Configure DKIM for Zimbra mail server 8.8.12

by Daniel Pham
Published: Updated:
This entry is part 4 of 7 in the series Install Zimbra Mail Server 8.8.12

This article, I will show you how to configure DKIM for Zimbra mail server 8.8.12.

What is DKIM? Why do we have to configure it? And how do we configure DKIM in Zimbra?

How do mail servers block spam?

You have successfully installed Zimbra mail server, but that is not enough. Now, you can email the internal accounts. But you can’t email out external mail servers.

For those who do not know, to avoid spam mail. Mail servers need to confirm some mail server information when it sends mail.

What this means, for example, you use Zimbra mail server to send email to Gmail. Here, Google’s mail server will check some information about your Zimbra mail server.

If it’s eligible, Gmail will allow email to arrive. Conversely, Gmail will block your mail or put it in the Spam folder.

So what is this information? That is DKIM, SPF and DMARC.

In this article, I will only talk about part one – DKIM.

What is DKIM?

We talk about DKIM, so what is DKIM?

According to information from Zimbra, DKIM has the following definition:

DomainKeys Identified Mail (DKIM) lets an organization take responsibility for a message that is in transit. The organization is a handler of the message, either as its originator or as an intermediary. Their reputation is the basis for evaluating whether to trust the message for further handling, such as delivery. Technically DKIM provides a method for validating a domain name identity that is associated with a message through cryptographic authentication

Understand simply. DKIM helps the receiving mail server confirm that the email is fake or not fake.

Spoofing mail domain names to send fake emails is very common, so DKIM as a tool helps mail server to distinguish real mail and fake mail.

DKIM in Zimbra

Since Zimbra 8.0 and later, it has integrated a tool that allows you to register DKIM for your mail domain.

The process is carried out through 2 main steps:

  1. Use zmdkimkeyutil to register DKIM for the mail domain in Zimbra. Information will be stored in LDAP server (if you run multi server).
  2. Update DNS records for mail domains.

Note: We should use zmdkimkeyutility on MTA server (if you use multi server).

Both of these steps are the main content of this article.

Step to configure DKIM for Zimbra mail server 8.8.12

Now, we will proceed to configure DKIM for Zimbra mail server.

Add DKIM data to the new domain

I assume that your Zimbra mail server is new and your mail domain is also new.

First, you need to switch to Zimbra user with the following command.

[root@mail ~]# su zimbra
[zimbra@mail root]$

To add DKIM data to the new domain, run the following command.

[zimbra@mail root]$ /opt/zimbra/libexec/zmdkimkeyutil -a -d yourdomain.com

The result of the command will look like this.

[zimbra@mail root]$ /opt/zimbra/libexec/zmdkimkeyutil -a -d yourdomain.com
DKIM Data added to LDAP for domain yourdomain.com with selector 5FB56121-7BDF-21E9-8459-20D59831E3AB
Public signature to enter into DNS:
5FB56121-7BDF-21E9-8459-20D59831E3AB._domainkey    IN TXT    ( "v=DKIM1; k=rsa; "
     "p=MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAzOxcXN4jDK3h/OIZsLSmSh7HtbVFN3b1bzF5aj9CVgre1Ql025/AC1yO3Y5qsp6+scHDKl5VH8G/v/bKep6efRzINieg+OP3CurGz1mrJNp10jz8Yioe47NM5IIcwDeTuwKtoYRrmGcPRQUjerWkO9NH4w62oOR3vEYgzycQTm7vlVtgfbeH3YnzxeeEN4HwjVHUH8t47CPnGw"
     "8JRHYKb+y3X2h/UoZP2rP359U4KLuD12EEL5ewDSRgAbh1FLNgSb4bglGzBRResvq6rSlqNEwuJJz9oD4vg84NnN4uWctncbYFpxF3euyNGydJ3y6UrJoz37a5S5MRgmGV4h9J/wIDAQAB" )  ; ----- DKIM key 5FB56121-7BDF-21E9-8459-20D59831E3AB for yourdomain.com

So we have finished step 1 that is registering DKIM for new domain.

