Updated Configure DKIM (markdown)

Configure-DKIM.md

@@ -4,28 +4,22 @@ DKIM is a security measure targeting email spoofing. It is greatly recommended o
 
 To enable DKIM signature, **you must have created at least one email account**.
 
-Once its done, just run the following command to generate the signature (here show from inside the directory of docker-compose.yml in order to use a volume on ./config):
+Once its done, just run the following command to generate the signature:
 
 ```BASH
-docker run --rm \
+./setup.sh config dkim
-  -v "$(pwd)/config":/tmp/docker-mailserver \
-  -ti tvial/docker-mailserver:latest generate-dkim-config
 ```
 
-The default keysize when generating the signature is 4096 bits for now. If you need to change it (e.g. your DNS-Provider limits the size), then provide the size as the first parameter of the command:
+The script assumes you're being in the directory where the `config/` directory is located. The default keysize when generating the signature is 4096 bits for now. If you need to change it (e.g. your DNS-Provider limits the size), then provide the size as the first parameter of the command:
 
 ```BASH
-docker run --rm \
+./setup.sh config dkim <keysize>
-  -v "$(pwd)/config":/tmp/docker-mailserver \
-  -ti tvial/docker-mailserver:latest generate-dkim-config 4096
 ```
 
 For LDAP systems that do not have any directly created user account you can run the following command (since `8.0.0`) to generate the signature by additionally providing the desired domain name (if you have multiple domains use the command multiple times or provide a comma-separated list of domains): 
 
 ```BASH
-docker run --rm \
+./setup.sh config dkim <key-size> <domain.tld>[,<domain2.tld>]
-  -v "$(pwd)/config":/tmp/docker-mailserver \
-  -ti docker-mailserver/docker-mailserver:latest generate-dkim-config <key-size> <domain.tld>[,<domain2.tld>]
 ```
 
 Now the keys are generated, you can configure your DNS server with DKIM signature, simply by adding a TXT record.
@@ -33,10 +27,10 @@ Now the keys are generated, you can configure your DNS server with DKIM signatur
 If you have direct access to your DNS zone file, then it's only a matter of pasting the content of `config/opendkim/keys/domain.tld/mail.txt` in your `domain.tld.hosts` zone.
 
 ``` TXT
-; OpenDKIM
+$ dig mail._domainkey.domain.tld TXT
-mail._domainkey	IN	TXT	( "v=DKIM1; k=rsa; "
+---
-	  "p=AZERTYUIOPQSDFGHJKLMWXCVBN/AZERTYUIOPQSDFGHJKLMWXCVBN/AZERTYUIOPQSDFGHJKLMWXCVBN/AZERTYUIOPQSDFGHJKLMWXCVBN/AZERTYUIOPQSDFGHJKLMWXCVBN/AZERTYUIOPQSDFGHJKLMWXCVBN/AZERTYUIOPQSDFGHJKLMWXCVBN/AZERTYUIOPQSDFGHJKLMWXCVBN" )  ; ----- DKIM key mail for domain.tld
+;; ANSWER SECTION
-
+mail._domainkey.<DOMAIN> 300 IN TXT    "v=DKIM1; k=rsa; p=AZERTYUIOPQSDFGHJKLMWXCVBN/AZERTYUIOPQSDFGHJKLMWXCVBN/AZERTYUIOPQSDFGHJKLMWXCVBN/AZERTYUIOPQSDFGHJKLMWXCVBN/AZERTYUIOPQSDFGHJKLMWXCVBN/AZERTYUIOPQSDFGHJKLMWXCVBN/AZERTYUIOPQSDFGHJKLMWXCVBN/AZERTYUIOPQSDFGHJKLMWXCVBN"
 ```
 
 <details>
@@ -55,10 +49,12 @@ After generating DKIM keys, you should restart the mail server. DNS edits may ta
 Note: Sometimes the key in `config/opendkim/keys/domain.tld/mail.txt` can be on multiple lines. If so then you need to concatenate the values in the TXT record:
 
 ```
-; OpenDKIM
+$ dig mail._domainkey.domain.tld TXT
+---
+;; ANSWER SECTION
 mail._domainkey	IN	TXT	( "v=DKIM1; k=rsa; "
 	  "p=AZERTYUIOPQSDF..."
-	  "asdfQWERTYUIOPQSDF..." )  ; ----- DKIM key mail for domain.tld
+	  "asdfQWERTYUIOPQSDF..." )
 ```
 
 the target (or value) field must then have all the parts together: `v=DKIM1; k=rsa; p=AZERTYUIOPQSDF...asdfQWERTYUIOPQSDF...`
@@ -66,7 +62,8 @@ the target (or value) field must then have all the parts together: `v=DKIM1; k=r
 ## Verify-only
 
 If you want DKIM to only _verify_ incoming emails, the following version of /etc/opendkim.conf may be useful (right now there is no easy mechanism for installing it other than forking the repo):
-```
+
+``` TXT
 # This is a simple config file verifying messages only
 
 #LogWhy                 yes