Public/Private Key-pair Generation |
download TLS/SSL Toolkit extract OpenSSL.exe into a direcory of your choice in a DOS box type openssl genrsa -out dkim-private.pem 1024 openssl genrsa -out dkim-private.pem 1024 -outform PEM and then
openssl rsa -in dkim-private.pem -out dkim-public.pem -pubout -outform PEM openssl rsa -in dkim-private.pem -out dkim-public.pem -pubout -outform PEM This results in two files, dkim-private.pem which is the private key and looks like this: -----BEGIN RSA PRIVATE KEY----- MIIByQIBAAJhAKJ2lzDLZ8XlVambQfMXn3LRGKOD5o6lMIgulclWjZwP56LRqdg5 ZX15bhc/GsvW8xW/R5Sh1NnkJNyL/cqY1a+GzzL47t7EXzVc+nRLWT1kwTvFNGIo AUsFUq+J6+OprwIDAQABAmBOX0UaLdWWusYzNol++nNZ0RLAtr1/LKMX3tk1MkLH +Ug13EzB2RZjjDOWlUOY98yxW9/hX05Uc9V5MPo+q2Lzg8wBtyRLqlORd7pfxYCn
Kapi2RPMcR1CxEJdXOkLCFECMQDTO0fzuShRvL8q0m5sitIHlLA/L+0+r9KaSRM/ 3WQrmUpV+fAC3C31XGjhHv2EuAkCMQDE5U2nP2ZWVlSbxOKBqX724amoL7rrkUew ti9TEjfaBndGKF2yYF7/+g53ZowRkfcCME/xOJr58VN17pejSl1T8Icj88wGNHCs FDWGAH4EKNwDSMnfLMG4WMBqd9rzYpkvGQIwLhAHDq2CX4hq2tZAt1zT2yYH7tTb weiHAQxeHe0RK+x/UuZ2pRhuoSv63mwbMLEZAjAP2vy6Yn+f9SKw2mKuj1zLjEhG 6ppw+nKD50ncnPoP322UMxVNG4Eah0GYJ4DLP0U= -----END RSA PRIVATE KEY----- -----BEGIN RSA PRIVATE KEY----- MIIByQIBAA ... ZwP56LRqdg5 ZX15bhc/Gs ... T1kwTvFNGIo AUsFUq+J6+ ... KMX3tk1MkLH +Ug13EzB2R ... lORd7pfxYCn
Kapi2RPMcR ... +0+r9KaSRM/ 3WQrmUpV+f ... amoL7rrkUew ti9TEjfaBn ... Icj88wGNHCs FDWGAH4EKN ... 1zT2yYH7tTb weiHAQxeHe ... mKuj1zLjEhG 6ppw+nKD50 ... 0GYJ4DLP0U= END RSA PRIVATE KEY----- and dkim-public.pem, which is the public key and looks like this: -----BEGIN PUBLIC KEY----- MHwwDQYJKoZIhvcNAQEBBQADawAwaAJhAKJ2lzDLZ8XlVambQfMXn3LRGKOD5o6l MIgulclWjZwP56LRqdg5ZX15bhc/GsvW8xW/R5Sh1NnkJNyL/cqY1a+GzzL47t7E XzVc+nRLWT1kwTvFNGIoAUsFUq+J6+OprwIDAQAB -----END PUBLIC KEY-----
-----BEGIN PUBLIC KEY----- MHwwDQYJKo ... 3LRGKOD5o6l MIgulclWjZ ... a+GzzL47t7E XzVc+nRLWT ... +OprwIDAQAB -----END PUBLIC KEY----- Copy dkim-private.pem to CERT\PRIV directory Define a selector for your DomainKey, in this sample we use mail Copy the data of the public key file a TXT record for your domain: mail._domainkey IN TXT "v=DKIM1;k=rsa; p=MHwwDQYJKoZIhvcNAQEBBQADawAwaAJhAKJ2lzDLZ8XlVambQfMXn3LRGKOD5o6l MIgulclWjZwP56LRqdg5ZX15bhc/GsvW8xW/R5Sh1NnkJNyL/cqY1a+GzzL47t7E
XzVc+nRLWT1kwTvFNGIoAUsFUq+J6+OprwIDAQAB;" mail._domainkey IN TXT "v=DKIM1;k=rsa; p=MHwwDQYJ ... Xn3LRGKOD5o6l MIgulclWjZ ... a+GzzL47t7E XzVc+nRLWT ... QAB;" |
DKIM (DomainKeys Identified Mail) Signing |
select Options->DKIM->Sign and create a new record Set the fields as follows: For messages from e-mail address: | *@yourdomain.com |
| to e-mail address: | * | use this certificate (file in PEM format): | dkim-private.pem | Thereafter the program will sign all messages from your domain to everyone using the private key in the dkim-private.pem certificate. |
DMARC (Domain-based Message Authentication, Reporting, and Conformance) |
Create a TXT record for your domain: _dmarc in txt "v=DMARC1; p=reject; sp=reject; adkim=s; aspf=s;" DMARC defines the policy that the receiving MTA should apply to your messages when SPF and DKIM verification fails.
Note: If you do not set a policy, some MTAs, namely Gmail and O365, will apply a strict policy. |