Amavis DKIM setup

By | July 1, 2015

Notes

  1. I’m keeping the keys organised by year, this might change in the future
  2. If you omit the 1024 from the genrsa command it’ll generate 1024 keys. Its supplied here now to remind me to upgrade these to 2048 keys when the time is right (at present Easyspace don’t allow you to enter 2048 records – helpful)

Generate key for domain(s)

amavisd genrsa /usr/local/etc/amavisd/dkim/<year>._domainkey.domain.com.key.pem 1024
example

amavisd genrsa /usr/local/etc/amavisd/dkim/2015._domainkey.spectrumcs.net.key.pem 1024

nano amavisd.conf and add something similar to dkim_key(‘domain.com’, ‘2048’, ‘/usr/local/etc/amavisd/dkim/2015/domain.com.key.pem’); and save

example

Run

# amavisd showkeys

to find out how you need to set up the DNS. Command spits out something like

2015._domainkey.spectrumcs.net. 3600 TXT (
 "v=DKIM1; p="
 "MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQC2xPNPTmYuTCkvMIgONUd8vTPe"
 "FM0uJHlVMwxrfdyhFLIWr5C73jpWulyrEmn/3Ujkt8aemSqo2EB90UmEhvt0VVZt"
 "IV2ROLXm/HjJF+eHq617xUKx/f9218sGp+1D3dTMsai7N7Sdxt41WN3SgTlyjSL7"
 "/MifKPUNPKJkGeJV3wIDAQAB")

You need to reformat it a bit for Easyspace….

host :

2015._domainkey.spectrumcs.net.

data :

v=DKIM1; p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQC2xPNPTmYuTCkvMIgONUd8vTPeFM0uJHlVMwxrfdyhFLIWr5C73jpWulyrEmn/3Ujkt8aemSqo2EB90UmEhvt0VVZtIV2ROLXm/HjJF+eHq617xUKx/f9218sGp+1D3dTMsai7N7Sdxt41WN3SgTlyjSL7/MifKPUNPKJkGeJV3wIDAQAB

Once DNS record published you can test by running…

# amavisd testkeys

Assuming amavisd’s test are a pass you can sync configuration accross all servers and restart amavisd-new on all servers.

Finally, perform an external test using either of the following services…

http://dkimvalidator.com/

check-auth@verifier.port25.com