Quick Reference

Home
Alpine Linux Boot Process
libinput on Alpine Linux
who on Alpine
ALSA Config
Android Hacking
Android Load apkx File
Audio Stream Fu
Audio Recording (simple)
AWK
BASH quick ref
Benchmark with fio
BlackBerry as a Modem
BlackBerry Video Encoding
Building libcurl on Windows with VS
Building QEMU Images for Alpine Linux
for use with libvirt and terraform
Building TI MSP430 GCC
Certificate and Key Handling
Chart Drawing
Currency Converter
Custom Bootable Alpine Linux
Custom Alpine Kernel
Colourspace Conversion
Compile FMS from Source
Courier IMAP Server
Datasheets and Manuals
Deduplication of Files
Deleting Old Devices
Delphi 7 Dynamic Linking
Delphi Compiler Warnings
Desktop Capture with FFMPEG
X11
Desktop Capture in Sway
Dovecot IMAP
Dovecot Replication
Docker HowTo (Simple Setup)
Remove Untagged Docker Images
Docker Xvfb Alpine Howto
Docker Storage
DomainKey Identified Mail with Exim
DRBD Over OpenVPN
Eclipse and Jetty
Eclipse Themes
Edge Detection
Electronics
Emailing
ESP8266 Get Started
ESP8266 OpenSDK
Exchange 2010 and Lighttpd
Exim Process and Forward Incoming Mail
Exim with Dovecot
FFmpeg Webcam and v4l2 stuff
flickr image from file name
Force Video Output
KMS/FB and Weston
Fonts
Freenet Routing Fu
Flushing Filesystem Buffers
GDB in Windows
Gentoo eudev and udev
Gentoo omxplayer
Gentoo on Raspberry Pi
Gentoo initramfs
Gentoo Java Problems
Gentoo Stage4
Gentoo Update (portage)
Gentoo VirtualBox Install
git Quick Reference
git Workflow
GNUplot Curve Fitting
GNUplot Heart
GNUplotting
Quick Reference
GnuPG Simple
Hen*Plus
ImageMagick
Quick Reference
InspIRCd on Gentoo
Install Gentoo with Hyper-V
iproute2
iptables
iptables bwmon
IPv6 in IPv6 Tunnels STUB
IPv6 Setups STUB
ircclient
irssi
Java Anti-aliasing
Jetty JSP 9.2/9.3 Error
Jetty JSP 9.4 Error
LDAP Searching
and binding on Linux
Logging in Java
LVM Mount on Gentoo
LVM Howto Rev 2
Video File Montage Creation
MPlayer play section of file
Install macOS X on Mac Pro
Maven for Java Development
MPlayer v4l Snapshots
mpv Quick Reference
MSP430 I2C
msys2 Home Modification
mtu Sizes
Multi Homed Hosts and ARP
Multiple RDP Sessions
nginx and cgit
Oneliners
Oukitel C8 Hacking
GNU Parted Simple tutorial
PinePhone Modem
PinePhone Sleeping
Piping for msmtp

PixivUtil2 Install
powersave.sh
qemu PCI Passthrough
qemu USB Passthrough
Quick VMs with QEMU
Reset Password in Windows
Routing Traffic in Windows
rpcontinued.xpi for Pale Moon
Screen Sharing with Sway
sed and grep
sfdisk howto
Shell and File Descriptors
Spring Security Upgrade from 3 to 4
Strong Host Model for Linux
SQLite3 Compile DLL with VS2010
SSL and Lighttpd
std::string to std::wstring and back
Sway IPC with swaymsg
Terminal Codes and socat
Traffic Control (tc)
In-depth with background and quirky routing and networking configuration
Traffic Control Again
Simpler method using ifb
UEFI Booting from Shell
Update Own Number with AT Commands
Videos, Interesting
VirtualBox to QEMU
Quick start guide
Visual Studio Reminders
whatsmeow on Alpine in Docker
Word and VBA Header Protection
wpa_cli
X11 TrackMan Marble
X11 Programming

DKIM: DomainKeys Identified Mail

Implementing DKIM on Exim is nice and easy. These instructions were written for use with Alpine Linux and Exim.

Create a new Key Pair

openssl genrsa -out dkim.e42.uk.private_key 2048
openssl rsa -in dkim.e42.uk.private_key -out dkim.e42.uk.public_key -pubout -outform PEM

Extract a Public Key from a Certificate

To use a public and private key from a certificate, extract the public key:

openssl x509 -pubkey -noout -in e42.uk.cert > e42.uk.public_key

Matching a Private Key with a Public Key

The output of these two commands should match

openssl rsa -noout -pubin -modulus -in dkim.e42.uk.public_key |md5sum
openssl rsa -noout -modulus -in dkim.e42.uk.private_key |md5sum

Installing The Key on Exim

Sign all mail for multiple domains when sent through exim. In Alpine Linux exim has a single configuration file located at /etc/exim/exim.conf this file should contain macros near the top below the MACROS section!

DKIM_DOMAIN = ${lc:${domain:$h_from:}}
DKIM_FILE = /etc/exim/dkim.${lc:${domain:$h_from:}}.private_key
DKIM_PRIVATE_KEY = ${if exists{DKIM_FILE}{DKIM_FILE}{0}}
DKIM_SELECTOR = m
DKIM_CANON = relaxed

These macros on their own do not do anything, they are to be used in the remote_smtp section of transports:

remote_smtp:
  driver = smtp
  message_size_limit = ${if > {$max_received_linelength}{998} {1}{0}}
  dkim_domain = DKIM_DOMAIN
  dkim_selector = DKIM_SELECTOR
  dkim_private_key = DKIM_PRIVATE_KEY
  dkim_canon = DKIM_CANON
  ...

Ensure that the owner of the .private_key file is exim or that the exim user can read the file.

chown exim:exim /etc/exim/dkim.e42.uk.private_key

Installing the key in NSD

I use the NSD name server for my domain (I don't know why, it takes up a huge chunk of my RAM). The zone file format is the same as BIND.

In the zone file for the domain add the lines:

m._domainkey IN TXT ( "v=DKIM1; t=y; k=rsa; p=MII..."
  "..."
  "..." )

Replace MII... with the contents of your public key file, each of the lines specified above in quotes cannot be longer than 256 bytes. NSD and BIND will tell you if there is a problem.

The m is the selector and must match the DKIM_SELECTOR specified earlier in the exim configuration.

Update the serial number and reload the domain.

Check that the Public Key is Present

Since I use NSD I use ldns-utils' drill command rather than digg (usage of digg is left as an exercise for the reader).

drill m._domainkey.e42.uk TXT
...
;; ANSWER SECTION:
m._domainkey.e42.uk.    86400   IN      TXT     "v=DKIM1; t=y; k=rsa; p=MII...
...

From the above it can be seen that the public key is available via DNS, any DKIM compatible server will use this key to verfy signature added by exim.

Last updated 2024-12-18

References

References for Office 365

Quick Links: Techie Stuff | General | Personal | Quick Reference