What is DKIM?

DomainKeys Identified Mail (DKIM) is a method for associating a domain name to an email message, thereby allowing a person, role, or organization to claim some responsibility for the message. The association is set up by means of a digital signature which can be validated by recipients. Responsibility is claimed by a signer by adding a DKIM-Signature: field to the message's header. The verifier recovers the signer's public key using the DNS, and then verifies that the signature matches the actual message's content.

Enabling DKIM in Sendmail

• Generate a private key

A "default.private" key file will be generated. It will be moved to a specific location later.

•   Generate a public key for this private key

A file with filename "default.public" will be generated with content like
---BEGIN PUBLIC KEY---
...
---END PUBLIC KEY---
It will be used to create a DNS TXT record. See next step.

• Create a DNS record of type TXT

Modify DNS records and add a record of type TXT:
Note that the prefix "---BEGIN PUBLIC KEY--" and suffix "--END PUBLIC KEY---" should not be put in the TXT record value. This DNS record will be retrieved by mail receivers who want to verify emails with DKIM signatures. The record name "default._domainkey" tells verifier that the "selector" of this signature is "default", therefore if you are changing selector name to something else, make sure you change all of them consistently.

• Install dkim-milter in Linux

Run the following as root to install the dkim-milter pacakge.

• Enable dkim-milter to run on start-up

Make sure dkim-milter service will run on start-up by running this command:

• Move private key to appropriate location

As root, copy the private key to the location specified by the "keylist" (refer to next step) and make sure it is readable by dkim-milter:
Make sure the filename of private key file matches the "selector" name specified in the DNS record.

• Add an entry to the keylist for dkim-milter to read

Add the following line to /etc/mail/dkim-milter/keys/keylist. Replace <domain.com> with your domain name.

• Configure dkim-milter

Open configuration file /etc/mail/dkim-milter/dkim-filter.conf and use the following configuration:
/etc/mail/dkim-milter/internalhosts is needed if you are signing e-mails on a gateway mail server
/etc/mail/dkim-milter/peerlist can have list of hosts whose connections should be accepted without processing by dkim filter.

• Add dkim to sendmail.mc dd to sendmail.mc

  INPUT_MAIL_FILTER(`dkim-filter', `S=inet:8891@localhost')

  You might need to adjust socket definitions in /etc/init.d/dkim-milter as well.

• Restart dkim milter and sendmail

Now check emails logs to see if dkim inserts are happening.