Feature #476
Updated by Daniel Curtis about 10 years ago
Assuming the domain is example.com:
* Generate the new key.
<pre>
cd /var/lib/dkim/
amavisd genrsa example.com.pem
chmod 0644 example.com.pem
</pre>
* Add it to your amavisd.conf file. Search for "# Add dkim_key here.", and add it alongside the others, preferably in alphabetic order so you can find it faster.
<pre>
dkim_key("example.com", "dkim", "/var/lib/dkim/example.com.pem");
</pre>
* Add your new domain to @local_domains_maps in amavisd.conf. The line should now read something like this:
<pre>
@local_domains_maps = ( [".$mydomain", "firstdomain.com", "example.com"] ); # list of all local domains
</pre>
* Restart amavisd
<pre>
service amavisd restart
</pre>
* Test that the key was installed properly
<pre>
amavisd showkeys example.com
</pre>
#* The output should be something like this:
<pre>
; key#1, domain example.com, /var/lib/dkim/example.com.pem xyz.com, /var/lib/dkim/xyz.com.pem
<pre>
dkim._domainkey.example.com. 3600 TXT (
"v=DKIM1; p="
"MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDEzgjyG2It0ZdQQTgGNj2jNDKe"
"fsa978sd98fsd9vds97v9fHIUSAFHY(#@*oiu7cs98a9"
"afljhljoU(*@#&($*#@U9ujw9fewur0932870932"
"jvAe33lH9tiVljog1QYSUDOEAaads")
</pre>
* Add exactly what was printed above to the zone file in you nameserver(s). You should also include SPF and ADSP. For example a BIND configuration would look like:
<pre>
example.com. IN TXT "v=spf1 +a +mx ~all"
dkim._domainkey.example.com. 3600 TXT (
"v=DKIM1; p="
"MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDEzgjyG2It0ZdQQTgGNj2jNDKe"
"fsa978sd98fsd9vds97v9fHIUSAFHY(#@*oiu7cs98a9"
"afljhljoU(*@#&($*#@U9ujw9fewur0932870932"
"jvAe33lH9tiVljog1QYSUDOEAaads")
_adsp._domainkey.example.com. IN TXT "dkim=all"
</pre>
h2. Resources
* http://www.iredmail.org/forum/post1807.html#p1807