For additional guidance, check out our community articles detailing the process of migrating from your current platform to Carbonio CE.
For enterprise-level requirements and advanced features, consider checking out Zextras Carbonio – the all-in-one private digital workplace designed for digital sovereignty trusted by the public sector, telcos, and regulated industries.
DKIM or DomainKeys Identified Mail is an email authentication method that tries to identify email spoofing attempts (creation of email messages with a forged sender address). DKIM enables you as the receiver of the email to verify that an email claiming to be from a specific domain is actually authorized by the owner of that domain. It is done with the help of a digital signature, tied to a domain name, for each sent email. This can be verified by looking up the sender’s public key published in the DNS.
In Zimbra, DKIM can be used both to check incoming emails and to sign outgoing emails. This guide shows you how to configure Zimbra to sign outgoing emails using DKIM.
How to Configure DKIM for Signing Outgoing Emails
Configuring DKIM for signing outgoing emails will increase the reputation of your emails since the receiving server would be able to verify your email DKIM record. In this section, we configure the OpenDKIM to sign outgoing emails.
To set up DKIM for signing outgoing emails, you need first to obtain the DKIM data then add them to your DNS.
1. Obtain your DKIM data
If your domain does not currently have DKIM enabled, you can add DKIM data with
/opt/zimbra/libexec/zmdkimkeyutil -a -d example.com
If your domain currently have DKIM enabled, you can update DKIM data with
DKIM Data added to LDAP for domain example.com with selector 0E9F184A-9577-11E1-AD0E-2A2FBBAC6BCB
Public key to enter into DNS:
0E9F184A-9577-11E1-AD0E-2A2FBBAC6BCB._domainkey IN TXT "v=DKIM1;k=rsa;
p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDY5CBg15nZ2vYnRmrNub6Jn6ghQ2DXQbQgOJ/E5IGziUYEuE2OnxkBm1h3jived21uHjpNy0naOZjLj0xLyyjclVy1chrhSbsGAhe8HLXUsdXyfRvNTq8NWLsUnMEsoomtJCJ
/6LYWYU1whOQ9oKZVAwWHSovAWZpByqNMZmFg7QIDAQAB" ; ----- DKIM 0E9F184A-9577-11E1-AD0E-2A2FBBAC6BCB for example.com
You will need these data
- The Selector which is the string before
._domainkey
, in my case0E9F184A-9577-11E1-AD0E-2A2FBBAC6BCB
, - The Version which is indicated with
v=
in my casev=DKIM1
, - The Key type which is indicated with
k=
in my casek=rsa
, - The Public key which is indicated with
p=
in my casep=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDY5CBg15nZ2vYnRmrNub6Jn6ghQ2DXQbQgOJ/E5IGziUYEuE2OnxkBm1h3jived21uHjpNy0naOZjLj0xLyyjclVy1chrhSbsGAhe8HLXUsdXyfRvNTq8NWLsUnMEsoomtJCJ/6LYWYU1whOQ9oKZVAwWHSovAWZpByqNMZmFg7QIDAQAB
2. Add your DKIM data to the DNS
- Access your DNS provider, for example, GoDaddy, Network Solutions, etc.
- Access your DNS Management or something like name server management.
- Add a new TXT entry.
- Set the Record Type to TXT.
- Insert your selector with ._domainkey like
yourSelector._domainkey
in the Hostname field. - Insert your version, key type, and public key separated by
;
in the form ofv=...;k=...;p=...
in the TXT Value field. - Assign the Time to Live (TTL), for example, let’s use 3600s.
- Save the entry.
How to Verify Your Outgoing Emails DKIM Signature
The next step would be testing your DKIM to see if it works. To do so, please see How to Verify Your DKIM Signature.
Comments
In my CARBONIO installation I can't create the DKIM record, the server responds "zmdkimkeyutil: command not found" or ~ zextras@mail:~$ /opt/zextras/libexcec/zmdkimkeyutil -a -d mail.serversweb.net -bash: /opt/zextras/libexcec/zmdkimkeyutil: No such file or directory ~ I can't find help anywhere...
Hi, There is a typo in your command (specifically libexec). Use: /opt/zextras/libexec/zmdkimkeyutil Hope it helps. 🙂