• Products
  
  • MDaemon Software
  • MDaemon Appliance
  • SecurityPlus
  • Outlook Connector
  • SecurityGateway
  • ProtectionPlus
  • RelayFax
  • ———————————
  • Messaging Solutions
  • Security Solutions
  • Collaboration Solutions
• Purchase
  • MDaemon Software
  • MDaemon Appliance
  • SecurityPlus
  • Outlook Connector
  • SecurityGateway
  • ProtectionPlus
  • RelayFax
  • Upgrade/Renewal
  • Support Agreement
  • Training
• Downloads
  • Free Evaluation
  • Existing Customers
  • Literature
• Partners
  • Technology Partners
  • Find A Partner
  • Become A Partner
  • Partner Portal
• Training
  • eLearning
  • MDaemon Tutorials
  • Literature
• Support
  • Support Agreement
  • FAQ
  • Knowledge Base
  • Literature
  • Community Forums
  • Telephone Support
  • Email Support
• Company
  • Management
  • Press Room
  • Associations
  • Policies
  • Careers
  • Contact Us
  • Literature

Configuring DKIM signing in MDaemon

KBA-01744

Purpose & Scope

DomainKeys Identified Mail (DKIM) is an open protocol for protecting email users against email address identity theft and email message content tampering. It does this by providing positive identification of the signer’s identity along with an encrypted “hash” of the message content.

To configure and use DKIM: 

1. The system administrator creates a private/public key pair for the server and publishes the public key in the domain’s domain name server.
2. Using the private key, the sending server creates a signature for each outgoing message. The resulting signature data is stored in a “DKIM-Signature” header within the message.
3. The receiving server obtains the signature from the “DKIM-Signature” header and verifies it using the signer’s public key.

Procedure

To configure and use DKIM in MDaemon:

1. Open the Security menu from the MDaemon interface
2. Select SPF & SenderID / DomainKeys & DKIM / HashCash...
3. Select the DK & DKIM (signing) tab
4. Enable Sign outgoing messages with DomainKeys Identified Mail (DKIM)
5. Click the Create new public and private keys to have MDaemon generate the public key your DNS server needs for DKIM checks and the private one that MDaemon uses. (If you have done this already for DomainKeys you will want to skip this step)
6. A confirmation window will appear, click yes to continue.
7. After MDaemon creates the key pair, the readme will display on screen showing the public keys that need to be entered into your DNS server.  It is also saved to \MDaemon\Pem\MDaemon\dns_readme.txt
8. Enter this public key from the readme into your DNS server as a TXT record.  The instructions to do this will vary based on what software you are using.

There are different ways to set up your DNS record depending on how strict you want the DKIM policy for your domain to be. 

DKIM Legend (you can use these signing policies with DKIM):

o=~  NEUTRAL or RELAXED (signature optional)
o=-  STRONG  (signature required, but not necessarily from my domain)
o=!  EXCLUSIVE (signature required, and it must be from my domain) *
o=.  NEVER  (this site doesn't send mail)
o=^  USER (reserved for future use)

Example DNS data for policy using DKIM:

(Testing and using NEUTRAL signing policy)
_policy._domainkey.altn.com. IN TXT 't=y; o=~;'

(Not testing and using STRONG signing policy)
_policy._domainkey.altn.com. IN TXT 'o=-;'

Comments

Do not go out of DKIM testing mode  ('t=y') until your DNS records have propogated (3-5 days).  Failure to wait for this to take place could cause delivery failures.

*Exclusive mode will not work with mailing lists so use this with caution.

In order for their messages to be eligible for signing, local users must authenticate when sending mail.

Related Articles

For more information on Exclusive signing, please see KBA-01738 General information on Exclusive Signing