meta data for this page
Differences
This shows you the differences between two versions of the page.
| Next revision | Previous revision | ||
| linux:exim:dkim [2018/04/10 08:32] – created niziak | linux:exim:dkim [2025/06/10 09:48] (current) – [Configure exim4] niziak | ||
|---|---|---|---|
| Line 1: | Line 1: | ||
| + | ====== DKIM ====== | ||
| + | |||
| + | RFC 8301 says: | ||
| + | |||
| + | rsa-sha1 MUST NOT be used for signing or verifying. | ||
| + | |||
| + | Signers MUST use RSA keys of at least 1024 bits for all keys. | ||
| + | Signers SHOULD use RSA keys of at least 2048 bits. | ||
| + | |||
| + | |||
| ====== Generate keypair ====== | ====== Generate keypair ====== | ||
| <code bash> | <code bash> | ||
| Line 13: | Line 23: | ||
| 20150726._domainkey.server.com IN TXT " | 20150726._domainkey.server.com IN TXT " | ||
| </ | </ | ||
| + | |||
| + | ====== Configure exim4 ====== | ||
| + | |||
| + | * In Debian, use **exim4-daemon-heavy** package. | ||
| + | * Change owner of private key file to be readable by exim4. In Debian exim4 user is **Debian-exim**. | ||
| + | * Put private key in */etc/exim4 directory*. In /etc/ssl exim4 cannot find file (chrooted?) | ||
| + | remote_smtp transport is running under user 101 (Debian-exim) group 42 (shadow) | ||
| + | * In **exim4.conf** under **remote_smtp** transport add: | ||
| + | <code ini> | ||
| + | dkim_canon = relaxed | ||
| + | dkim_selector = 20180410 | ||
| + | dkim_domain = spox.org | ||
| + | dkim_private_key = / | ||
| + | # dkim_strict = true # optional - causes signing failures to defer (requeue) | ||
| + | </ | ||
| + | |||
| + | To use DKIM for all sender domains automatically: | ||
| + | <code ini> | ||
| + | dkim_domain = ${sender_address_domain} | ||
| + | </ | ||
| + | |||
| + | ====== References ====== | ||
| + | |||
| + | * [[http:// | ||
| + | * [[https:// | ||
| + | * [[https:// | ||
| + | |||
| + | |||
| + | |||
| + | ====== Tools ====== | ||
| + | |||
| + | * [[https:// | ||