Difference between revisions of "Generating DKIM Key"
From Luna Node
(Created page with "First, install the package containing opendkim-genkey. On Debian/Ubuntu: <nowiki>apt-get install opendkim-tools Now, generate the keypair (replace example.com with your dom...") |
|||
| Line 1: | Line 1: | ||
First, install the package containing opendkim-genkey. On Debian/Ubuntu: | First, install the package containing opendkim-genkey. On Debian/Ubuntu: | ||
| − | <nowiki>apt-get install opendkim-tools | + | <nowiki>apt-get install opendkim-tools</nowiki> |
Now, generate the keypair (replace example.com with your domain name): | Now, generate the keypair (replace example.com with your domain name): | ||
| − | <nowiki>opendkim-genkey -t -s mail -d example.com | + | <nowiki>opendkim-genkey -t -s mail -d example.com</nowiki> |
Here, "-s mail" indicates that we are using "mail" for the selector name, and "-t" indicates we will run DKIM in [http://www.dkim.org/specs/rfc4871-dkimbase.html#key-text test mode]; most DKIM users opt for test mode, but you can remove the "-t" flag if desired, in this case mail servers verifying DKIM will reject mail that isn't signed. | Here, "-s mail" indicates that we are using "mail" for the selector name, and "-t" indicates we will run DKIM in [http://www.dkim.org/specs/rfc4871-dkimbase.html#key-text test mode]; most DKIM users opt for test mode, but you can remove the "-t" flag if desired, in this case mail servers verifying DKIM will reject mail that isn't signed. | ||
| Line 13: | Line 13: | ||
Create a DNS TXT record at "mail._domainkey.example.com." based on the public key: | Create a DNS TXT record at "mail._domainkey.example.com." based on the public key: | ||
| − | <nowiki>mail._domainkey.example.com. IN TXT "k=rsa; p=PpYHdE2tevfEpvL1Tk2dDYv0pF28/f 5MxU83x/0bsn4R4p7waPaz1IbOGs/6bm5QIDAQAB" | + | <nowiki>mail._domainkey.example.com. IN TXT "k=rsa; p=PpYHdE2tevfEpvL1Tk2dDYv0pF28/f 5MxU83x/0bsn4R4p7waPaz1IbOGs/6bm5QIDAQAB"</nowiki> |
Revision as of 17:02, 14 July 2015
First, install the package containing opendkim-genkey. On Debian/Ubuntu:
apt-get install opendkim-tools
Now, generate the keypair (replace example.com with your domain name):
opendkim-genkey -t -s mail -d example.com
Here, "-s mail" indicates that we are using "mail" for the selector name, and "-t" indicates we will run DKIM in test mode; most DKIM users opt for test mode, but you can remove the "-t" flag if desired, in this case mail servers verifying DKIM will reject mail that isn't signed.
The command will generate a public key in mail.txt and private key in mail.key.
Create a DNS TXT record at "mail._domainkey.example.com." based on the public key:
mail._domainkey.example.com. IN TXT "k=rsa; p=PpYHdE2tevfEpvL1Tk2dDYv0pF28/f 5MxU83x/0bsn4R4p7waPaz1IbOGs/6bm5QIDAQAB"
