| <!-- |
| Licensed to the Apache Software Foundation (ASF) under one |
| or more contributor license agreements. See the NOTICE file |
| distributed with this work for additional information |
| regarding copyright ownership. The ASF licenses this file |
| to you under the Apache License, Version 2.0 (the |
| "License"); you may not use this file except in compliance |
| with the License. You may obtain a copy of the License at |
| |
| http://www.apache.org/licenses/LICENSE-2.0 |
| |
| Unless required by applicable law or agreed to in writing, |
| software distributed under the License is distributed on an |
| "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY |
| KIND, either express or implied. See the License for the |
| specific language governing permissions and limitations |
| under the License. |
| --> |
| <!DOCTYPE html> |
| <html> |
| <head> |
| <meta charset="utf-8"/> |
| <title>Apache James</title> |
| |
| <link rel="stylesheet" type="text/css" href="/assets/css/main.css"> |
| <link rel="stylesheet" type="text/css" href="/assets/css/font-awesome.min.css"> |
| <link rel="stylesheet" type="text/css" href="/assets/css/ie8.css"> |
| <link rel="stylesheet" type="text/css" href="/assets/css/ie9.css"> |
| <link rel="shortcut icon" href="/images/james-logo.png"> |
| </head> |
| <body> |
| <!-- |
| Licensed to the Apache Software Foundation (ASF) under one |
| or more contributor license agreements. See the NOTICE file |
| distributed with this work for additional information |
| regarding copyright ownership. The ASF licenses this file |
| to you under the Apache License, Version 2.0 (the |
| "License"); you may not use this file except in compliance |
| with the License. You may obtain a copy of the License at |
| |
| http://www.apache.org/licenses/LICENSE-2.0 |
| |
| Unless required by applicable law or agreed to in writing, |
| software distributed under the License is distributed on an |
| "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY |
| KIND, either express or implied. See the License for the |
| specific language governing permissions and limitations |
| under the License. |
| --> |
| |
| <div id="wrapper"> |
| <div class="apache_ref"> |
| <a href="https://www.apache.org" alt="apache foundation link"><img src="https://www.apache.org/foundation/press/kit/asf_logo.svg" title="apache foundation logo"/></a> |
| </div> |
| <div class="apache_ref_mobile"> |
| <a href="https://www.apache.org" alt="apache foundation link">The Apache Software Foundation</a> |
| </div> |
| <div class="apache_ref_left"> |
| <a href="https://www.apache.org/events/current-event.html" alt="apache foundation event"><img src="https://www.apache.org/events/current-event-234x60.png" title="apache foundation event logo"/></a> |
| </div> |
| <div class="apache_ref_left_mobile"> |
| <a href="https://www.apache.org/events/current-event.html" alt="apache foundation event"><img src="https://www.apache.org/events/current-event-234x60.png" title="apache foundation event logo"/></a> |
| </div> |
| |
| <!-- |
| Licensed to the Apache Software Foundation (ASF) under one |
| or more contributor license agreements. See the NOTICE file |
| distributed with this work for additional information |
| regarding copyright ownership. The ASF licenses this file |
| to you under the Apache License, Version 2.0 (the |
| "License"); you may not use this file except in compliance |
| with the License. You may obtain a copy of the License at |
| |
| http://www.apache.org/licenses/LICENSE-2.0 |
| |
| Unless required by applicable law or agreed to in writing, |
