2016-04-24 17:20:18 +02:00
To enable DKIM signature, you must have created your mail accounts.
2016-08-17 13:50:18 +02:00
Once its done, just run from inside the directory of docker-compose.yml:
2016-04-24 17:20:18 +02:00
docker run --rm \
-v "$(pwd)/config":/tmp/docker-mailserver \
2016-05-10 07:37:47 +02:00
-ti tvial/docker-mailserver:latest generate-dkim-config
2016-04-24 17:20:18 +02:00
2018-03-03 07:39:24 +01:00
The default keysize is 2048 for now. If you need to change it (e.g. your DNS-Provider limits the size) provide the size as the first parameter of the command
docker run --rm \
-v "$(pwd)/config":/tmp/docker-mailserver \
-ti tvial/docker-mailserver:latest generate-dkim-config 2048
2016-09-26 19:25:40 +02:00
Now the keys are generated, you can configure your DNS server by just pasting the content of `config/opendkim/keys/domain.tld/mail.txt` in your `domain.tld.hosts` zone.
2016-04-24 17:49:08 +02:00
2018-02-06 19:57:16 +01:00
After generating DKIM keys you should restart the app.
2016-04-24 17:49:08 +02:00
```
; OpenDKIM
mail._domainkey IN TXT ( "v=DKIM1; k=rsa; "
2016-04-24 17:49:31 +02:00
"p=AZERTYUIOPQSDFGHJKLMWXCVBN/AZERTYUIOPQSDFGHJKLMWXCVBN/AZERTYUIOPQSDFGHJKLMWXCVBN/AZERTYUIOPQSDFGHJKLMWXCVBN/AZERTYUIOPQSDFGHJKLMWXCVBN/AZERTYUIOPQSDFGHJKLMWXCVBN/AZERTYUIOPQSDFGHJKLMWXCVBN/AZERTYUIOPQSDFGHJKLMWXCVBN" ) ; ----- DKIM key mail for domain.tld
2016-04-24 17:49:08 +02:00
2016-06-01 04:16:51 +02:00
```
2016-09-07 19:35:21 +02:00
## Configuration using a web interface:
1. Generate a new record of the type `TXT` .
2016-09-07 19:36:40 +02:00
2. Paste `mail._domainkey` the `Name` txt field.
2016-09-07 19:38:50 +02:00
3. In the `Target` or `Value` field fill in `v=DKIM1; k=rsa; p=AZERTYUGHJKLMWX...` .
2016-09-07 19:35:21 +02:00
4. In `TTL` (time to live): Time span in seconds. How long the DNS server should cache the `TXT` record.
5. Save.
2016-06-01 04:16:51 +02:00
## Verify-only
2016-06-01 15:59:50 +02:00
If you want DKIM to only verify incoming emails, the following version of /etc/opendkim.conf may be useful (right now there is no easy mechanism for installing it other than forking the repo):
2016-06-01 04:16:51 +02:00
```
# This is a simple config file verifying messages only
#LogWhy yes
Syslog yes
SyslogSuccess yes
Socket inet:12301@localhost
2016-06-01 16:00:02 +02:00
PidFile /var/run/opendkim/opendkim.pid
2016-06-01 04:16:51 +02:00
2016-06-01 15:59:50 +02:00
ReportAddress postmaster@my-domain.com
2016-06-01 04:16:51 +02:00
SendReports yes
Mode v
2016-09-07 18:37:43 +02:00
```
2016-09-07 19:24:38 +02:00
## Debugging
2016-09-07 18:37:43 +02:00
2016-09-07 19:24:38 +02:00
### Tools
* [DKIM-verifer ](https://addons.mozilla.org/en-US/thunderbird/addon/dkim-verifier ): A add-on for the mail client Thunderbird.
### DKIM TXT Record
You can debug your TXT records with the `dig` tool.
2016-09-07 18:37:43 +02:00
```
dig TXT mail._domainkey.domain.tld
```
Output:
```
; < < >> DiG 9.10.3-P4-Debian < < >> TXT mail._domainkey.domain.tld
;; global options: +cmd
;; Got answer:
;; ->>HEADER< < - opcode: QUERY , status: NOERROR , id: 39669
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 512
;; QUESTION SECTION:
;mail._domainkey.domain.tld. IN TXT
;; ANSWER SECTION:
mail._domainkey.domain.tld. 3600 IN TXT "v=DKIM1; k=rsa; p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCxBSjG6RnWAdU3oOlqsdf2WC0FOUmU8uHVrzxPLW2R3yRBPGLrGO1++yy3tv6kMieWZwEBHVOdefM6uQOQsZ4brahu9lhG8sFLPX4MaKYN/NR6RK4gdjrZu+MYSdfk3THgSbNwIDAQAB"
;; Query time: 50 msec
;; SERVER: 127.0.1.1#53(127.0.1.1)
;; WHEN: Wed Sep 07 18:22:57 CEST 2016
;; MSG SIZE rcvd: 310
2016-04-24 17:49:08 +02:00
```
