msgbartop
MAC OS X, Linux, Windows and other IT Tips and Tricks
msgbarbottom

22 Apr 13 Configuring DKIM Authentication in Zimbra

Configuring Zimbra 8.x to use DKIM Authentication
Example for ‘mydomain.com’

ssh root@zimbra.mydomain.com
su - zimbra

Creating the DKIM keys for a domain:
/opt/zimbra/libexec/zmdkimkeyutil -a -d mydomain.com
Example of result:
50F0EEFE-AB8C-11E2-B7AE-FC2CE654A0ED._domainkey IN TXT ( "v=DKIM1; k=rsa; "
"p=MIGfMA0GCSqGSIb3DQEBAQUCA4GNADCBiQKBgQDodIcoFWJsfsSzsdINY/ZiOKn3qKLt+qmEl1cDYApi0PCHwQmqTl9mhRKs3obfgN8O9nT227CDg9NI7MMu8r0fOatQRQ1YHesDmHIo1lELioDNd5QZPg1AUum0CPsDuR+YI5AG5wZhZ4c3ei0Uv3cu4aTIhGrRgnD081sysJ5vZwIDAQAB" ) ; ----- DKIM key 50F0EEFE-AB8C-11E2-B7AE-FC2CE654A0ED for mydomain.com

IMPORTANT: Enter the above result as TXT field in the DNS of example.com domain.

Testing the DKIM keys:


Command syntax:
/opt/zimbra/opendkim/sbin/opendkim-testkey -d example.com -s 0E9F184A-9577-11E1-AD0E-2A2FBBAC6BCB -x /opt/zimbra/conf/opendkim.conf
-d is the domain name (example.com)
-s is the selector name (0E9F184A-9577-11E1-AD0E-2A2FBBAC6BCB…value entered in first field of TXT record)
-x is the configuration file (/opt/zimbra/conf/opendkim.conf)

Example of DNS TXT record:
0E9F184A-9577-11E1-AD0E-2A2FBBAC6BCB._domainkey IN TXT "v=DKIM1; k=rsa; " "p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQC2R............."
Example of key test command:
/opt/zimbra/opendkim/sbin/opendkim-testkey -d example.com -s 0E9F184A-9577-11E1-AD0E-2A2FBBAC6BCB -x /opt/zimbra/conf/opendkim.conf
– If no result is shown: then the Key is correct.
– If something is wrong then the following similar message would show up:
opendkim-testkey: '0E9F184A-9577-11E1-AD0E-2A2FBBAC6BCB._domainkey.example.com' record not found
Retrieving a DKIM key from Zimbra:
/opt/zimbra/libexec/zmdkimkeyutil -q -d example.com
Deleting a DKIM key from Zimbra
/opt/zimbra/libexec/zmdkimkeyutil -r -d example.com
Example of a mail headers sent using DKIM and SPF Authentication
Received: from zimbra.example.com ([84.200.75.211])
by mx.google.com with ESMTPS id fv8si9645396bkc.151.2013.04.22.14.24.39
(version=TLSv1.2 cipher=ECDHE-RSA-RC4-SHA bits=128/128);
Mon, 22 Apr 2013 14:24:39 -0700 (PDT)
Received-SPF: pass (google.com: domain of michel@example.com designates 84.200.75.211 as permitted sender) client-ip=84.200.75.211;
Authentication-Results: mx.google.com;
spf=pass (google.com: domain of michel@example.com designates 84.200.75.211 as permitted sender) smtp.mail=michel@example.com;
dkim=pass header.i=@example.com
DKIM-Filter: OpenDKIM Filter v2.7.1 zimbra.example.com 37BCE8CAFC
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=example.com;
s=50F0EEFE-AB8C-11E2-B7AE-FC2CE654A0ED; t=1366665881;
bh=vJ74cUsPMKlw/MROSXLmZbSV7uGHNQFAGzPZcMjnQPU=;
h=Date:From:To:Message-ID:Subject:MIME-Version:Content-Type;
b=w6XTCY+nnfc/jZCtfA4QO7yIMLX9P6Bzlm+r5BGUUwdFTDtLb0CmrE8eYi+8mLDuR
M3wrGuOfo5U239h4ixp6nnc1Ogj5xb3uIfe9xVOQaXBeIz7yKDFWBiUaMT7FQEqpgU
aGBJ96p8bsxwyuU1L3/uSdyyykHPUapGNoTpH/R0=

Reader's Comments

  1.    

    Hello Mr. Michel Bisson
    I followed every step that you provide on this website. It’s just my email still considered spam by gmail and yahoo. Do you have any suggestions what I should do to my email no longer be considered spam. thank you.

    Reply to this comment
    •    

      Hi, I’ve had the same difficulty with those two providers. First, you can check if every email you send really contains the DKIM headers. What you also need to add is 2 SPF records to the domain in the DNS. SPF1 and SPF2. Search in Internet on how to do that. The other thing is also that if your email server’s IP is been seen once as spamming, they might retain this status for some time before the properly check again. You also have to make sure that your email server’s IP is not listed in the RBL(email servers Black list). You can do a check on your IP by searching the Internet for RBL checking sites. Good luck and please let me know if it helps.

      Reply to this comment
  2.    

    Dear, hello, every time I launch the test I throw a “record no found” probe the key in dkimcore and it’s fine, I’m almost sure that the error I have in my DNS centos 6.9 with bind, is there any way to help me leave the problem, what should I send you to consult and help me find the error? Thank you in advance for your time.

    /opt/zimbra/opendkim/sbin/opendkim-testkey -d example.com -s 0E9F184A-9577-11E1-AD0E-2A2FBBAC6BCB -x /opt/zimbra/conf/opendkim.conf

    – If no result is shown: then the Key is correct.
    – If something is wrong then the following similar message would show up:
    opendkim-testkey: ‘0E9F184A-9577-11E1-AD0E-2A2FBBAC6BCB._domainkey.example.com’ record not found

    Reply to this comment
    •    

      Hi Eowhinn, I’m not quite sure what is your problem. I suspect that you didn’t enter properly the DNS record of the DNS responsible for the domain you want to send from. It has to be a TXT type record.
      Good luck
      Michel

      Reply to this comment

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.

%d bloggers like this: