Configuring DKIM
DKIM is one of the recommended methods to confirm that you're legitimate sender from the specific email domain. DKIM configuration is available in MailSuite Pro. To configure DKIM, you would need to generate public and private keys, this can be done via services like DKIM Generator. But you can also do that manually without relying on third-party services, with the use of OpenSSL as follows:
mkdir -p /opt/afterlogic/etc/ssl-certs
openssl genrsa -out /opt/afterlogic/etc/ssl-certs/dk.key 2048
chown afterlogic:afterlogic -R /opt/afterlogic/etc/ssl-certs
openssl ec -in /opt/afterlogic/etc/ssl-certs/dk.key -pubout -outform der | openssl base64 -A
If you use a third-party service to generate DKIM keys, make sure you place the private key to /opt/afterlogic/etc/ssl-certs/dk.key
file and that it can be accessed by afterlogic
user.
Regardless of the method used to generate the public key, it needs to be supplied in TXT DNS record of your domain. We assume the selector is called mail
, the record you need to create is mail._domainkey.YourDomainName
and its value would start with:
v=DKIM1; k=rsa; p=
followed by the output of openssl ec
command above; third-party service would usually provide you with the full record value you need to supply.
You will also need to adjust Exim configuration file /etc/exim4/exim4.conf
:
DKIM_FILE = /opt/afterlogic/etc/ssl-certs/dk.key
DKIM_PRIVATE_KEY = ${if exists{DKIM_FILE}{DKIM_FILE}{0}}
DKIM_DOMAIN = ${lc:${domain:$h_from:}}
...
remote_smtp:
driver = smtp
dkim_domain = DKIM_DOMAIN
dkim_selector = mail
dkim_private_key = DKIM_PRIVATE_KEY
user = afterlogic
group = afterlogic
interface = xx.xx.xx.xx
The lines are already there, some may be commented out so be sure to uncomment those and specify selector (again, we assume it's mail
but you can pick a different name for it) and the proper external IP - supplying 0.0.0.0 should work as well. To apply changes, restart Exim service with:
service exim4 restart
If you have multiple domains, create DKIM for one of them, and then supply the same DNS TXT record for all the other domains involved.