Setting Up Multi-Domain and Custom Selector DKIM with Exim4

Leave a Comment Get Free Updates of New Posts Here

Setting up DKIM on Exim4 is pretty straight forward. Where it becomes more complex is when you want to configure a multi-domain setup with custom selector for each domain.

That being said, it’s still pretty easy to implement.

I use ubuntu 16.04 LTS for this. This article from Steve Kemp outlines all you need to know, but contains some caveats and doesn’t use custom selectors. It is written for Debian, but is still relevant for Ubuntu.

Here’s how I done it.

DKIM IMPLEMENTATION

Generating Private/Public Key Pair

To sign you need the private key, and so other servers validate you need to publish the public key via DNS TXT record.

Generate the private key
openssl genrsa -out selector.example.net.privkey 1024 -outform PEM

Generate the public key
openssl rsa -in selector.example.net.privkey -out selector.example.net.pub -pubout -outform PEM

Update DNS records

You would now take your selector.example.net.pub public key freshly generated and insert that into a TXT record for your domain. Like so.

selector._domainkey.example.net IN TXT "v=DKIM1; h=sha256; k=rsa; s=email; p=MIGfMA..."

Update Exim4 configuration

Finally, tell Exim to use your private key to sign the outgoing emails.

This is done by creating /etc/exim4/conf.d/main/00_local_macros file if you use a multi file setup. If not, add the same config in your /etc/exim4/exim4.conf.template at the top of the main section (since the priority of the local_macros is 00)

I you use the script at the bottom of this article, it will create a /etc/exim4/dkim/KeyTable file.  Within that file, we will store our domains details to facilitate the lookup.

There will be stored the domain, the selector and the privkey location. We will use it to set our DKIM_SELECTOR and DKIM_FILE parameters dynamically.

 

Finally, you need to set proper permissions for folders and files.

The user and group should be Debian-exim, chmod -R Debian-exim: /etc/exim4/dkim and permissions for folders should be 750 and 640 for files

This is what I have in /etc/exim4/conf.d/main/00_local_macros

# Get selector
DKIM_SELECTOR = ${extract{selector}{${lookup{$sender_address_domain}partial-lsearch*{/etc/exim4/dkim/KeyTable}}}{$value}fail}

# Get the domain from the outgoing mail.
DKIM_DOMAIN = ${lc:${domain:$h_from:}}

# The file is based on the outgoing domain-name in the from-header.
DKIM_FILE = ${extract{privkey}{${lookup{$sender_address_domain}partial-lsearch*{/etc/exim4/dkim/KeyTable}}}{$value}fail}

# If key exists then use it, if not don't.
DKIM_PRIVATE_KEY = ${if exists{DKIM_FILE}{DKIM_FILE}{0}}

 

Here’s a script that will generate your DKIM keys and work with your/etc/exim4/conf.d/main/00_local_macros configuration file.

Thanks to @takkaria and Bill Thorsteinston for their helpful articles.

bynicolas.com runs on the Genesis Framework

Genesis Framework

The Genesis Framework empowers you to quickly and easily build incredible websites with WordPress. Whether you're a novice or advanced developer, Genesis provides the secure and search-engine-optimized foundation that takes WordPress to places you never thought it could go. It's really that simple - start using the Genesis Framework now!

Take advantage of the 6 default layout options, comprehensive SEO settings, rock-solid security, flexible theme options, cool custom widgets, custom design hooks, and a huge selection of child themes ("skins") that make your site look the way you want it to. With automatic theme updates and world-class support included, Genesis is the smart choice for your WordPress website or blog.

Become a StudioPress Affiliate

Leave a Reply

Your email address will not be published. Required fields are marked *

css.php