Adding DKIM record in Zimbra 8.7

-

DomainKeys Identified Mail (DKIM) lets an organization take responsibility for a message that is in transit. The organization is a handler of the message, either as its originator or as an intermediary. Their reputation is the basis for evaluating whether to trust the message for further handling, such as delivery. Technically DKIM provides a method for validating a domain name identity that is associated with a message through cryptographic authentication. 

DKIM signing is done at the domain level, including alias domains. Setting up signing consists of two parts: 

I. Running zmdkimkeyutil to generate the DKIM keys and selector. The generated data is 

stored in the LDAP server as part of the domain LDAP entry. II. Updating the DNS server with the public DNS entry. 

DKIM needs to be generated per domain in the MTA Server, and needs to be configured in the public DNS of each domain. 

Part I: (Adding DKIM in MTA server) 

Step 1: Modify DKIM generator 

a. Edit (as root) script file /opt/zimbra/libexec/zmdkimkeyutil and replace all '2048' occurrences with '1024'. 

This will allow creation of DKIM key with length 1024 and set it as default value. 

vim /opt/zimbra/libexec/zmdkimkeyutil 

replace all 6 "2048" occurrences with "1024" and then save and exit. 

Step 2: Generate a new DKIM, replace example.com with your domain. Please note you'll need to generate a DKIM for each domain 

switch to zimbra user: su - zimbra 

/opt/zimbra/libexec/zmdkimkeyutil -a -d example.com 

Sample output: 

DKIM Data added to LDAP for domain example.com with selector 3DEFB3BC-2CF7-11E7- B322-6C0B1889F934 

Public signature to enter into DNS: 

3DEFB3BC-2CF7-11E7-B322-6C0B1889F934._domainkey IN TXT ( "v=DKIM1; k=rsa;" 

"p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCbKFdF6L7f4Ir+4tXGsMrz7Hw HYsp7S14rmrl64oyltuLU30xMPU+nII+FZZ6OL7zQabncD2uUnb3+vttQbeaW+HtSrgnZ7JTjd 4PAqC4DmX8Ec6Xpe59qCB3TsQH9thDnN4kA/BtkG4GR0jizDjFmXPHYl+vcFDv/ZlFnsvf6 nQIDAQAB" ) ; ----- DKIM key 3DEFB3BC-2CF7-11E7-B322-6C0B1889F934 for example.com 

Step 3: Retrieving the stored DKIM data for your domain - replace example.com with your domain 

as zimbra user run command below; 

/opt/zimbra/libexec/zmdkimkeyutil -q -d example.com 

Sample Output: 

DKIM Domain: 

example.com 

DKIM Selector: 

3DEFB3BC-2CF7-11E7-B322-6C0B1889F934 

DKIM Private Key: 

-----BEGIN RSA PRIVATE KEY----- 

MIICXAIBAAKBgQCbKFdF6L7f4Ir+4tXGsMrz7HwHYsp7S14rmrl64oyltuLU30xM 

PU+nII+FZZ6OL7zQabncD2uUnb3+vttQbeaW+HtSrgnZ7JTjd4PAqC4DmX8Ec6Xp 

e59qCB3TsQH9thDnN4kA/BtkG4GR0jizDjFmXPHYl+vcFDv/ZlFnsvf6nQIDAQAB 

AoGAL4UjdZ3bF+ZFq9r9bmUnQ53iPsDbEvf6V5CDzkcknHxu7JOXYqJEiwNF8a01 

6oZkZdB7xBJU+Kd3UVZTBUcjoA9T0xz97JbTW6bVjMwrgtjEbldBr2KMKIXOVJuY 

vFwjf9lGztBb5KbLL2opjT6rFLke6GX1k6S4/kq2eRUG7GECQQDJi9eCnCsncqXD 

lsyY0KlYVKdVoOPEKIvl/7gw1t7qUNSDdWaw6NUG+8c7nnzLgYNrRLH7H4zbwHK3 

t/ltGatfAkEAxRP6Sr0/fmz/19NmHFGhn3Pw0EU33N15MqlZ64prXDr4uejZkIuR 

zP/yhFOCyD5iBe8/poRbIQ7YpiwA2WhXgwJADr1seH/lZBAtcV2A/xgbmnsudcO7 

hKgWey61kNTWHrrkn+yhIwUUN1uImaKgq91/+ANhJOWMzrGHckpBMqpy7wJADS+u 

AowxEGN4ptc1MNXha4rVZQoMl9GVx2b/ZjwnvM8RT1ceH4bHJaFGd8YirQVHh8Af 

USPv+QFGS7AMCn/pwwJBALNmC6TBwCuixhjJAgqDk0MIUXQ25GvCT3+lWk5ukAdh 

GY2BVy5WYy2ZDLlwWYJCr0/wvf2NYKwT1/WdzeKLBLM= 

-----END RSA PRIVATE KEY----- 

DKIM Public signature: 

3DEFB3BC-2CF7-11E7-B322-6C0B1889F934._domainkey IN TXT ( "v=DKIM1; k=rsa;" 

