|Relating to this feature, this guide will outline how to install DKIM on your DirectAdmin server.|
DKIM will sign outbound message, and receiving servers will check that signature against DNS records added to your zone to verify the signature and lower the spam score if it passes.
New MethodAssumes you've got /etc/exim.conf 4.5.x or newer.
Note: The dkim=2 setting, above, will not turn on DKIM for a domain when it's created. It simply makes the feature available to Users, so they can turn it on if they use local DNS for their domain. Using dkim=1 means that it will be activated immediately when a domain is created on the system. Only use dkim=1 if all domains use local DNS. If external DNS is used, the DKIM TXT records must be copied over to the remote DNS, else the outbound emails will be signed but will fail since the dns checks will fail, which is actually far worse than having no DKIM at all.
1) Ensure the exim supports DKIM signging:
[root@es5 ~]# /usr/sbin/exim -bV | grep 'Support for'
If exim does not support DKIM, then re-compile exim.
2) Add it to exim
service exim restartNote, that newer exim.conf files will not require manual editing of the exim.conf (code will already exist)
3) Turn in on in DirectAdmin.
And confirm it's set, and restart DA:
[root@es5 directadmin]# ./directadmin c | grep dkim
4) At this point, any domain created after the change should have the DKIM keys created, and dns zones updated.
For existing domains, you can either enable it individually for each domain, one-by-one:
5) or you can enable it for all of your domains like this:
echo "action=rewrite&value=dkim" >> /usr/local/directadmin/data/task.queuebut it may be a good idea to test it out manually with 3) first, to ensure it works correctly.
Note: the dkim_create.sh script itself doesn't touch the zone. It uses a task.queue entry to have the dataskq add the dns entry based on the keys that the dkim_create.sh script created. As such, it may take up to one minute for the records to be added.
Important: If any of your domains are hosted using an external DNS server that DA does not control, you MUST manually add the TXT records to the remote zones. You can copy them over as needed. If the DNS does not have the records, but your emails are signed, this may increase the spam score of those emails, which is the opposite of what we want.
If you need to disable dkim on a per-User basis, you can do so with this feature:
© 2018 JBMC Software, Suite 173 3-11 Bellerose Drive, St Albert, AB T8N 1P7 Canada. Mon-Fri 9AM-5PM MST