Configure DKIM for Zimbra mail server 8.8.12

This entry is part 4 of 7 in the series Install Zimbra Mail Server 8.8.12

SystemMen - This article, I will show you how to configure DKIM for Zimbra mail server 8.8.12.

What is DKIM? Why do we have to configure it? And how do we configure DKIM in Zimbra?

How do mail servers block spam?

You have successfully installed Zimbra mail server, but that is not enough. Now, you can email the internal accounts. But you can’t email out external mail servers.

For those who do not know, to avoid spam mail. Mail servers need to confirm some mail server information when it sends mail.

What this means, for example, you use Zimbra mail server to send email to Gmail. Here, Google’s mail server will check some information about your Zimbra mail server.

If it’s eligible, Gmail will allow email to arrive. Conversely, Gmail will block your mail or put it in the Spam folder.

So what is this information? That is DKIM, SPF and DMARC.

In this article, I will only talk about part one — DKIM.

What is DKIM?

We talk about DKIM, so what is DKIM?

According to information from Zimbra, DKIM has the following definition:

DomainKeys Identified Mail (DKIM) lets an organization take responsibility for a message that is in transit. The organization is a handler of the message, either as its originator or as an intermediary. Their reputation is the basis for evaluating whether to trust the message for further handling, such as delivery. Technically DKIM provides a method for validating a domain name identity that is associated with a message through cryptographic authentication

Understand simply. DKIM helps the receiving mail server confirm that the email is fake or not fake.

Spoofing mail domain names to send fake emails is very common, so DKIM as a tool helps mail server to distinguish real mail and fake mail.

DKIM in Zimbra

Since Zimbra 8.0 and later, it has integrated a tool that allows you to register DKIM for your mail domain.

The process is carried out through 2 main steps:

  1. Use zmdkimkeyutil to register DKIM for the mail domain in Zimbra. Information will be stored in LDAP server (if you run multi server).
  2. Update DNS records for mail domains.

Note: We should use zmdkimkeyutility on MTA server (if you use multi server).

Both of these steps are the main content of this article.

Step to configure DKIM for Zimbra mail server 8.8.12

Now, we will proceed to configure DKIM for Zimbra mail server.

Add DKIM data to the new domain

I assume that your Zimbra mail server is new and your mail domain is also new.

First, you need to switch to Zimbra user with the following command.

[root@mail ~]# su zimbra
[zimbra@mail root]$

To add DKIM data to the new domain, run the following command.

[zimbra@mail root]$ /opt/zimbra/libexec/zmdkimkeyutil -a -d

The result of the command will look like this.

[zimbra@mail root]$ /opt/zimbra/libexec/zmdkimkeyutil -a -d
DKIM Data added to LDAP for domain with selector 5FB56121-7BDF-21E9-8459-20D59831E3AB
Public signature to enter into DNS:
5FB56121-7BDF-21E9-8459-20D59831E3AB._domainkey    IN TXT    ( "v=DKIM1; k=rsa; "
     "8JRHYKb+y3X2h/UoZP2rP359U4KLuD12EEL5ewDSRgAbh1FLNgSb4bglGzBRResvq6rSlqNEwuJJz9oD4vg84NnN4uWctncbYFpxF3euyNGydJ3y6UrJoz37a5S5MRgmGV4h9J/wIDAQAB" )  ; ----- DKIM key 5FB56121-7BDF-21E9-8459-20D59831E3AB for

So we have finished step 1 that is registering DKIM for new domain.

The zmdkimkeyutil tool allows you to create, update, query and delete DKIM of a domain in Zimbra. Here I just mentioned creating DKIM, you can see the rest of the features at the DKIM page of Zimbra.

Update DNS record for mail domain

Now we will do the second step, which is to update DKIM for the domain’s public DNS. I’m talking about DNS providers, not your internal DNS.

Go to the domain’s DNS administration page, create a record with the following content.

Host recordTypeValue
5FB56121-7BDF-21E9-8459-20D59831E3AB._domainkeyTXT“v=DKIM1; k=rsa; p=MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAzOxcXN4jDK3h/OIZsLSmSh7HtbVFN3b1bzF5aj9CVgre1Ql025/AC1yO3Y5qsp6+scHDKl5VH8G/v/bKep6efRzINieg+OP3CurGz1mrJNp10jz8Yioe47NM5IIcwDeTuwKtoYRrmGcPRQUjerWkO9NH4w62oOR3vEYgzycQTm7vlVtgfbeH3YnzxeeEN4HwjVHUH8t47CPnGw””8JRHYKb+y3X2h/UoZP2rP359U4KLuD12EEL5ewDSRgAbh1FLNgSb4bglGzBRResvq6rSlqNEwuJJz9oD4vg84NnN4uWctncbYFpxF3euyNGydJ3y6UrJoz37a5S5MRgmGV4h9J/wIDAQAB”

Please look at the result of the zmdkimkeyutil command above. The Host record part is the text that contains ._domainkey.

And the Value section, that is the text immediately after the phrase IN TXT and in brackets (.

You need to convert this text. Remove the double quotes in front of p=


( "v=DKIM1; k=rsa; "


"v=DKIM1; k=rsa; p=MIIBIj....

And remove any spaces that exist within brackets ).

Verify DKIM data

After you have created the DNS record for DKIM of the mail domain, you need to verify that it is correct.

A very useful tool for email system administrators is MXToolbox.

Now go to the DKIM check link and type the following information.

  • Domain Name: just type domain mail domain to this box.
  • Selector: type the key to this box, the key look like 5FB56121-7BDF-21E9-8459-20D59831E3AB. Look at the Host record column above, remove the text phrase ._domainkey and the rest is the key.

configure-dkim-for-zimbra-mail-server-8-8-12-01 Configure DKIM for Zimbra mail server 8.8.12

And the results should be green as image below, which shows that you have successfully set DKIM for your mail domain in Zimbra.

configure-dkim-for-zimbra-mail-server-8-8-12-02 Configure DKIM for Zimbra mail server 8.8.12
Test result show that DKIM has been set up correctly.


So I showed you how to configure DKIM for mail server 8.8.12 successfully. Now you can learn more about DKIM and create data for other domains as well. Next article, I will talk about SPF.

Continue reading the series«« Previous part: Install Zimbra mail server in CentOS 7Next part: Configure SPF for Zimbra mail server 8.8.12 »»

«« »»
One Comment