| software distributed under the License is distributed on an |
| "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY |
| KIND, either express or implied. See the License for the |
| specific language governing permissions and limitations |
| under the License. |
| --> |
| |
| <header id="header" class="alt"> |
| <div class="logo"><a href="/index.html" alt="Apache James"><img src="/images/james.svg" alt="james logo"/></a></div> |
| <h1 class="hidden">James Enterprise Mail Server</h1> |
| <h2>Emails at the heart of your business logic</h2> |
| </header> |
| |
| <!-- |
| Licensed to the Apache Software Foundation (ASF) under one |
| or more contributor license agreements. See the NOTICE file |
| distributed with this work for additional information |
| regarding copyright ownership. The ASF licenses this file |
| to you under the Apache License, Version 2.0 (the |
| "License"); you may not use this file except in compliance |
| with the License. You may obtain a copy of the License at |
| |
| http://www.apache.org/licenses/LICENSE-2.0 |
| |
| Unless required by applicable law or agreed to in writing, |
| software distributed under the License is distributed on an |
| "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY |
| KIND, either express or implied. See the License for the |
| specific language governing permissions and limitations |
| under the License. |
| --> |
| |
| <!-- Main --> |
| <div id="main"> |
| |
| <!-- Introduction --> |
| <section id="intro" class="main special"> |
| <div class=""> |
| <div class="content align-left"> |
| <header class="major"> |
| <h1><b>What is a DKIM Record?</b></h1> |
| </header> |
| |
| <p> |
| DKIM (DomainKeys Identified Mail) is an email security standard designed to make sure messages aren’t altered in transit between the sending and recipient servers. |
| </p> |
| |
| <p> |
| It uses public-key cryptography to sign email with a private key as it leaves a sending server. |
| Recipient servers then use a public key published to a domain’s DNS to verify the source of the message, and that the body of the message hasn’t changed during transit. |
| </p> |
| |
| <p> |
| Once the signature is verified with the public key by the recipient server, the message passes the DKIM check and is considered authentic. |
| </p> |
| |
| <p> |
| The process of setting up DKIM can be split into the following steps: |
| </p> |
| |
| <ul> |
| <li>Choose a DKIM selector.</li> |
| <li>Generate a public-private key pair.</li> |
| <li>Publish the selector and public key by creating a DKIM TXT record.</li> |
| <li>Attach the token to each outgoing email.</li> |
| </ul> |
| |
| <p> |
| Before we begin, you might wonder what is a DKIM selector? |
| </p> |
| <p> |
| In short, a selector is specified as an attribute for a DKIM signature and is recorded in the DKIM-Signature header field. |
| A selector can be anything you want, such as a word, number, or a string of letters and numbers. |
| </p> |
| <p> |
| For example, if you choose <code>james3</code> for your selector, the DKIM record name would become <code>james3._domainkey</code> |
| </p> |
| |
| |
| <header class="major"> |
| <h1><b>Generate RSA Key Pair for DKIM</b></h1> |
| </header> |
| |
| <p> |
| You can use tools such as <code>openssl</code> or <code>ssh-keygen</code> to generate RSA keys. |
| </p> |
| <p> |
| Please note that 1024 bit DKIM is still the standard. If you want to feel safer with 2048-bit RSA, check with your DNS provider and see what length of DKIM key is supported because they need to match. |
| </p> |
| <p>Generate a 1024 bit RSA Key:</p> |
| <code>$ openssl genrsa -out private.pem 1024</code> |
