SystemMen - This article, I will show you how to configure DKIM for Zimbra mail server 8.8.12.
What is DKIM? Why do we have to configure it? And how do we configure DKIM in Zimbra?
How do mail servers block spam?
You have successfully installed Zimbra mail server, but that is not enough. Now, you can email the internal accounts. But you can’t email out external mail servers.
For those who do not know, to avoid spam mail. Mail servers need to confirm some mail server information when it sends mail.
What this means, for example, you use Zimbra mail server to send email to Gmail. Here, Google’s mail server will check some information about your Zimbra mail server.
If it’s eligible, Gmail will allow email to arrive. Conversely, Gmail will block your mail or put it in the Spam folder.
So what is this information? That is DKIM, SPF and DMARC.
In this article, I will only talk about part one — DKIM.
What is DKIM?
We talk about DKIM, so what is DKIM?
According to information from Zimbra, DKIM has the following definition:
DomainKeys Identified Mail (DKIM) lets an organization take responsibility for a message that is in transit. The organization is a handler of the message, either as its originator or as an intermediary. Their reputation is the basis for evaluating whether to trust the message for further handling, such as delivery. Technically DKIM provides a method for validating a domain name identity that is associated with a message through cryptographic authentication
Understand simply. DKIM helps the receiving mail server confirm that the email is fake or not fake.
Spoofing mail domain names to send fake emails is very common, so DKIM as a tool helps mail server to distinguish real mail and fake mail.
DKIM in Zimbra
Since Zimbra 8.0 and later, it has integrated a tool that allows you to register DKIM for your mail domain.
The process is carried out through 2 main steps:
- Use
zmdkimkeyutilto register DKIM for the mail domain in Zimbra. Information will be stored in LDAP server (if you run multi server). - Update DNS records for mail domains.
Note: We should use zmdkimkeyutility on MTA server (if you use multi server).
Both of these steps are the main content of this article.
Step to configure DKIM for Zimbra mail server 8.8.12
Now, we will proceed to configure DKIM for Zimbra mail server.
Add DKIM data to the new domain
I assume that your Zimbra mail server is new and your mail domain is also new.
First, you need to switch to Zimbra user with the following command.
[root@mail ~]# su zimbra [zimbra@mail root]$
To add DKIM data to the new domain, run the following command.
[zimbra@mail root]$ /opt/zimbra/libexec/zmdkimkeyutil -a -d yourdomain.com
The result of the command will look like this.
[zimbra@mail root]$ /opt/zimbra/libexec/zmdkimkeyutil -a -d yourdomain.com
DKIM Data added to LDAP for domain yourdomain.com with selector 5FB56121-7BDF-21E9-8459-20D59831E3AB
Public signature to enter into DNS:
5FB56121-7BDF-21E9-8459-20D59831E3AB._domainkey IN TXT ( "v=DKIM1; k=rsa; "
"p=MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAzOxcXN4jDK3h/OIZsLSmSh7HtbVFN3b1bzF5aj9CVgre1Ql025/AC1yO3Y5qsp6+scHDKl5VH8G/v/bKep6efRzINieg+OP3CurGz1mrJNp10jz8Yioe47NM5IIcwDeTuwKtoYRrmGcPRQUjerWkO9NH4w62oOR3vEYgzycQTm7vlVtgfbeH3YnzxeeEN4HwjVHUH8t47CPnGw"
"8JRHYKb+y3X2h/UoZP2rP359U4KLuD12EEL5ewDSRgAbh1FLNgSb4bglGzBRResvq6rSlqNEwuJJz9oD4vg84NnN4uWctncbYFpxF3euyNGydJ3y6UrJoz37a5S5MRgmGV4h9J/wIDAQAB" ) ; ----- DKIM key 5FB56121-7BDF-21E9-8459-20D59831E3AB for yourdomain.com
So we have finished step 1 that is registering DKIM for new domain.
The zmdkimkeyutil tool allows you to create, update, query and delete DKIM of a domain in Zimbra. Here I just mentioned creating DKIM, you can see the rest of the features at the DKIM page of Zimbra.
Update DNS record for mail domain
Now we will do the second step, which is to update DKIM for the domain’s public DNS. I’m talking about DNS providers, not your internal DNS.
Go to the domain’s DNS administration page, create a record with the following content.
| Host record | Type | Value |
| 5FB56121-7BDF-21E9-8459-20D59831E3AB._domainkey | TXT | “v=DKIM1; k=rsa; p=MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAzOxcXN4jDK3h/OIZsLSmSh7HtbVFN3b1bzF5aj9CVgre1Ql025/AC1yO3Y5qsp6+scHDKl5VH8G/v/bKep6efRzINieg+OP3CurGz1mrJNp10jz8Yioe47NM5IIcwDeTuwKtoYRrmGcPRQUjerWkO9NH4w62oOR3vEYgzycQTm7vlVtgfbeH3YnzxeeEN4HwjVHUH8t47CPnGw””8JRHYKb+y3X2h/UoZP2rP359U4KLuD12EEL5ewDSRgAbh1FLNgSb4bglGzBRResvq6rSlqNEwuJJz9oD4vg84NnN4uWctncbYFpxF3euyNGydJ3y6UrJoz37a5S5MRgmGV4h9J/wIDAQAB” |
Please look at the result of the zmdkimkeyutil command above. The Host record part is the text that contains ._domainkey.
And the Value section, that is the text immediately after the phrase IN TXT and in brackets (.
You need to convert this text. Remove the double quotes in front of p=
From:
( "v=DKIM1; k=rsa; "
"p=MIIBIj....
To:
"v=DKIM1; k=rsa; p=MIIBIj....
And remove any spaces that exist within brackets ).
Verify DKIM data
After you have created the DNS record for DKIM of the mail domain, you need to verify that it is correct.
A very useful tool for email system administrators is MXToolbox.
Now go to the DKIM check link and type the following information.
- Domain Name: just type domain mail domain to this box.
- Selector: type the key to this box, the key look like
5FB56121-7BDF-21E9-8459-20D59831E3AB. Look at theHost recordcolumn above, remove the text phrase._domainkeyand the rest is the key.
And the results should be green as image below, which shows that you have successfully set DKIM for your mail domain in Zimbra.
Conclusion
So I showed you how to configure DKIM for mail server 8.8.12 successfully. Now you can learn more about DKIM and create data for other domains as well. Next article, I will talk about SPF.
«« Install Zimbra mail server in CentOS 7Configure SPF for Zimbra mail server 8.8.12 »»
Hi Danie,
Thanks for the post. It very simple.
I configured the DKIM key but all emails not signing the DKIM key. Is there any service or settings that needs to be change/restart ?