• Skip to primary navigation
  • Skip to main content
  • Skip to primary sidebar
  • Skip to secondary sidebar
OpenTechTips

OpenTechTips

Comprehensive IT Guides for Pros and Enthusiasts

MENUMENU
  • HOME
  • ALL TOPICS
    • Exchange
    • InfoSec
    • Linux
    • Networking
    • Scripting
      • PowerShell
    • SSL
    • Tools
    • Virtualization
    • Web
    • Windows
  • ABOUT
  • SUBSCRIBE
Home » How to EASILY set up DKIM on a Zimbra 8 Server

How to EASILY set up DKIM on a Zimbra 8 Server

September 19, 2020 - by Zsolt Agoston - last edited on September 19, 2020

Deploying DKIM on Zimbra Collaboration Edition Server is simple compared to the difficulty of doing so on an on-premises Exchange server. As it's built into the suit, we have an easy job creating the key pairs with a single command. The command immediately shows us the record that needs to be added to the public DNS (MAKE SURE YOU REMOVE THE LINE BREAKS WHEN PUBLISHING THE RECORDS! Details below

After DKIM for our domain is set and ready to go, we verify that it's working using online tools like the excellent DKIM validator from appmaildev (step 3)

Remember to always run Zimbra commands as the 'zimbra' user! If you are root, simply use the
"su zimbra"
command to switch to that user. As root it the superuser, you won't be prompted for 'zimbra' user's password.

1. Create DKIM keys on the server

# Add DKIM data to our domain on the Zimbra server, generating a 2048 bit key, using custom selector called: s1
# Run the command AS THE 'zimbra' USER!

[zimbra@mail ~]$ /opt/zimbra/libexec/zmdkimkeyutil -a -b 2048 -s s1 -d protectigate.com
DKIM Data added to LDAP for domain protectigate.com with selector s1
Public signature to enter into DNS:
s1._domainkey	IN	TXT	( "v=DKIM1; k=rsa; "
	  "p=MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA2uChMOLHL7IGewJQ3ZmrxJU3oiUtr9ardljovG/B4PLFh5Aq2x8fCkSZyvyor7Ditc1HAf66PyNkiC4XqFeGK0HGuqBnpjAu6NvF+3nuNo2HRZf6oQYOB0HypBTtkc9cTBCjzw73kAxMws9+UUlW/0eKIlHHDfkud5AKIwj78Zv4XVQ1hKl/neVrTtgvd5szP+iKtbwXs/bNIw"
	  "jbt8ZexlcaV/5wHZCeM9yIc4K9izS7KKHGw+xAyy3bCV/sQ0tWOldJ+YK4BtPEjdm2prs9AUaKwIzuqu3hpV1hGREO3CjS21zMUG8Pr7vXIV1g0rGPJxCmTW+w9tuj49czYq/S1wIDAQAB" )  ; ----- DKIM key s1 for protectigate.com
[zimbra@mail ~]$

2. Add public DNS record

Use the info from the command output from earlier, but don't forget: the whole record with the v= (version), k= (key algorithm) and the whole private key after p= is a SINGLE LINE!

# DKIM TXT record as follows:
Host: s1._domainkey
Value: v=DKIM1; k=rsa; p=MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA2uChMOLHL7IGewJQ3ZmrxJU3oiUtr9ardljovG/B4PLFh5Aq2x8fCkSZyvyor7Ditc1HAf66PyNkiC4XqFeGK0HGuqBnpjAu6NvF+3nuNo2HRZf6oQYOB0HypBTtkc9cTBCjzw73kAxMws9+UUlW/0eKIlHHDfkud5AKIwj78Zv4XVQ1hKl/neVrTtgvd5szP+iKtbwXs/bNIwjbt8ZexlcaV/5wHZCeM9yIc4K9izS7KKHGw+xAyy3bCV/sQ0tWOldJ+YK4BtPEjdm2prs9AUaKwIzuqu3hpV1hGREO3CjS21zMUG8Pr7vXIV1g0rGPJxCmTW+w9tuj49czYq/S1wIDAQAB
How to EASILY set up DKIM on a Zimbra 8 Server

