Difference between revisions of "DKIM"

A simple script to generate the DKIM keys for a domain.

#!/bin/bash

DOMAIN=$1

if [ ! -d /etc/exim/dkim ]
then
    echo "No DKIM directory /etc/exim/dkim"
    exit
fi
cd /etc/exim/dkim 

if [ ! -f $DOMAIN.key ]
then
    echo "Generating private key for $DOMAIN"
    openssl genrsa 4096 > $DOMAIN.key
else
    echo "Private key for $DOMAIN already exists"
fi

if [ ! -f $DOMAIN.pub ]
then
    echo "Generating public key for $DOMAIN"
    openssl rsa -in $DOMAIN.key -pubout > $DOMAIN.pub
else
    echo "Public key for $DOMAIN already exists"
fi

chown root:exim $DOMAIN.key $DOMAIN.pub
chmod 0640 $DOMAIN.key $DOMAIN.pub

echo "TXT record required for $DOMAIN zonefile"
echo ""

./pub2txt.pl $DOMAIN.pub

and the required pub2txt.pl converts a public key into a BIND record for your zone file.

#!/usr/bin/env perl

use strict;
use warnings;

my $f = shift @ARGV || die "Need filename";
my $key = "v=DKIM1; t=y; k=rsa; p=";

open(PUB, "<", $f) or die "Can't open file $f";
while (my $l = <PUB>) {
    chomp $l;
    next if ($l =~ /^----/);
    $key .= $l;
}
close(PUB);

print "s6122._domainkey\tIN\tTXT\t(\n";
print join "\n", map { "\t\"$_\"" } $key =~ m[.{1,64}]g;
print "\n\t)\n";

After creating the DNS record and key files, simply ensure that the domain is configured for generating DKIM signatures - in my config, this involves adding a line to `/etc/exim/dkim/sender_domains` such as:

*@domain.com: domain.com

The first field specifies which From addresses need to be signed and the value is the name of the key file to use in /etc/exim/dkim/