Setting up DomainKeys Identified Mail
Once SPF set up, I decided to have a look at the DKIM procedure to help fighting against spam.
(Well, however necessary may be war against spam, I have to admit that my purpose is more getting some Internet reliability and emails sent, than dealing with mails already dealt with by greylisting or spamassassin.)
The principe is quite different here: in SPF, we determine a policy the receiver is encourage to follow for received mails, it’s the responsability of the receiver to take an action he/she feels appropriate. SPF only states is mail may or may not be sent from a given location, and it’s quite easy to check it with a simple DNS requets.
About DKIM, there is a cryptographic proof showing that a given mail has been sent from a mail server trusted by the owner of the domain.
The idea is quite simple: The DNS publishes a simple public key. The mail server owns the related private key a use it to sign parts of the mail (among them, Subject, From and content length fields). Then receiving the e-mail, the receiver get the public key from the domain and check if it matches.
Amavisd-new package already provides all the necessary. Let’s start creating private key:
1 2 3 4 5
Let’s try our keys for the first time:
We need to create the public key and to configure our DNS server to publish it:
1 2 3 4 5 6 7 8
Quite simple, one has just to copy paste this to bind configuration file and increment the serial. That’s already done for the DNS. Let’s check our key pair;
And now, amavisd-new configuration:
This lines are to be copied to 50-user, which overrides other configuration files in case of conflict:
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20
Done! Restart amavisd-new and it’s now time for testing :)