| |
| <p>Export the RSA Public Key to a file:</p> |
| <code>$ openssl rsa -in private.pem -outform PEM -pubout -out public.pem</code> |
| <p>Both generated files are base64-encoded encryption keys in plain text format:</p> |
| |
| <pre><code>-----BEGIN RSA PRIVATE KEY----- |
| MIICXQIBAAKBgQCxMwUfjQbppE2EK4T2IDuiLRvZ4opSwJwxani/5Ii5VbqMQRfo |
| edUMuczK5qKJuIupTnh9AhJfaAsGUSruCVlGYXq6bqfak3XGHGu4s0rAXRM6Y3us |
| gy8RyxfWQqtYbEZPIwkLGPbPeIh2t8s3mL9fD9+tpO5H1Kc+9MBTMm7qnQIDAQAB |
| AoGATyl52nSIaAyMzMUca1BPE86PKLG6FeoSXUkxlJimNBYGdu4Fnkf/U+YVhXev |
| mVMmoYZ68W3hg1nZwwKz6Q+oH7iBk+AJRQlDQmdNuqBS5epKQpIk77w6J+Nd2HCa |
| wLXnt5wtDcusIV+HvznKi/yEt+oq29BbyY2CjAUYtR57wEECQQDhs71D4M8su6hv |
| bBbif1V/4m62ChkSZRnD7T2rCxzqLoe3Qe6W9hwysDjYMAtq3pA7mjMYyTqrx8sJ |
| RWcVSaf5AkEAyPx63vEKS38QPYyiesuJqqrnTeVlnPInedEmJmI6Rz5cWISosvNz |
| /QjHzTqOT1fXfskbhutg1/mDarsHnH/oxQJBAJjH/cdUB4nlYehCx978iRjvYzgQ |
| 79XW4DETiBofhKw1YSM5G1PPN1lMlr4pD6GBFStzf0E4/mFH9nXJKDVtzakCQQCG |
| OQ75ijHc31uCL0RnCzzB7GaSf+tPV+yDDukSYzEWWRAk0Vs0Px+r0UxVw5A8bqZs |
| dnPas6C2O1zHT2Yy3r0dAkBECZDJaFhADFPSex8UrUrIidJaz8NLdyDiuwXKjc/c |
| AmlLQXKntU4M5EIE6jz0Gf1ivw06pvTDOCDWlDxJRvf8 |
| -----END RSA PRIVATE KEY-----</code></pre> |
| <pre><code> |
| -----BEGIN PUBLIC KEY----- |
| MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCxMwUfjQbppE2EK4T2IDuiLRvZ |
| 4opSwJwxani/5Ii5VbqMQRfoedUMuczK5qKJuIupTnh9AhJfaAsGUSruCVlGYXq6 |
| bqfak3XGHGu4s0rAXRM6Y3usgy8RyxfWQqtYbEZPIwkLGPbPeIh2t8s3mL9fD9+t |
| pO5H1Kc+9MBTMm7qnQIDAQAB |
| -----END PUBLIC KEY----- |
| </code></pre> |
| |
| <p>Beside above steps, online tools such as <a href="https://www.sparkpost.com/resources/tools/dkim-wizard/">DKIM Wizard</a> can help you easily create a public and private key pair to be used for DomainKeys and DKIM signing. </p> |
| |
| |
| <header class="major"> |
| <h1><b>Create DKIM TXT record</b></h1> |
| </header> |
| <p>Log in your Domain Control Panel and create a TXT Record:</p> |
| |
| <pre><code>Record Type: TXT Record |
| Host Name: james3._domainkey |
| Text: v=DKIM1; k=rsa; p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNAD[...Your Public Key...] |
| </code></pre> |
| |
| <h1><b>Configure DKIMSign mailet</b></h1> |
| |
| <p>Lastly, you need to add a maillet to the <code>mailetcontainer.xml</code> in the /conf file of Apache James.</p> |
| |
| |
| |
| <pre><code>[...] |
| <processors> |
| <processor state="relay" enableJmx="true"> |
| <mailet match="All" class="org.apache.james.jdkim.mailets.DKIMSign"> |
| <signatureTemplate>v=1; s=james3; d=domain.example.com ; h=from : reply-to : subject : date : to : cc : resent-date : resent-from : resent-sender : resent-to : resent-cc : in-reply-to : references : list-id : list-help : list-unsubscribe : list-subscribe : list-post : list-owner : list-archive; a=rsa-sha256; bh=; b=;</signatureTemplate> |
| <privateKey> |
| -----BEGIN RSA PRIVATE KEY----- |
| [Your Private Key] |
| -----END RSA PRIVATE KEY----- |
| </privateKey> |
| </mailet> |
| </processor> |
| </processors> |
| [...]</code></pre> |
| |
| <h1><b>Verifying DKIM Record</b></h1> |
| <p>To query the DKIM key, you will have to know the DKIM selector:</p> |
| |
| <pre><code>$ dig txt james3._domainkey.domain.example.com |
| ; <<>> DiG 9.16.1-Ubuntu <<>> txt james3._domainkey.domain.example.com |
| ;; global options: +cmd |
| ;; Got answer: |
| ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 39673 |
| ;; flags: qr rd ad; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 0 |
| ;; WARNING: recursion requested but not available |
| |
| ;; QUESTION SECTION: |
| ;james3._domainkey.domain.example.com IN TXT |
