BIND: Setup DMKI: Difference between revisions
From OnnoCenterWiki
Jump to navigationJump to search
Onnowpurbo (talk | contribs) No edit summary |
Onnowpurbo (talk | contribs) No edit summary |
||
| (One intermediate revision by the same user not shown) | |||
| Line 3: | Line 3: | ||
First, your create a key pair with openssl: | First, your create a key pair with openssl: | ||
openssl genrsa -out private.key 1024 | openssl genrsa -out private.key 1024 | ||
openssl rsa -in private.key -pubout -out public.key | openssl rsa -in private.key -pubout -out public.key | ||
Your public key looks now like: | Your public key looks now like: | ||
-----BEGIN PUBLIC KEY----- | -----BEGIN PUBLIC KEY----- | ||
MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDfA14QIpOjnPT8sN/uLc8aoUpM | |||
PJQS47UYyn0+VhcTACZuxEMxCKBatAdOMFcNxlqPsXxjxPH1o/A9fOZJ8Uf+Ff2n | |||
3ODOhk9VYU45at9b1GyMtoNR5kSRLZX+V7FGlOEcoDiG0Ixmb2c6NBV+e221IWyb | |||
5MIBp3vDiipAJNTO1wIDAQAB | |||
-----END PUBLIC KEY----- | -----END PUBLIC KEY----- | ||
Now you convert this output to one single line: | Now you convert this output to one single line: | ||
MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDfA14QIpOjnPT8sN/uLc8aoUpMPJQS47UYyn0+VhcTACZuxEMxCKBatAdOMFcNxlqPsXxjxPH1o/A9fOZJ8Uf+Ff2n3ODOhk9VYU45at9b1GyMtoNR5kSRLZX+V7FGlOEcoDiG0Ixmb2c6NBV+e221IWyb5MIBp3vDiipAJNTO1wIDAQAB | |||
This line you will use as public key in your DNS record. | This line you will use as public key in your DNS record. | ||
| Line 23: | Line 27: | ||
Next, add two txt records like | Next, add two txt records like | ||
_domainkey.domain.com IN TXT o= | _domainkey.domain.com IN TXT o=~;r=postmaster@domain.com | ||
selector._domainkey.domain.com IN TXT v=DKIM1;k=rsa;p=<public key> | selector._domainkey.domain.com IN TXT v=DKIM1;k=rsa;p=<public key> | ||
Latest revision as of 11:09, 28 April 2019
Adding a DKIM record to your DNS is quite simple.
First, your create a key pair with openssl:
openssl genrsa -out private.key 1024 openssl rsa -in private.key -pubout -out public.key
Your public key looks now like:
-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDfA14QIpOjnPT8sN/uLc8aoUpM PJQS47UYyn0+VhcTACZuxEMxCKBatAdOMFcNxlqPsXxjxPH1o/A9fOZJ8Uf+Ff2n 3ODOhk9VYU45at9b1GyMtoNR5kSRLZX+V7FGlOEcoDiG0Ixmb2c6NBV+e221IWyb 5MIBp3vDiipAJNTO1wIDAQAB -----END PUBLIC KEY-----
Now you convert this output to one single line:
MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDfA14QIpOjnPT8sN/uLc8aoUpMPJQS47UYyn0+VhcTACZuxEMxCKBatAdOMFcNxlqPsXxjxPH1o/A9fOZJ8Uf+Ff2n3ODOhk9VYU45at9b1GyMtoNR5kSRLZX+V7FGlOEcoDiG0Ixmb2c6NBV+e221IWyb5MIBp3vDiipAJNTO1wIDAQAB
This line you will use as public key in your DNS record.
Next, add two txt records like
_domainkey.domain.com IN TXT o=~;r=postmaster@domain.com selector._domainkey.domain.com IN TXT v=DKIM1;k=rsa;p=<public key>
Which means:
o=~ the server signs some mail o=- all mail is signed, but unsigned mail should be accepted o=! all mail is signed, do not accept unsigned mail t=y I’m still testing v=DKIM1 we use DKIM version 1 k=rsa it is a RSA key r=<x@xx> report problems to this email address p=<public key> this is the generated public key
Do not use keys with length other than 1024. 512 is too short and 2048 will give you problems with most DNS servers.
