DKIM Signing with Amavis

Discussion in 'General' started by tal56, Aug 5, 2017.

  1. tal56

    tal56 Member

    Hi guys. Hope someone with better understanding of amavis and dkim can help me out.
    I have have amavis installed, however it does not seem to be dkim signing the outgoing emails from my hosted domains. I really only have 2 right now, but they run forums that send out mail using phpmail().

    I'm not sure if it's cuz I don't have a key installed, as when I do showkeys this is my output :
    [email protected]:~# amavisd-new showkeys
    No DKIM private keys declared in a config file.
    If this is the likely issue, how can I generate a key for dkim?
    I have found this :
    $ amavisd genrsa /var/db/dkim/example-foo.key.pem
    But wasn't sure which is the best folder to install the new key. As there may be one specific for Ispconfig.

    This is the DKIM portion of my /etc/amavis/conf.d/50-user file
    # DKIM
    $enable_dkim_verification = 1;
    $enable_dkim_signing = 1; # load DKIM signing code
    $signed_header_fields{'received'} = 0;  # turn off signing of Received
    @dkim_signature_options_bysender_maps = (
    { '.' => { ttl => 21*24*3600, c => 'relaxed/simple' } } );
    Or also I'm not sure if NOT running my own nameserver is an issue, as I use Enom name servers and just set the "a" record to my server ip address. Would this affect it?

    I am Running newest Debian 8 with all updates and newest Ispconfig.

    Thanks for any help or suggestions.
  2. florian030

    florian030 ISPConfig Developer ISPConfig Developer

    Do not change anything in amavis. Just enable DKIM for a maildomain and publish the generated public-key
  3. tal56

    tal56 Member

    Thanks for replying florian030, appreciate it. It was exactly as you said, and I just didn't know that step was necessary since I was able to send emails without having the maildomain setup.

    For future reference for anyone else that may find this from search, I created the mail domain and dkim as florian030 says, but since I'm using an external nameserver, I had to go to my registar and add a new text record with host of "default._domainkey" type "txt" and the address box "<my domain key>". Which my domain key is dns record from ispconfig starting at the "v=DKIM1...

    Hope that can help someone in the future, and thanks again florian030.

Share This Page