Updating DKIM record (2048 bit) in Zimbra

Email security is very important now a days. We always look for inbound email security. However, it is very much important to enhance security for outbound emails too for successful email delivery to the recipient inbox.

DomainKeys Identified Mail (DKIM) provides an organization to take responsibility for a message that is in transit. The sending server reputation is responsible for successful email delivery. DKIM provides the message is not being altered in the transmission of message till delivery of it. Technically DKIM provides a method for validating a domain name identity that is associated with a message through cryptographic authentication.

Good Practices:

Configure DKIM for all the sending domain.
Configure 2048 bit DKIM key.
Change DKIM key in each year to avoid possible attacks.

Generate DKIM Key:

DKIM signing is done at the domain level, including alias domains. Setting up signing consists of two parts.

I. Generate DKIM data.

II. Updating the DNS server with the public DNS entry.

DKIM needs to be generated per domain in the MTA Server, and needs to be configured in the public DNS of each domain.

Part I: (Generate DKIM Data)

Step 1: Generate a new DKIM, replace example.com with your domain. Please note you'll need to generate a DKIM for each domain

switch to zimbra user/

su - zimbra

/opt/zimbra/libexec/zmdkimkeyutil -a -d example.com

Sample output:

DKIM Data added to LDAP for domain example.com with selector 5FB40084-955E-11EA-AEF4-CACFE0F7FCAB

Public signature to enter into DNS:

5FB40084-955E-11EA-AEF4-CACFE0F7FCAB._domainkey IN TXT ( "v=DKIM1; k=rsa; "

"p=MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA44X60G+iCYikWWCDpkVQ0Wsgbpm5sjYVGMMbhaC9/z0/nsj/yg3bg6hqEyn2EuyId/p5i8tCUGNEKTvNs/hTS1IcvjPox0jL03B34jXyQwt226p/IjCVAywXQoFmTselH6yUEvLRZSS/jPi4c1XD5j8p0Eaketc7XHpK1Krg69xY/VqqnWjBMnIEqfq1MKWFHLiXZq3hVVcNAW"

"/60u17sUrq/s4afbK28uGQEQltsmyhkWoU65z4ZwTo6Az1jqqmn2eA8HVImDe6sJ/MZ403nOE9UkqNEzRTFx74EW2XYAwt7R3UIHK/EKeFr9ehQOLZDya4wfoxjmcm7B3wjUzouwIDAQAB" ) ; ----- DKIM key 5FB40084-955E-11EA-AEF4-CACFE0F7FCAB for example.com

Step 2: Retrieving the stored DKIM data for your domain - replace example.com with your domain

as zimbra user run command below;

/opt/zimbra/libexec/zmdkimkeyutil -q -d example.com

Sample Output:

DKIM Domain:

example.com

DKIM Selector:

5FB40084-955E-11EA-AEF4-CACFE0F7FCAB

DKIM Private Key:

-----BEGIN RSA PRIVATE KEY-----

MIIEogIBAAKCAQEA44X60G+iCYikWWCDpkVQ0Wsgbpm5sjYVGMMbhaC9/z0/nsj/

yg3bg6hqEyn2EuyId/p5i8tCUGNEKTvNs/hTS1IcvjPox0jL03B34jXyQwt226p/

IjCVAywXQoFmTselH6yUEvLRZSS/jPi4c1XD5j8p0Eaketc7XHpK1Krg69xY/Vqq

nWjBMnIEqfq1MKWFHLiXZq3hVVcNAW/60u17sUrq/s4afbK28uGQEQltsmyhkWoU

65z4ZwTo6Az1jqqmn2eA8HVImDe6sJ/MZ403nOE9UkqNEzRTFx74EW2XYAwt7R3U

IHK/EKeFr9ehQOLZDya4wfoxjmcm7B3wjUzouwIDAQABAoIBAAIrd+3e8qummvKj

Qf4m8RNeMyv62VOCwoa+7ZdDpiw1+FJaVl4l7a7+vyw5nTgm+1IxmFEl+hbsK209

PcP2nUy9lrqVoiWsYw08KFiG7S2IgXSs1pOL5Q/nrr0aoNAlhUSdD7hyil6tkAoX

ISMwcTLT7WEoG090mANUwzvt+UEmjzQLWEzd//xAdCzBIlKHcHeYWjDPbEY8yUL+

6+O7ZhFN56t2eOXjvy/zd6IITLWviLzDM9Dj7ZiFJrKLjEvp40VRFohIy1YxMSu4

meRx/8jm5cb0GFsHGSB3ceorPSMWhjLb4i2mHPEfE5CwghwC+dnNhMqIhYptJhKf

tt6qvDECgYEA9iO72n+Ev+QPLpfowwhhqeg3dNb/TjK8P5f8+40BdrnboMBgx7li

TCwh3glwdBvbEalp9jl96J7H88N40K7eK0LLTBLy5nc4Ci4tS++F6omjW/sPGl9s

QH84uuVMTTLcnW5k6/PxCTMFb+mGh8Abn/pgjbDx0gacGqwO6hG6zjMCgYEA7KNU

H+bhm59Ol1EFoGAReh2kCesuVdWTOaK3217KGswHQyFJilMAGp5XAhtJNWVRFOed

lDaG5qN6Tvg9yIZuMsdeazCGOZWEqSwddp6TSj+bz2Eda7BRooqO1oVcJZaXfESG

gsjawuB+Kyt1Og7f2va40VfD8IzV5xHccTts41kCgYAvaojYubIICVYHYso7MBUo

Vwy/3F8IYGu1UIEysGI0ze8KU6URNJxEEkhf7q+UHn2gNGOuRDsGIfhg9CoFAXrZ

GJ/zQr86OIM6KtUdCMJigStQH9gz+2fuMNPr5RpC0OaBCXA1qCOp4wNMIM+CvTZV

JjWNdiXPkOhnlve0jb/P0wKBgBK+USCBwib4dFop8b8lPN0mUeLzPOVRmGq9R8DZ

fjqnJIAdt9x7/IsfNZcWIDNZhhWYzvN5ajAEjOCKayJh+4KMJh9pZYhUHoDj3KWT

o+kCps3DTHhGLAEq5mt5frX/epo+N0VOsX00GOpEc/GYUgTe+/6g7AU2so6t7H8P

jO1pAoGAIT9+y4Myze3uCzW9Hq1Ld4zykYvyIjalmXwdH6YUZCH5rIvu5vMBEzt5

LQ3Xd3oqy6w+3Htm/hx83hKACGZ4Niib3/3/X2jecbXy7DpgVF5TTib/D914FZ6B

WvVesqApGD9YBgzlOkF3JGWFsNyEJOS/ZiGAg1O20IZq8Idww44=

-----END RSA PRIVATE KEY-----

DKIM Public signature:

5FB40084-955E-11EA-AEF4-CACFE0F7FCAB._domainkey IN TXT ( "v=DKIM1; k=rsa; "

DKIM Identity:

example.com

Step 3:

Highlight and copy: 5FB40084-955E-11EA-AEF4-CACFE0F7FCAB._domainkey

Highlight and copy: v=DKIM1; k=rsa;

Highlight and copy: "p=MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA44X60G+iCYikWWCDpkVQ0Wsgbpm5sjYVGMMbhaC9/z0/nsj/yg3bg6hqEyn2EuyId/p5i8tCUGNEKTvNs/hTS1IcvjPox0jL03B34jXyQwt226p/IjCVAywXQoFmTselH6yUEvLRZSS/jPi4c1XD5j8p0Eaketc7XHpK1Krg69xY/VqqnWjBMnIEqfq1MKWFHLiXZq3hVVcNAW"

"/60u17sUrq/s4afbK28uGQEQltsmyhkWoU65z4ZwTo6Az1jqqmn2eA8HVImDe6sJ/MZ403nOE9UkqNEzRTFx74EW2XYAwt7R3UIHK/EKeFr9ehQOLZDya4wfoxjmcm7B3wjUzouwIDAQAB"

Part II: (Add record to public DNS server)

For cPanel:

- login to your DNS web portal zone file

- create new TXT entry

Name: 5FB40084-955E-11EA-AEF4-CACFE0F7FCAB._domainkey.example.com.

TTL: 3600

Type: TXT

TXT Data: v=DKIM1; k=rsa;

“p=MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA44X60G+iCYikWWCDpkVQ0Wsgbpm5sjYVGMMbhaC9/z0/nsj/yg3bg6hqEyn2EuyId/p5i8tCUGNEKTvNs/hTS1IcvjPox0jL03B34jXyQwt226p/IjCVAywXQoFmTselH6yUEvLRZSS/jPi4c1XD5j8p0Eaketc7XHpK1Krg69xY/VqqnWjBMnIEqfq1MKWFHLiXZq3hVVcNAW" "/60u17sUrq/s4afbK28uGQEQltsmyhkWoU65z4ZwTo6Az1jqqmn2eA8HVImDe6sJ/MZ403nOE9UkqNEzRTFx74EW2XYAwt7R3UIHK/EKeFr9ehQOLZDya4wfoxjmcm7B3wjUzouwIDAQAB"

For bind DNS servers:

5FB40084-955E-11EA-AEF4-CACFE0F7FCAB._domainkey IN TXT ( "v=DKIM1; k=rsa; "

Verify DKIM Record:

Finally, verify the DKIM record from https://mxtoolbox.com/dkim.aspx

To verify you have to provide selector information as below.

5FB40084-955E-11EA-AEF4-CACFE0F7FCAB._domainkey.example.com

Search This Blog

Sharing is a Wonderful Thing

Updating DKIM record (2048 bit) in Zimbra

Comments

Post a Comment

Popular posts from this blog

Install a Comodo/Sectigo Domain Validation SSL certificate in Zimbra

Adding DKIM record (1024 bit) in Zimbra

Recipient Limit of a Message in Zimbra