The zmdkimkeyutil tool allows you to create, update, query and delete DKIM of a domain in Zimbra. Here I just mentioned creating DKIM, you can see the rest of the features at the DKIM page of Zimbra.

Update DNS record for mail domain

Now we will do the second step, which is to update DKIM for the domain’s public DNS. I’m talking about DNS providers, not your internal DNS.

Go to the domain’s DNS administration page, create a record with the following content.

Host recordTypeValue
5FB56121-7BDF-21E9-8459-20D59831E3AB._domainkeyTXT“v=DKIM1; k=rsa; p=MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAzOxcXN4jDK3h/OIZsLSmSh7HtbVFN3b1bzF5aj9CVgre1Ql025/AC1yO3Y5qsp6+scHDKl5VH8G/v/bKep6efRzINieg+OP3CurGz1mrJNp10jz8Yioe47NM5IIcwDeTuwKtoYRrmGcPRQUjerWkO9NH4w62oOR3vEYgzycQTm7vlVtgfbeH3YnzxeeEN4HwjVHUH8t47CPnGw””8JRHYKb+y3X2h/UoZP2rP359U4KLuD12EEL5ewDSRgAbh1FLNgSb4bglGzBRResvq6rSlqNEwuJJz9oD4vg84NnN4uWctncbYFpxF3euyNGydJ3y6UrJoz37a5S5MRgmGV4h9J/wIDAQAB”

Please look at the result of the zmdkimkeyutil command above. The Host record part is the text that contains ._domainkey.

And the Value section, that is the text immediately after the phrase IN TXT and in brackets (.

You need to convert this text. Remove the double quotes in front of p=

From:

( "v=DKIM1; k=rsa; "
     "p=MIIBIj....

To:

"v=DKIM1; k=rsa; p=MIIBIj....

And remove any spaces that exist within brackets ).

Verify DKIM data

After you have created the DNS record for DKIM of the mail domain, you need to verify that it is correct.

A very useful tool for email system administrators is MXToolbox.

Now go to the DKIM check link and type the following information.

  • Domain Name: just type domain mail domain to this box.
  • Selector: type the key to this box, the key look like 5FB56121-7BDF-21E9-8459-20D59831E3AB. Look at the Host record column above, remove the text phrase ._domainkey and the rest is the key.
use mxtoolbox to verify dkim data of a domain

And the results should be green as image below, which shows that you have successfully set DKIM for your mail domain in Zimbra.

test result show that DKIM has been set up correctly
Test result show that DKIM has been set up correctly.

Conclusion

So I showed you how to configure DKIM for mail server 8.8.12 successfully. Now you can learn more about DKIM and create data for other domains as well. Next article, I will talk about SPF.

(This is an article from my old blog that has been inactive for a long time, I don’t want to throw it away so I will keep it and hope it helps someone).

0 0 votes
Article Rating
Series Navigation«« Previous part: Install Zimbra mail server in CentOS 7Next part: Configure SPF for Zimbra mail server 8.8.12 »»

You may also like

Subscribe
Notify of
guest
1 Comment
Newest
Oldest Most Voted
Inline Feedbacks
View all comments
ritz
ritz
Guest
4 years ago

Hi Danie,
Thanks for the post. It very simple.
I configured the DKIM key but all emails not signing the DKIM key. Is there any service or settings that needs to be change/restart ?

DevOps Lite is a personal blog specializing in technology with main topics about DevOps, DevSecOps, SRE and System Administrator. Articles are shared for free and contributed to the community.

SUPPORT US

FOLLOW US

Subscribe my Newsletter for new blog posts. Stay updated from your inbox!

© 2021-2024 DevOpsLite.com – All rights reserved.

Please write sources “DevOpsLite.com” when using articles from this website.

This website uses cookies to improve your experience. We'll assume you're ok with this, but you can opt-out if you wish. Accept Read More

2
0
Would love your thoughts, please comment.x
()
x

Adblock Detected

Please support us by disabling your AdBlocker extension from your browsers for our website.