Configuring DNS for DKIM
Adding a DKIM record to your DNS
The process of adding a DKIMDomainKeys Identified Mail - An authentication method that signs outgoing messages from Kerio Connect with a special signature for identification. record to your DNSDomain Name System - Enables the translation of hostnames to IP addresses and provides other domain related information. may vary according to your provider.
To add your DKIM public key to DNS, you can:
- ask your provider to add the record for you
- do it yourself in your DNS administration
You can find the public key in Kerio Connect. The key includes two parts:
- Record name (or selector), for example:
mail._domainkey.feelmorelaw.com
. - TXT value, forexample:
v=DKIM1; p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDfl0chtL4siFYCrSPxw43fqc4z Oo3N+Il220oK2Cp+NZw9Kuvg8iu2Ua3zfbUnZWvWK4aEeooliRd7SXIhKpXkgkwn AB3DGAQ6+/7UVXf9xOeupr1DqtNwKt/NngC7ZIZyNRPx1HWKleP13UXCD8macUEb bcBhthrnETKoCg8wOwIDAQAB
NOTE
The public key TXT value consists of one single line of text.
The DKIM public key is the same for all domains on a single server (in a single Kerio Connect).
The DKIM public key in Kerio Connect is 2048-bit. Some providers may restrict the length of the key (the TXT value) — read section Creating a short DKIM public key to get detailed information.
Domain aliases
If a domain includes aliases, also add DNS record for DKIM to all aliases.
Acquiring DKIM public key in Kerio Connect
- In the administration interface, go to section Configuration > Domains.
- Double-click your domain and go to tab General.
- Click the Show public key button. This opens a dialog with you domain public key.
- Copy the text to create your DNS DKIM record. Make sure the record contains the whole text.
Creating a short DKIM public key
Kerio Connect includes a 2048-bit DKIM public key. If the public key is too long (some providers may restrict the length of the TXT value), you can use an online DKIM key creator to create a 1024-bit key. See an example below.
Generating a short DKIM key with DKIM wizard
- Go to the DKIM wizard page.
- Fill in your Domain name and DomainKey Selector (use
mail
). - Select Key size
1024
. - Click Generate.
The page will display your public and private keys. Now, add the private key to Kerio Connect.
Adding a new private key to Kerio Connect
- Stop the Kerio Connect server.
- Go to Kerio Connect's installation directory to folder sslcert/dkim.
- Copy the generated private key to file
private.key
.
NOTE
We recommend backing up the original private key.
- Start the Kerio Connect server.
Kerio Connect will now show the shorter public key in the domain's configuration. You can now create the DNS DKIM record with the new public key.
If you use distributed domains, make sure the new private key is available on all servers.
BIND DNS server
If you use a BIND DNS server, you can split the original Kerio Connect DKIM public key TXT value by using the following format:
TXT ( "part 1" "part 2" ... "part x")
Example:
TXT ("v=DKIM1;" "p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDfl0chtL4siFYCrSPxw43fqc4z" "Oo3N+Il220oK2Cp+NZw9Kuvg8iu2Ua3zfbUnZWvWK4aEeooliRd7SXIhKpXkgkwn" "AB3DGAQ6+/7UVXf9xOeupr1DqtNwKt/NngC7ZIZyNRPx1HWKleP13UXCD8macUEb" "bcBhthrnETKoCg8wOwIDAQAB")