MailSuite Pro documentation

Configuring DKIM

DKIM is one of the recommended methods to confirm that you're legitimate sender from the specific email domain. DKIM configuration is available in MailSuite Pro. To configure DKIM, you would need to generate public and private keys, this can be done via services like DKIM Generator. But you can also do that manually without relying on third-party services, with the use of OpenSSL as follows:

mkdir -p /opt/afterlogic/etc/ssl-certs
openssl genrsa -out /opt/afterlogic/etc/ssl-certs/dk.key 2048
chown afterlogic:afterlogic -R /opt/afterlogic/etc/ssl-certs
openssl ec -in /opt/afterlogic/etc/ssl-certs/dk.key -pubout -outform der | openssl base64 -A

If you use a third-party service to generate DKIM keys, make sure you place the private key to /opt/afterlogic/etc/ssl-certs/dk.key file and that it can be accessed by afterlogic user.

Regardless of the method used to generate the public key, it needs to be supplied in TXT DNS record of your domain. We assume the selector is called mail, the record you need to create is mail._domainkey.YourDomainName and its value would start with:

v=DKIM1; k=rsa; p=

followed by the output of openssl ec command above; third-party service would usually provide you with the full record value you need to supply.

You will also need to adjust Exim configuration file /etc/exim4/exim4.conf:

DKIM_FILE                       = /opt/afterlogic/etc/ssl-certs/dk.key
DKIM_PRIVATE_KEY                = ${if exists{DKIM_FILE}{DKIM_FILE}{0}}
DKIM_DOMAIN = ${lc:${domain:$h_from:}}
...
remote_smtp:
    driver = smtp
    dkim_domain           = DKIM_DOMAIN
    dkim_selector         = mail
    dkim_private_key      = DKIM_PRIVATE_KEY
    user = afterlogic
    group = afterlogic
    interface = xx.xx.xx.xx

The lines are already there, some may be commented out so be sure to uncomment those and specify selector (again, we assume it's mail but you can pick a different name for it) and the proper external IP - supplying 0.0.0.0 should work as well. To apply changes, restart Exim service with:

service exim4 restart

If you have multiple domains, create DKIM for one of them, and then supply the same DNS TXT record for all the other domains involved.