"p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCbKFdF6L7f4Ir+4tXGsMrz7Hw HYsp7S14rmrl64oyltuLU30xMPU+nII+FZZ6OL7zQabncD2uUnb3+vttQbeaW+HtSrgnZ7JTjd 4PAqC4DmX8Ec6Xpe59qCB3TsQH9thDnN4kA/BtkG4GR0jizDjFmXPHYl+vcFDv/ZlFnsvf6 nQIDAQAB" ) ; ----- DKIM key 3DEFB3BC-2CF7-11E7-B322-6C0B1889F934 for example.com 

DKIM Identity: 

example.com 

Step 4: 

Highlight and copy: 3DEFB3BC-2CF7-11E7-B322-6C0B1889F934._domainkey 

Highlight and copy: v=DKIM1; k=rsa; 

Highlight and copy: p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCbKFdF6L7f4Ir+4tXGsMrz7Hw HYsp7S14rmrl64oyltuLU30xMPU+nII+FZZ6OL7zQabncD2uUnb3+vttQbeaW+HtSrgnZ7JTjd 4PAqC4DmX8Ec6Xpe59qCB3TsQH9thDnN4kA/BtkG4GR0jizDjFmXPHYl+vcFDv/ZlFnsvf6 nQIDAQAB 

Part II: (Add record to public DNS server) 

For cPanel: 

- login to your DNS web portal zone file 

- create new TXT entry 

Name: 3DEFB3BC-2CF7-11E7-B322-6C0B1889F934._domainkey.example.com. 

TTL: 3600 

Type: TXT 

TXT Data: v=DKIM1; k=rsa; p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCbKFdF6L7f4Ir+4tXGsMrz7Hw HYsp7S14rmrl64oyltuLU30xMPU+nII+FZZ6OL7zQabncD2uUnb3+vttQbeaW+HtSrgnZ7JTjd 4PAqC4DmX8Ec6Xpe59qCB3TsQH9thDnN4kA/BtkG4GR0jizDjFmXPHYl+vcFDv/ZlFnsvf6 nQIDAQAB 

Finally, verify the DKIM record from https://mxtoolbox.com/dkim.aspx 

Comments

Post a Comment

Popular posts from this blog

Disabling Zimbra's AntiSpam, Amavis and AntiVirus filtering

-
 Check whether antispam and antivirus service is enabled currently on server using the given command zmprov -l gs <mail.example.com> | egrep -i 'serviceen|servicein'  The above command will list all the services which are currently installed and enabled on the server. Disable the antivirus and antispam services using the given commands zmprov -l ms <mail.example.com> -zimbraServiceEnabled antispam  zmprov -l ms <mail.example.com> -zimbraServiceEnabled amavis zmprov -l ms <mail.example.com> -zimbraServiceEnabled antivirus  Comment the following line in the file /opt/zimbra/postfix/conf/main.cf content_filter = smtp-amavis:[127.0.0.1]:10024  Restart services on server zmcontrol restart  Confirm that the antispam and antivirus services are disabled with the given command zmprov -l gs <mail.example.com> | egrep -i 'serviceen|servicein'  zmcontrol status 
Read more

Cambium cnPilot E400/E410/E500 Configuration Tutorial

-
Image
Basic Connectivity:   Router (Broadband/mikrotik |dhcp enabled) >>> E400/E410/E500 + LAPTOP Cambium (Powered ON) [POE port] >>>> LAPTOP [LAN port] Step 1: Open Cambium controller in the browser. Step 2: After entering in to the site click on the Onboard Device option from Home Tab of Left Panel. Step 3: In the Onboard Option, we will get Claim Device option to adopt a Cambium AP. Step 4: Now we will move to the Cambium AP configuration Part. Below are credentials of default login access of cnpilot E400/E410/E500/E410/E500. IP:192.168.0.1 Command Line Access: Username: admin Telnet: Disabled by default Password: admin SSH: Enabled by default (on standard port: 22) ***We can also use dhcp IP to login to the cnpilot E400/E410/E500. We will get login page. Step 5: We can see several TAB on left panel. On the DashBoard Tab, we will get some overall information. Some are useful for the configuration; some are useful for troubleshoo...
Read more

Error "Unable to retrive Zimbra GPG key for package validation"

-
From the installation log we see: Executing: /tmp/tmp.mSlzRMclVa/gpg.1.sh --keyserver keyserver.ubuntu.com --recv-keys 9BE6ED79 gpg: requesting key 9BE6ED79 from hkp server keyserver.ubuntu.com gpg: keyserver timed out gpg: keyserver receive failed: keyserver error 1. Open port 11371 11371 tcp,udp hkp OpenPGP HTTP Keyserver 2. Force it to use port 80: gpg --keyserver hkp://keyserver.ubuntu.com:80 --recv-keys 9BE6ED79 Ref: https://wiki.zimbra.com/wiki/Error_%22Unable_to_retrive_Zimbra_GPG_key_for_package_validation%22
Read more