How To Configure Zimbra DKIM to Sign Outgoing Emails? | Zimbra

Alert! This article is written for Zimbra OSE users. As of December 2023, Synacor will no longer be providing support for Zimbra OSE. You might want to consider trying out Carbonio Community Edition – Zextras’s free and open-source email and collaboration platform.

For additional guidance, check out our community articles detailing the process of migrating from your current platform to Carbonio CE.

DKIM or DomainKeys Identified Mail is an email authentication method that tries to identify email spoofing attempts (creation of email messages with a forged sender address). DKIM enables you as the receiver of the email to verify that an email claiming to be from a specific domain is actually authorized by the owner of that domain. It is done with the help of a digital signature, tied to a domain name, for each sent email. This can be verified by looking up the sender’s public key published in the DNS.

In Zimbra, DKIM can be used both to check incoming emails and to sign outgoing emails. This guide shows you how to configure Zimbra to sign outgoing emails using DKIM.

How to Configure DKIM for Signing Outgoing Emails

Configuring DKIM for signing outgoing emails will increase the reputation of your emails since the receiving server would be able to verify your email DKIM record. In this section, we configure the OpenDKIM to sign outgoing emails.

To set up DKIM for signing outgoing emails, you need first to obtain the DKIM data then add them to your DNS.

1. Obtain your DKIM data

If your domain does not currently have DKIM enabled, you can add DKIM data with

/opt/zimbra/libexec/zmdkimkeyutil -a -d

If your domain currently have DKIM enabled, you can update DKIM data with

DKIM Data added to LDAP for domain with selector 0E9F184A-9577-11E1-AD0E-2A2FBBAC6BCB
 Public key to enter into DNS:
 0E9F184A-9577-11E1-AD0E-2A2FBBAC6BCB._domainkey IN TXT "v=DKIM1;k=rsa;
 /6LYWYU1whOQ9oKZVAwWHSovAWZpByqNMZmFg7QIDAQAB" ; ----- DKIM 0E9F184A-9577-11E1-AD0E-2A2FBBAC6BCB for

You will need these data

  • The Selector which is the string before ._domainkey, in my case 0E9F184A-9577-11E1-AD0E-2A2FBBAC6BCB,
  • The Version which is indicated with v= in my case v=DKIM1,
  • The Key type which is indicated with k= in my case k=rsa,
  • The Public key which is indicated with p= in my case p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDY5CBg15nZ2vYnRmrNub6Jn6ghQ2DXQbQgOJ/E5IGziUYEuE2OnxkBm1h3jived21uHjpNy0naOZjLj0xLyyjclVy1chrhSbsGAhe8HLXUsdXyfRvNTq8NWLsUnMEsoomtJCJ/6LYWYU1whOQ9oKZVAwWHSovAWZpByqNMZmFg7QIDAQAB

2. Add your DKIM data to the DNS

  • Access your DNS provider, for example, GoDaddy, Network Solutions, etc.
  • Access your DNS Management or something like name server management.
  • Add a new TXT entry.
  • Set the Record Type to TXT.
  • Insert your selector with ._domainkey like yourSelector._domainkey in the Hostname field.
  • Insert your version, key type, and public key separated by ; in the form of v=...;k=...;p=... in the TXT Value field.
  • Assign the Time to Live (TTL), for example, let’s use 3600s.
  • Save the entry.

How to Verify Your Outgoing Emails DKIM Signature

The next step would be testing your DKIM to see if it works. To do so, please see How to Verify Your DKIM Signature.

Download Zextras Suite for Zimbra OSE



In my CARBONIO installation I can't create the DKIM record, the server responds "zmdkimkeyutil: command not found" or ~ zextras@mail:~$ /opt/zextras/libexcec/zmdkimkeyutil -a -d -bash: /opt/zextras/libexcec/zmdkimkeyutil: No such file or directory ~ I can't find help anywhere...

Md. Shariful Islam

Hi, There is a typo in your command (specifically libexec). Use: /opt/zextras/libexec/zmdkimkeyutil Hope it helps. 🙂

Post your comment

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Email Protection Routines | Zimbra
How To Configure Zimbra DKIM to Check Incoming Emails? | Zimbra