How to enable DKIM email signatures in amavisd-new and ISPConfig 3.0

NOTE: This post is about ISPConfig 3.0 and not 3.1 and newer. ISPConfig 3.1 and newer has DKIM support builtin, you can simply enable DKIM in ISPConfig 3.1 GUI now for the mail domain.

DKIM is a system to verify the sender and integrity of emails. ISPConfig 3 uses amavisd-new as content filter for spam and virus scanning and amavisd-new is also able to sign messages with DKIM. The next steps explain how to configure amavisd-new to sign messages for a domain named "example.com" with DKIM. The steps below should work with any amavisd-new setup even if you do not use ISPConfig.

1) Create the domain key:

mkdir /var/db/dkim/
amavisd genrsa /var/db/dkim/example-foo.key.pem

2) Configure amavisd to use this key for the domain example.com. Edit the amavisd configuration file

vi /etc/amavisd/amavisd.conf

and add the following lines:

$enable_dkim_verification = 1;
$enable_dkim_signing = 1;
dkim_key('example.com', 'foo', '/var/db/dkim/example-foo.key.pem');
@dkim_signature_options_bysender_maps = (
{ '.' => { ttl => 21*24*3600, c => 'relaxed/simple' } } );
@mynetworks = qw(0.0.0.0/8 127.0.0.0/8 10.0.0.0/8 172.16.0.0/12
192.168.0.0/16);  # list your internal networks

3) Run the command:

amavisd showkeys

to get the public key that has to be added as TXT record in the DNS server of the example.com DNS server.

4) Thest the setup with the command:

amavisd testkeys

and if it works properly, restart amavisd:

/etc/init.d/amavis restart

Here is a more detailed description in the amavisd-new manual on how to setup DKIM in amavisd-new:

http://www.ijs.si/software/amavisd/amavisd-new-docs.html#dkim

Leave a Comment

*