Configuring for DKIM Signing: Difference between revisions
No edit summary |
No edit summary |
||
| Line 30: | Line 30: | ||
DKIM Data added to LDAP for domain example.com with selector 0E9F184A-9577-11E1-AD0E-2A2FBBAC6BCB | DKIM Data added to LDAP for domain example.com with selector 0E9F184A-9577-11E1-AD0E-2A2FBBAC6BCB | ||
Public key to enter into DNS: | Public key to enter into DNS: | ||
0E9F184A-9577-11E1-AD0E-2A2FBBAC6BCB._domainkey IN TXT "v=DKIM1;=rsa; p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDY5CBg15nZ2vYnRmrNub6Jn6ghQ2DXQbQgOJ/E5IGziUYEuE2OnxkBm1h3jived21uHjpNy0naOZjLj0xLyyjclVy1chrhSbsGAhe8HLXUsdXyfRvNTq8NWLsUnMEsoomtJCJ/6LYWYU1whOQ9oKZVAwWHSovAWZpByqNMZmFg7QIDAQAB" ; ----- DKIM 0E9F184A-9577-11E1-AD0E-2A2FBBAC6BCB for example.com | 0E9F184A-9577-11E1-AD0E-2A2FBBAC6BCB._domainkey IN TXT "v=DKIM1;=rsa; | ||
p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDY5CBg15nZ2vYnRmrNub6Jn6ghQ2DXQbQgOJ/E5IGziUYEuE2OnxkBm1h3jived21uHjpNy0naOZjLj0xLyyjclVy1chrhSbsGAhe8HLXUsdXyfRvNTq8NWLsUnMEsoomtJCJ | |||
/6LYWYU1whOQ9oKZVAwWHSovAWZpByqNMZmFg7QIDAQAB" ; ----- DKIM 0E9F184A-9577-11E1-AD0E-2A2FBBAC6BCB for example.com | |||
=== Updating DIM data for a domain === | === Updating DIM data for a domain === | ||
| Line 40: | Line 42: | ||
=== Retrieving the stored DKIM data for a domain === | === Retrieving the stored DKIM data for a domain === | ||
/opt/zimbra/libexec/zmdkimkeyutil -q -d example.com | /opt/zimbra/libexec/zmdkimkeyutil -q -d example.com | ||
== Updating DNS == | |||
Revision as of 23:44, 3 May 2012
- This is certified documentation and is protected for editing by Zimbra Employees & Moderators only. Article Information |
|---|
| This article applies to the following ZCS versions. |
Zimbra Server with DKIM Signing
DomainKeys Identified Mail (DKIM) lets an organization take responsibility for a message that is in transit. The organization is a handler of the message, either as its originator or as an intermediary. Their reputation is the basis for evaluating whether to trust the message for further handling, such as delivery. Technically DKIM provides a method for validating a domain name identity that is associated with a message through cryptographic authentication
Configuring ZCS for DKIM signing
Starting with Zimbra 8.0, the ability to add DKIM signing to outgoing mail is available. Signing is done at the domain level. Setting up signing consists of two steps:
- Running zmdkimkeyutil to generate the DKIM keys and selector. The generated data is stored in the LDAP server as part of the domain LDAP entry.
- Updating the DNS server with the public DNS entry
The zmdkimkeyutil utility
The zmdkimkeyutil script allows you to do the following:
- Add DKIM data to a domain that does not currently have DKIM enabled
- Update DKIM data for a domain that already has DKIM enabled
- Query the DKIM data for a domain
- Remove the DKIM data for a domain
The domain "example.com" will be used throughout this wiki. Substitute it with your domain.
Adding DKIM data to a domain with no existing DKIM configuration
/opt/zimbra/libexec/zmdkimkeyutil -a -d example.com
After the data is generated, the public DNS record data that must be added for the domain to your DNS server will be output:
zimbra@example.com:~$ /opt/zimbra/libexec/zmdkimkeyutil -a -d example.com DKIM Data added to LDAP for domain example.com with selector 0E9F184A-9577-11E1-AD0E-2A2FBBAC6BCB Public key to enter into DNS: 0E9F184A-9577-11E1-AD0E-2A2FBBAC6BCB._domainkey IN TXT "v=DKIM1;=rsa; p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDY5CBg15nZ2vYnRmrNub6Jn6ghQ2DXQbQgOJ/E5IGziUYEuE2OnxkBm1h3jived21uHjpNy0naOZjLj0xLyyjclVy1chrhSbsGAhe8HLXUsdXyfRvNTq8NWLsUnMEsoomtJCJ /6LYWYU1whOQ9oKZVAwWHSovAWZpByqNMZmFg7QIDAQAB" ; ----- DKIM 0E9F184A-9577-11E1-AD0E-2A2FBBAC6BCB for example.com
Updating DIM data for a domain
/opt/zimbra/libexec/zmdkimkeyutil -u -d example.com
Removing DKIM data for a domain
/opt/zimbra/libexec/zmdkimkeyutil -r -d example.com
Retrieving the stored DKIM data for a domain
/opt/zimbra/libexec/zmdkimkeyutil -q -d example.com
