DKIM with iRedMail
The root domain or the domain name used at installation already has a dkim key.
Bug
There seems to be a bug with amavisd.
ln -s /etc/amavisd/amavisd.conf /etc/amavisd.conf
Private Key
Create Private Key
cd /var/lib/dkim/ amavisd genrsa mydomain.com.pem chown amavis:amavis *pem chmod 400 *pem
Enable Private Key
vi /etc/amavisd/amavisd.conf
add the line under the existing default entry
dkim_key("mydomain.com", "dkim", "/var/lib/dkim/mydomain.com.pem");
Restart amavisd
systemctl restart amavisd
Public Key
Show Installed Keys
amavisd showkeys # Shows all keys for each installed domain name amavisd showkeys mydomain.com # Show key for specific domain
Publish Public Key
From the command above it tells you the DNS record that needs to be created.
From the showkey you will see this:
; key#3 1024 bits, i=dkim, d=mytestdomain.com, /var/lib/dkim/mytestdomain.com.pem dkim._domainkey.mytestdomain.com. 3600 TXT ( "v=DKIM1; p=" "MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCyjw+kV2uiVMzTqgz1Im/OtHNL" "YYwQQayCYkmNpx20F+IuNSiVtmKBhrwoMcb8fxooRIn5Em1P56xH1/WQppB9YVo/" "Amo4N11bWbjHRqb9ava4mWfrKJB+x7TEWDbX6Zy22SK1yEf0070Dy7e+ILvacAjD" "UONzDC2bedCT8G+jPQIDAQAB")
It means you need to create a DNS records as: (Single line.)
A TXT Record as
dkim._domainkey.mytestdomain.com
With value of
v=DKIM1; p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCyjw+kV2uiVMzTqgz1Im/OtHNLYYwQQayCYkmNpx20F+IuNSiVtmKBhrwoMcb8fxooRIn5Em1P56xH1/WQppB9YVo/Amo4N11bWbjHRqb9ava4mWfrKJB+x7TEWDbX6Zy22SK1yEf0070Dy7e+ILvacAjDUONzDC2bedCT8G+jPQIDAQAB
No that it matter too much but don't forget to set the TTL value to 3600, which is 1 hour.
Test Keys
amavisd testkeys # Test all domain public Keys amavisd testkeys domain.com # Test public for for specific domain
Security
I've seen recommendations that the private/public keys should be replaced on a regular basis. I haven't seen specifics but I'm guessing once every 6/12 months.
Currently most DNS servers don't support records with very long values so using a 2048 encryption key won't work so for now stick with 1024 bit length keys.