| |
| ;; ANSWER SECTION: |
| james3._domainkey.domain.example.com. 0 IN TXT "v=DKIM1; k=rsa; p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNAD[...Your Public Key...]" |
| [...]</code></pre> |
| </div> |
| |
| |
| |
| </div> |
| <footer class="major"> |
| <ul class="actions align-center"> |
| <li><a href="index.html" class="button">go back to other how-tos</a></li> |
| </ul> |
| </footer> |
| </section> |
| </div> |
| |
| |
| |
| <!-- |
| Licensed to the Apache Software Foundation (ASF) under one |
| or more contributor license agreements. See the NOTICE file |
| distributed with this work for additional information |
| regarding copyright ownership. The ASF licenses this file |
| to you under the Apache License, Version 2.0 (the |
| "License"); you may not use this file except in compliance |
| with the License. You may obtain a copy of the License at |
| |
| http://www.apache.org/licenses/LICENSE-2.0 |
| |
| Unless required by applicable law or agreed to in writing, |
| software distributed under the License is distributed on an |
| "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY |
| KIND, either express or implied. See the License for the |
| specific language governing permissions and limitations |
| under the License. |
| --> |
| |
| <footer id="footer" class="major"> |
| <section> |
| <h2>James</h2> |
| <ul class="no-padding"> |
| <li class="no-padding"><a href="https://james.apache.org/#intro" class="active">About</a></li> |
| <li class="no-padding"><a href="https://james.apache.org/#first">Get Started</a></li> |
| <li class="no-padding"><a href="https://james.apache.org/#posts">Last Posts</a></li> |
| <li class="no-padding"><a href="https://james.apache.org/#second">Community</a></li> |
| <li class="no-padding"><a href="https://james.apache.org/#third">Contribute</a></li> |
| <li class="no-padding"><a href="https://james.apache.org/"><span class="fa fa-external-link"></span> Documentation</a></li> |
| </ul> |
| </section> |
| <section> |
| <h2>Connect</h2> |
| <ul class="icons"> |
| <li><a href="https://james.apache.org/mail.html" class="icon fa-envelope-o alt"><span class="label">Mailing-list</span></a></li> |
| <li><a href="https://gitter.im/apache/james-project" class="icon fa-wechat alt"><span class="label">Gitter</span></a></li> |
| <li><a href="https://github.com/apache/james-project" class="icon fa-github alt"><span class="label">GitHub</span></a></li> |
| <li><a href="https://twitter.com/ApacheJames" class="icon fa-twitter alt"><span class="label">Twitter</span></a></li> |
| <li><a href="https://james.apache.org/support.html" class="icon fa-briefcase alt"><span class="label">Support</span></a></li> |
| <li><a href="http://www.apache.org/events/current-event" class="icon fa-calendar alt"><span class="label">Apache Foundation events</span></a></li> |
| </ul> |
| </section> |
| <section class="legal-section"> |
| <h2>Copyright</h2> |
| Apache James and related projects are trademarks of the Apache Software Foundation.<br/> |
| <a href="https://www.apache.org/">Copyright 2006-2021 The Apache Software Foundation. All Rights Reserved.</a><br/> |
| <a href="https://www.apache.org/licenses/">License</a><br/> |
| <a href="https://www.apache.org/foundation/sponsorship.html">Donate</a> to support the Apache Foundation<br/> |
| <a href="https://www.apache.org/foundation/thanks.html">Thanks</a><br/> |
| Design: <a href="https://html5up.net">HTML5 UP</a><br/> |
| Thanks to <a href="http://www.neoma-interactive.com/">Neoma by Linagora</a> for the website design |
| </section> |
| </footer> |
| </div> |
| |
| </body> |
| </html> |