Configuring DNS for DKIM

Adding a DKIM record to your DNS

The process of adding a DKIMDomainKeys Identified Mail - An authentication method that signs outgoing messages from Kerio Connect with a special signature for identification. record to your DNSDomain Name System - Enables the translation of hostnames to IP addresses and provides other domain related information. may vary according to your provider.

To add your DKIM public key to DNS, you can:

  • ask your provider to add the record for you
  • do it yourself in your DNS administration

You can find the public key in Kerio Connect. The key includes two parts:

  • Record name (or selector), for example: mail._domainkey.feelmorelaw.com.
  • TXT value, forexample: v=DKIM1; p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDfl0chtL4siFYCrSPxw43fqc4z Oo3N+Il220oK2Cp+NZw9Kuvg8iu2Ua3zfbUnZWvWK4aEeooliRd7SXIhKpXkgkwn AB3DGAQ6+/7UVXf9xOeupr1DqtNwKt/NngC7ZIZyNRPx1HWKleP13UXCD8macUEb bcBhthrnETKoCg8wOwIDAQAB

NOTE

The public key TXT value consists of one single line of text.

The DKIM public key is the same for all domains on a single server (in a single Kerio Connect).

The DKIM public key in Kerio Connect is 2048-bit. Some providers may restrict the length of the key (the TXT value) — read section Creating a short DKIM public key to get detailed information.

Domain aliases

If a domain includes aliases, also add DNS record for DKIM to all aliases.

Acquiring DKIM public key in Kerio Connect

  1. In the administration interface, go to section Configuration > Domains.
  2. Double-click your domain and go to tab General.
  3. Click the Show public key button. This opens a dialog with you domain public key.
  4. Copy the text to create your DNS DKIM record. Make sure the record contains the whole text.

Creating a short DKIM public key

Kerio Connect includes a 2048-bit DKIM public key. If the public key is too long (some providers may restrict the length of the TXT value), you can use an online DKIM key creator to create a 1024-bit key. See an example below.

Generating a short DKIM key with DKIM wizard

  1. Go to the DKIM wizard page.
  2. Fill in your Domain name and DomainKey Selector (use mail).
  3. Select Key size1024.
  4. Click Generate.

The page will display your public and private keys. Now, add the private key to Kerio Connect.

Adding a new private key to Kerio Connect

  1. Stop the Kerio Connect server.
  2. Go to Kerio Connect's installation directory to folder sslcert/dkim.
  3. Copy the generated private key to file private.key.

NOTE

We recommend backing up the original private key.

  1. Start the Kerio Connect server.

Kerio Connect will now show the shorter public key in the domain's configuration. You can now create the DNS DKIM record with the new public key.

If you use distributed domains, make sure the new private key is available on all servers.

BIND DNS server

If you use a BIND DNS server, you can split the original Kerio Connect DKIM public key TXT value by using the following format:

TXT ( "part 1" "part 2" ... "part x")

Example:

TXT ("v=DKIM1;" "p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDfl0chtL4siFYCrSPxw43fqc4z" "Oo3N+Il220oK2Cp+NZw9Kuvg8iu2Ua3zfbUnZWvWK4aEeooliRd7SXIhKpXkgkwn" "AB3DGAQ6+/7UVXf9xOeupr1DqtNwKt/NngC7ZIZyNRPx1HWKleP13UXCD8macUEb" "bcBhthrnETKoCg8wOwIDAQAB")