Pages

Saturday, December 7, 2013

How to enable DKIM in cPanel server.

DomainKeys Identified Mail (DKIM) lets an organization take responsibility for a message while it is in transit and one can use this to prevent from getting blacklisted by the free email providers like Yahoo, MSN and Google. DKIM can increase the mail authenticity.

cPanel does not have an interface to enable DKIM like we have for SPF and Domain Keys. cPanel is still working on it for getting it implemented. However we can enable it manually by following the below steps.

Check if exim is compiled with DKIM support enabled.

 [bash]root@server # /usr/sbin/exim -dd 2>&1 | grep Experimental_DKIM[/bash]
    [bash]Support for: crypteq iconv() IPv6 PAM Perl OpenSSL Content_Scanning Old_Demime Experimental_SPF Experimental_SRS
    Experimental_DomainKeys Experimental_DKIM[/bash]

Generate the SSL keys

[bash]cd /usr/local/cpanel/etc/exim[/bash]
[bash]openssl genrsa -out dkim.key 1024[/bash]
[bash]openssl rsa -in dkim.key -out dkim.public -pubout -outform PEM[/bash]

You will find two keys, dkim.key & dkim.public

Open dkim.public and copy the contents excluding the –Begin– and –End– section. This is your DKIM key.  Now open exim configuration file and append the below entries under the section ‘remote_smtp’

Sample file: vi /etc/exim.conf



[bash]remote_smtp:
driver = smtp
#
dkim_domain=your_domain_name.com
dkim_selector=mail
dkim_private_key=/usr/local/cpanel/etc/exim/dkim.key #path to the dkim.key key.
interface = ${if exists {/etc/mailips}{${lookup{$sender_address_domain}lsearch*{/etc/mailips}{$value}{}}}{}}
helo_data = ${if exists {/etc/mailhelo}{${lookup{$sender_address_domain}lsearch*{/etc/mailhelo}{$value}{$primary_hostname}}}
{$primary_hostname}}[/bash]

Now on WHM, open DNS editor for the particular domain and add the TXT entry with DKIM key like below.


[bash]mail._domainkey.domain_name.com. IN TXT "v=DKIM1; g=*; k=rsa;p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDv4PSEM9P
cxlI2tRojAUQ9hpRQ0Zj/XM4SK08/Drhm/CaspJAKZF9rZDAw18TrfuXeRgsMWAdS2vJ4Oa/kXqX0NM2eBJcmasu4GeNXANmXvC1umz+8mC6r
EPlE/Ucau4tmAHOZL0HJ9IDd/PIxoTkeTm3mjGeqvKBLbdvVIDXbcQIDAQAB"[/bash]

Here p=the_key_you_have_copied_from_dkim.public

Restart exim and named services.

[bash]/scripts/restartsrv exim[/bash]

[bash]/scripts/restartsrv named[/bash]

To check whether DKIM is setup properly, send a mail to dkimtest@atmail.org , if setup properly, you will get a reply like below ,else a failure message.

    Subject:    AutoReply from dkimtest@atmail.org

    From:    spftest@your_domain_name.com

    Date:    Saturday, December 07, 2013 1:27 am

    To:    spftest@your_domain_name.com

    *** DKIM TEST SUCCESSFUL ***

    —————————————————–

Or you can also test from http://www.brandonchecketts.com/emailtest.php


Publicado por en
Etiquetas: , ,

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)