Skip to content

Instantly share code, notes, and snippets.

@jontey

jontey/README - Managing dkim keys with postfixadmin.md

Last active March 10, 2023 15:14
Show Gist options
  • Save jontey/8c750a6f0fd9fc5a7858f8f1d5142b38 to your computer and use it in GitHub Desktop.
Save jontey/8c750a6f0fd9fc5a7858f8f1d5142b38 to your computer and use it in GitHub Desktop.
Download ZIP
Managing dkim keys with postfixadmin
Raw
README - Managing dkim keys with postfixadmin.md

How to generate dkim signing key for a domain

  1. Launch LISH console image

  2. Enter username and password

  3. Enter the following commands to create. Replace domain

export DOMAIN=<change to domain>
mkdir /etc/opendkim/keys/${DOMAIN}
opendkim-genkey -b 2048 -d ${DOMAIN} -D /etc/opendkim/keys/${DOMAIN} -s default -v
openssl rsa -in /etc/opendkim/keys/${DOMAIN}/default.private -pubout > /etc/opendkim/keys/${DOMAIN}/default.public
  1. In a browser login to postfixadmin. Navigate to add Domain Keys
Description: ${DOMAIN} default key
Selector: default <-- CANNOT CHANGE
Domain: <Select domain from dropdown>
Private key: <Get from Step 5>
Public key: <Get from Step 6>

image

  1. Print private key. Copy the output
cat /etc/opendkim/keys/${DOMAIN}/default.private

-----BEGIN RSA PRIVATE KEY-----
MIIEow...
-----END RSA PRIVATE KEY-----
  1. Print public key. Copy the output
cat /etc/opendkim/keys/${DOMAIN}/default.public

-----BEGIN PUBLIC KEY-----
MIIB...
-----END PUBLIC KEY-----

  1. Save changes

  2. In browser click Add Sign Table Entry image

  3. Select domain key. Author should be the domain.

  4. Navigate to https://cloud.linode.com/domains

  5. Add a new TXT record

Hostname: default._domainkey
Value: <From step 12>

image

  1. Print txt record
cat /etc/opendkim/keys/${DOMAIN}/default.txt

default._domainkey      IN      TXT     ( "v=DKIM1; k=rsa; "
"p=MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAo56F1I7fdly32vh3RCWL676HFhvFvAfaYuBsSQyZWMCKmivZGuhRjqjTlfe9JiVLeg5uZFOv4ci"
"sTwbj6Et8kMP3+vyh/5rDR9AIaJ7nI/L1rZN8XVJTNel+rghH5WseuvcVQX0DhABXqfngUDASf9kzcBCzMoMzpX7Ynw0eVqGcrzsplCBS+vKBNTeUMndefYxQCwM6gbmdYrleI2QIDAQAB" )

Remove the double quotes and make into a single line

v=DKIM1; k=rsa; p=MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAo56F1I7fdly32vh3RCWL676HFhvFvAfaYuBsSQyZWMCKmivZGuhRjqjTlfe9JiVLeg5uZFOv4cisW3wBt08EOD6oNuF5fFHRXwcSArNL5mxn5d6eIDmGuHyuCkuNtPefEtRV/d9d1AyB2VB9blzETTs84aauCM93jraI6b8T7ae7/jr7Zpqjp7WsZ/CTfqg/vs0byH3268EXNasTwbj6Et8kMP3+vyh/5rDR9AIaJ7nI/L1rZN8XVJTNel+rghH5WseuvcVQX0DhABXqfngUDASf9kzcBCzMoMzpX7Ynw0eVqGcrzsplCBS+vKBNTeUMndefYxQCwM6gbmdYrleI2QIDAQAB
  1. Click Save

How to test

  1. Send an email from the domain to a Gmail account you own.

  2. Go to Gmail on desktop browser. Click the three dots icon on the right side, select Show Original Message image

  3. Verify that SPF and DKIM checks pass

image

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment