Configuring DNS for DKIM
Adding a DKIM record to your DNS
The process of adding a DKIMDomainKeys Identified Mail - An authentication method that signs outgoing messages from Kerio Connect with a special signature for identification. record to your DNSDomain Name System - Enables the translation of hostnames to IP addresses and provides other domain related information. may vary according to your provider.
To add your DKIM public key to DNS, you can:
- ask your provider to add the record for you
- do it yourself in your DNS administration
You can find the public key in Kerio Connect. The key includes two parts:
- Record name (or selector), for example:
- TXT value, forexample:
v=DKIM1; p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDfl0chtL4siFYCrSPxw43fqc4z Oo3N+Il220oK2Cp+NZw9Kuvg8iu2Ua3zfbUnZWvWK4aEeooliRd7SXIhKpXkgkwn AB3DGAQ6+/7UVXf9xOeupr1DqtNwKt/NngC7ZIZyNRPx1HWKleP13UXCD8macUEb bcBhthrnETKoCg8wOwIDAQAB
The public key TXT value consists of one single line of text.
The DKIM public key is the same for all domains on a single server (in a single Kerio Connect).
The DKIM public key in Kerio Connect is 2048-bit. Some providers may restrict the length of the key (the TXT value) — read section Creating a short DKIM public key to get detailed information.
If a domain includes aliases, also add DNS record for DKIM to all aliases.
- In the administration interface, go to section Configuration > Domains.
- Double-click your domain and go to tab General.
- Click the Show public key button. This opens a dialog with you domain public key.
- Copy the text to create your DNS DKIM record. Make sure the record contains the whole text.
Kerio Connect includes a 2048-bit DKIM public key. If the public key is too long (some providers may restrict the length of the TXT value), you can use an online DKIM key creator to create a 1024-bit key. See an example below.
- Go to the DKIM wizard page.
- Fill in your Domain name and DomainKey Selector (use
- Select Key size
- Click Generate.
The page will display your public and private keys. Now, add the private key to Kerio Connect.
- Stop the Kerio Connect server.
- Go to Kerio Connect's installation directory to folder sslcert/dkim.
- Copy the generated private key to file
We recommend backing up the original private key.
- Start the Kerio Connect server.
If you use distributed domains, make sure the new private key is available on all servers.
If you use a BIND DNS server, you can split the original Kerio Connect DKIM public key TXT value by using the following format:
TXT ( "part 1" "part 2" ... "part x")
TXT ("v=DKIM1;" "p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDfl0chtL4siFYCrSPxw43fqc4z" "Oo3N+Il220oK2Cp+NZw9Kuvg8iu2Ua3zfbUnZWvWK4aEeooliRd7SXIhKpXkgkwn" "AB3DGAQ6+/7UVXf9xOeupr1DqtNwKt/NngC7ZIZyNRPx1HWKleP13UXCD8macUEb" "bcBhthrnETKoCg8wOwIDAQAB")