Leave a Reply

Your email address will not be published. Required fields are marked *