DKIM stands for DomainKey Identified Mail. It is useful to help reduce the probability that your mail is going to be tagged as spam. DKIM is currently used by many email provider like Google and YAhoo. See www.dkim.org for more information.
DKIM is not included with Zimbra. But since Zimbra use Postfix , it’s rather simple to enable it.
Here how I have done it :
First, install the RPM (replace i386 with x86_64 if you are running on a 64 bits OS) :
#rpm -ivh http://www.topdog-software.com/oss/dkim-milter/dkim-milter-2.8.3-1.i386.rpm
Generate our key :
#dkim-genkey -b 1024 -d example.com -s default
Make sure that we have the rights permissions :
#chown dkim-milt *
#chmod 600 *
Add the following lines at the end of /etc/dkim-filter.conf :
In the same file, make sure the follwing line is commented (that line could be used if you have multiple domain):
Add the following line in /etc/mail/dkim/trusted-hosts (This will make sure that outgoing mail are tagged with DKIM headers):
Start DKIM and make sure it will be started on next reboot :
#chkconfig dkim-milter on
In the previously generated file/etc/dkim-filter/default.txt, you have the entry that you have to add to your DNS server :
default._domainkey IN TXT « v=DKIM1; g=*; k=rsa; p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDY7Lgaeyh6uoRGTOlZI0+5psR2GXB8pUUhsy8M94miy8qnk1nZHvQd+vfo+rfRxdgD4muBDMPOo5yPlcnIRb1uI4g+r0Ztz07KSKvw6PpEyCTqB97n69UFvnnDNcnoJlmhLSivxGGS7qPU1KgD3OCsKYiB4ONuTuWShfueiZPDdQIDAQAB » ; —– DKIM default for example.com
Depending on where your DNS is hosted, you can simply add that line in your DNS config files or see this document on how to do that with different providers.
The final step is to tell Postfix to use DKIM :
Add or replace the following lines in /opt/zimbra/postfix/conf/master.cf.in
Finally, restart Zimbra MTA so that the change take effect :
# su – zimbra
If you want to test that everything is correctly setup, send an email to « firstname.lastname@example.org », you shoul get an email within a few minutes with the following line :
DKIM Signature validation: pass (1024-bit key)
Once you get that, everthing is working as expected!
The following setup has been tested on CentOS 5.4 and Zimbra 5.0.16 but it should also work with Zimbra 6.x.
Update (July 24 2010) :
Here are a few more tipts to troubleshoot your DKIM installation :
Make sur your outgoing mail are being tagged, everytime a mail is sent there should be a line like this in your /var/log/zimbra.log :
Jul 24 20:11:13 mail dkim-filter: 2875014C024 « DKIM-Signature » header added
Make sur your TXT entry is correct, you shoud be able to test it with the host command. The syntax would be : $host -t txt <name of your key>.<domain name>
In my exemple, that would be : $host -t txt default._domainkey.example.com
Or for gmail.com : $host -t txt gamma._domainkey.gmail.com