And to cover everything we create a DMARC record to check all messages and quarantine them if either SPF or DKIM fails:

Host =  _dmarc.protectigate.com
value = "v=DMARC1; p=quarantine; adkim=r; aspf=r; pct=100"
How to EASILY set up DKIM on a Zimbra 8 Server

3. Test the key

Last step is to test the key first on the server:

/opt/zimbra/common/sbin/opendkim-testkey -d protectigate.com -s s1 -x /opt/zimbra/conf/opendkim.conf

Then we use DKIM test tool in below, where you can either send the test server a test email to analyze the SPF, DKIM and DMARC setup, or copy in the header of an existing email message for verification.

https://www.appmaildev.com/en/dkim

How to EASILY set up DKIM on a Zimbra 8 Server

Reader Interactions

Comments Cancel reply

Your email address will not be published. Required fields are marked *

Primary Sidebar

Tools

Secondary Sidebar

CONTENTS

  • 1. Create DKIM keys on the server
  • 2. Add public DNS record
  • 3. Test the key

  • Terms of Use
  • Disclaimer
  • Privacy Policy
Manage your privacy

To provide the best experiences, we and our partners use technologies like cookies to store and/or access device information. Consenting to these technologies will allow us and our partners to process personal data such as browsing behavior or unique IDs on this site and show (non-) personalized ads. Not consenting or withdrawing consent, may adversely affect certain features and functions.

Click below to consent to the above or make granular choices. Your choices will be applied to this site only. You can change your settings at any time, including withdrawing your consent, by using the toggles on the Cookie Policy, or by clicking on the manage consent button at the bottom of the screen.

Functional Always active
The technical storage or access is strictly necessary for the legitimate purpose of enabling the use of a specific service explicitly requested by the subscriber or user, or for the sole purpose of carrying out the transmission of a communication over an electronic communications network.
Preferences
The technical storage or access is necessary for the legitimate purpose of storing preferences that are not requested by the subscriber or user.
Statistics
The technical storage or access that is used exclusively for statistical purposes. The technical storage or access that is used exclusively for anonymous statistical purposes. Without a subpoena, voluntary compliance on the part of your Internet Service Provider, or additional records from a third party, information stored or retrieved for this purpose alone cannot usually be used to identify you.
Marketing
The technical storage or access is required to create user profiles to send advertising, or to track the user on a website or across several websites for similar marketing purposes.
Statistics

Marketing

Features
Always active

Always active
Manage options Manage services Manage {vendor_count} vendors Read more about these purposes
Manage options
{title} {title} {title}
Manage your privacy
To provide the best experiences, we use technologies like cookies to store and/or access device information. Consenting to these technologies will allow us to process data such as browsing behavior or unique IDs on this site. Not consenting or withdrawing consent, may adversely affect certain features and functions.
Functional Always active
The technical storage or access is strictly necessary for the legitimate purpose of enabling the use of a specific service explicitly requested by the subscriber or user, or for the sole purpose of carrying out the transmission of a communication over an electronic communications network.
Preferences
The technical storage or access is necessary for the legitimate purpose of storing preferences that are not requested by the subscriber or user.
Statistics
The technical storage or access that is used exclusively for statistical purposes. The technical storage or access that is used exclusively for anonymous statistical purposes. Without a subpoena, voluntary compliance on the part of your Internet Service Provider, or additional records from a third party, information stored or retrieved for this purpose alone cannot usually be used to identify you.
Marketing
The technical storage or access is required to create user profiles to send advertising, or to track the user on a website or across several websites for similar marketing purposes.
Statistics

Marketing

Features
Always active

Always active
Manage options Manage services Manage {vendor_count} vendors Read more about these purposes
Manage options
{title} {title} {title}