Digitally Sign Your Email with DKIM
Digitally sign your email with DKIM (DomainKeys Identified Mail) and help prevent email spoofing on your side. DKIM adds a private key which stays in your server and a public key that stays in your DNS record. The outgoing email header that you send gets encrypted and the recipient servers then retrieve the public key to decrypt the incoming headers and verify that the messages really comes from your domain and was not altered while it is on transit.
What are the advantages of signing your emails?
- Google will accept your emails and probably most email servers on the world
- Gmail won’t put your email on the spam folder
- Most email server won’t mark your email as spam unless you people reports your email address/host to spam filters.
- You can easily differentiate forge mails
- Email servers now imposes email signing and may soon reject non-signed emails, take for example Google
Install DKIM on your centOS server (RHEL) by issuing a “yum install” command. Honestly, way so lazy to check each dependency so I just let yum figure it out for me.
yum install opendkim -y
The -y parameter tells our yum installer to accept yes as a default response for all installer questions if that choice is available.
For simplicity, I allowed Virtualmin to install the package for me. There is virtually no difference if you issue the same command on your SSH connection or if you allow Virtualmin to install it for you.
Setup Using Virtualmin
Activating DKIM on Virtualmin is relatively easy if you follow the following steps.
- Login to your Virtuamin panel
- Go to Virtualmin tab and select “Email Messages”
- Open up “DomainKeys Identified Mail”
- Click “Yes” for “Signing of outgoing mail enable”
- (Optional) CLick “Yes” for “Reject incoming email with invalid DKIM signature?”. Warning: some incoming emails will be lost but it does not matter, they are probably spam anyway
- Select the Size of the DKIM key and make sure you supplied the correct domain in the “domains to sign for”
- Click save and DKIM will generate a new key for you and insert the public key to your DNS
Virtualmin will ask you to recheck the virtual server configuration after completing the steps above and potentially generate a warning of “Virtualmin is configured to setup DNS zones but this system is not setup to use itself as a DNS server“. Fixing this warning is pretty easy by opening the Webmin tab and going to “Networking->Network Configuration->Hostname and DNS client->DNS Servers” and add 127.0.0.1 to the DNS servers. Click save and error will go away.
For more info on DKIM, kindly visit their official website DKIM