How To Configure Zimbra DKIM to Sign Outgoing Emails? | Zimbra

Document
Alert! This article is written for Zimbra OSE users. As of December 2023, Synacor will no longer be providing support for Zimbra OSE. You might want to consider trying out Carbonio Community Edition – Zextras’s free and open-source email and collaboration platform.

For additional guidance, check out our community articles detailing the process of migrating from your current platform to Carbonio CE.

For enterprise-level requirements and advanced features, consider checking out Zextras Carbonio – the all-in-one private digital workplace designed for digital sovereignty trusted by the public sector, telcos, and regulated industries.

DKIM or DomainKeys Identified Mail is an email authentication method that tries to identify email spoofing attempts (creation of email messages with a forged sender address). DKIM enables you as the receiver of the email to verify that an email claiming to be from a specific domain is actually authorized by the owner of that domain. It is done with the help of a digital signature, tied to a domain name, for each sent email. This can be verified by looking up the sender’s public key published in the DNS.

In Zimbra, DKIM can be used both to check incoming emails and to sign outgoing emails. This guide shows you how to configure Zimbra to sign outgoing emails using DKIM.

How to Configure DKIM for Signing Outgoing Emails

Configuring DKIM for signing outgoing emails will increase the reputation of your emails since the receiving server would be able to verify your email DKIM record. In this section, we configure the OpenDKIM to sign outgoing emails.

To set up DKIM for signing outgoing emails, you need first to obtain the DKIM data then add them to your DNS.

1. Obtain your DKIM data

If your domain does not currently have DKIM enabled, you can add DKIM data with

/opt/zimbra/libexec/zmdkimkeyutil -a -d example.com

If your domain currently have DKIM enabled, you can update DKIM data with

DKIM Data added to LDAP for domain example.com with selector 0E9F184A-9577-11E1-AD0E-2A2FBBAC6BCB
 Public key to enter into DNS:
 0E9F184A-9577-11E1-AD0E-2A2FBBAC6BCB._domainkey IN TXT "v=DKIM1;k=rsa;
 p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDY5CBg15nZ2vYnRmrNub6Jn6ghQ2DXQbQgOJ/E5IGziUYEuE2OnxkBm1h3jived21uHjpNy0naOZjLj0xLyyjclVy1chrhSbsGAhe8HLXUsdXyfRvNTq8NWLsUnMEsoomtJCJ
 /6LYWYU1whOQ9oKZVAwWHSovAWZpByqNMZmFg7QIDAQAB" ; ----- DKIM 0E9F184A-9577-11E1-AD0E-2A2FBBAC6BCB for example.com

You will need these data

  • The Selector which is the string before ._domainkey, in my case 0E9F184A-9577-11E1-AD0E-2A2FBBAC6BCB,
  • The Version which is indicated with v= in my case v=DKIM1,
  • The Key type which is indicated with k= in my case k=rsa,
  • The Public key which is indicated with p= in my case p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDY5CBg15nZ2vYnRmrNub6Jn6ghQ2DXQbQgOJ/E5IGziUYEuE2OnxkBm1h3jived21uHjpNy0naOZjLj0xLyyjclVy1chrhSbsGAhe8HLXUsdXyfRvNTq8NWLsUnMEsoomtJCJ/6LYWYU1whOQ9oKZVAwWHSovAWZpByqNMZmFg7QIDAQAB

2. Add your DKIM data to the DNS

  • Access your DNS provider, for example, GoDaddy, Network Solutions, etc.
  • Access your DNS Management or something like name server management.
  • Add a new TXT entry.
  • Set the Record Type to TXT.
  • Insert your selector with ._domainkey like yourSelector._domainkey in the Hostname field.
  • Insert your version, key type, and public key separated by ; in the form of v=...;k=...;p=... in the TXT Value field.
  • Assign the Time to Live (TTL), for example, let’s use 3600s.
  • Save the entry.

How to Verify Your Outgoing Emails DKIM Signature

The next step would be testing your DKIM to see if it works. To do so, please see How to Verify Your DKIM Signature.

Download Zextras Suite for Zimbra OSE

Comments

correoweb
08/06/2023

In my CARBONIO installation I can't create the DKIM record, the server responds "zmdkimkeyutil: command not found" or ~ zextras@mail:~$ /opt/zextras/libexcec/zmdkimkeyutil -a -d mail.serversweb.net -bash: /opt/zextras/libexcec/zmdkimkeyutil: No such file or directory ~ I can't find help anywhere...

Md. Shariful Islam
08/07/2023

Hi, There is a typo in your command (specifically libexec). Use: /opt/zextras/libexec/zmdkimkeyutil Hope it helps. 🙂

Post your comment

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Email Protection Routines | Zimbra
How To Configure Zimbra DKIM to Check Incoming Emails? | Zimbra