DKIM

• Key erzeugen
• DNS TXT-Record
• Exim

DomainKeys Identified Mail for Exim

Key erzeugen

Public/Private Key Paar erstellen

openssl genrsa -out ./private/mail2009._domainkey.domain.tld.key 1024

Public Key extrahieren

openssl rsa -in ./private/mail2009._domainkey.domain.tld.key -out ./certs/mail2009._domainkey.domain.tld.pub.key -pubout -outform PEM

Keys ins exim4 verzeichnis kopieren

mkdir /etc/exim4/dkim/
cp -a ./private/mail2009._domainkey.domain.tld.sec.key /etc/exim4/dkim/
cp -a ./certs/mail2009._domainkey.domain.tld.pub.key /etc/exim4/dkim/

DNS TXT-Record

p= string erzeugen

grep -v -e "^-" ./certs/mail._domainkey.domain.tld.pub.key | tr -d "\n"

Create bind DNS record

mail2009._domainkey IN TXT "v=DKIM1\; k=rsa\; t=y\;p=MIGfMA0GCSqGSIb3D.....DTm+gq9FwsB/PSdrbYeEQIDAQAB"

_ssp ist die Senderpolicy für DKIM. unknown heisst es wird signiert oder auch nicht

_ssp._domainkey IN TXT "t=y\; dkim=unknown"

Exim

Simple transport to sign messages in exim

# This transport is used for delivering messages over SMTP connections.
remote_smtp:
  debug_print = "T: remote_smtp for $local_part@$domain"
  driver = smtp
  .ifdef OUTGOING_INTERFACE
  interface = OUTGOING_INTERFACE
  .endif
  dkim_domain = $sender_address_domain
  dkim_selector = mail2009
  dkim_private_key = /etc/exim4/dkim/${dkim_selector}.${dkim_domain}.sec.key
  # to disable TLS on outgoing connections, uncomment this
  # hosts_avoid_tls = *