Bootstrap FreeKB - Docker Mailserver (Email) - Enable DKIM (Domain Keys Identified Mail)
Docker Mailserver (Email) - Enable DKIM (Domain Keys Identified Mail)
Updated:   |  Docker Mailserver (Email) articles

DKIM is the abbreviation for Domain Keys Identified Mail and is used to allow senders to authenticate their emails by including a digital signature in the email header. DKIM uses public-key cryptography to verify that an email message was sent from an authorized mail server.

Before you can enable DKIM, you must have installed Docker mailserver and created at least one users email account.

Use the docker inspect command to determine where the /tmp/docker-mailserver directory in the mailserver container is mounted on the Docker system (/usr/local/docker/mailserver/config in this example).

~]$ sudo docker inspect mailserver
/usr/local/docker/mailserver/config:/tmp/docker-mailserver:rw

 

If you have not yet downloaded the setup.sh script, issue the following commands.

wget https://raw.githubusercontent.com/docker-mailserver/docker-mailserver/master/setup.sh
chmod a+x ./setup.sh

 

Issue the following command to enable DKIM 

~]$ ./setup.sh config dkim keysize 2048 domain 'example.com'
Creating DKIM private key /tmp/docker-mailserver/opendkim/keys/example.com/mail.private
Creating DKIM KeyTable
Creating DKIM SigningTable
Creating DKIM TrustedHosts

 

This will create the opendkim directory at /tmp/docker-mailserver/opendkim in the mailserver container.

~]$ sudo docker exec mailserver ls -l /tmp/docker-mailserver/opendkim
-rw-r--r--. 1 root root 86 Mar 28 06:33 KeyTable
-rw-r--r--. 1 root root 40 Mar 28 06:33 SigningTable
-rw-r--r--. 1 root root 20 Mar 28 06:33 TrustedHosts
drwxr-xr-x. 3 root root 24 Mar 28 06:33 keys

 

In this example, since the /tmp/docker-mailserver directory in the container is mounted to /usr/local/docker/mailserver on the Docker host, this will create the opendkim directory at /usr/local/docker/mailserver/config/opendkim on the Docker host.

~]$ ls -l /usr/local/docker/mailserver/config/opendkim/
drwxr-xr-x. 3 root root 24 Mar 28 06:33 keys
-rw-r--r--. 1 root root 86 Mar 28 06:33 KeyTable
-rw-r--r--. 1 root root 40 Mar 28 06:33 SigningTable
-rw-r--r--. 1 root root 20 Mar 28 06:33 TrustedHosts

 

The mail.txt file should contain something like this.

~]$ cat /usr/local/docker/mailserver/config/opendkim/keys/freekb.net/mail.txt
mail._domainkey IN      TXT     ( "v=DKIM1; h=sha256; k=rsa; "
          "p=MIIBIjJDK89vmfjd8d79w0BAQEFAAOCAQ8AMIIBCgKCAQEAwAfFudpVW8ieZDGcPHBgqRo85n3VrM7QCjOGgIokjRroE7ZdRamzHWIBye9kRP/c5emS2YkakdR2r0tc2uPba6IpQb39VOjdBmVLRlTRMffBGRB+Copx5I7dFe2y36k33lv8d2sZjlXZCE8QDYSGI07h5HNjfx+3pHtX2/ldarcmTTqmibx/myc5B+11u0+eXo9PSDFLb9fusdflf"
          "Vmdjv8dhmdT6OYEzMSJKgBWiazCh/R/WHKZU9pn4Lh7r8oH3zCw72AUOneWu5ApdbqH+B4oC/Lfs0rOojGTxuMKTsq1XPZV04dx7+WUdHfH7O2+DjDJvy9J/DmF+x9Ng9U3o7fh48fm98" )  ; ----- DKIM key mail for example.com

 

Update the .zone file in the DNS server to contain the output of the mail.txt file.

 

Confirm DKIM is valid using EasyDMARC DKIM Lookup tool.

The dig command can be used to verify the DNS server has the DKIM TXT.

~]$ dig mail._domainkey.example.com TXT

;; ANSWER SECTION:
mail._domainkey.example.com. 86400 IN    TXT     "v=DKIM1; h=sha256; k=rsa;" "p=MIIBIjJDK89vmfjd8d79w0BAQEFAAOCAQ8AMIIBCgKCAQEAwAfFudpVW8ieZDGcPHBgqRo85n3VrM7QCjOGgIokjRroE7ZdRamzHWIBye9kRP/c5emS2YkakdR2r0tc2uPba6IpQb39VOjdBmVLRlTRMffBGRB+Copx5I7dFe2y36k33lv8d2sZjlXZCE8QDYSGI07h5HNjfx+3pHtX2/ldarcmTTqmibx/myc5B+11u0+eXo9PSDFLb9fusdflf"        "Vmdjv8dhmdT6OYEzMSJKgBWiazCh/R/WHKZU9pn4Lh7r8oH3zCw72AUOneWu5ApdbqH+B4oC/Lfs0rOojGTxuMKTsq1XPZV04dx7+WUdHfH7O2+DjDJvy9J/DmF+x9Ng9U3o7fh48fm98"

 

Restart Docker mailserver.

~]$ sudo docker restart mailserver

 

And the docker logs command should contain opendkim: started.

[ TASKLOG ]  Welcome to docker-mailserver 10.5.0
[ TASKLOG ]  Initializing setup
[ TASKLOG ]  Checking configuration
[ TASKLOG ]  Configuring mail server
Nameservers 172.31.0.2
[ TASKLOG ]  Post-configuration checks
[ TASKLOG ]  Starting daemons & mail server
cron: started
rsyslog: started
dovecot: started
update-check: started
opendkim: started
opendmarc: started
postgrey: started
postfix: started
fail2ban: started
clamav: started
changedetector: started
amavis: started
[ TASKLOG ]  mail.example.com is up and running

 

Did you find this article helpful?

If so, consider buying me a coffee over at Buy Me A Coffee


Comments


Add a Comment


Please enter 2f4f82 in the box below so that we can be sure you are a human.