DKIM Implementation Walkthrough

1

Key Generation

# Generate private key
openssl genrsa -out dkim.private 2048

# Extract public key
openssl rsa -in dkim.private -pubout -out dkim.public
2

DNS Configuration

; Selector: default._domainkey
default._domainkey.example.com. IN TXT 
"v=DKIM1; k=rsa; p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQC0Jct..."
3

Server Integration

# Postfix main.cf
milter_default_action = accept
milter_protocol = 2
smtpd_milters = inet:localhost:8891
non_smtpd_milters = inet:localhost:8891

Key Rotation Schedule

Standard

2048-bit RSA
Rotate every 90 days

High Security

4096-bit RSA
Rotate every 30 days

Experimental

ED25519
Rotate every 7 days

Troubleshooting Table

IssueDiagnostic CommandSolution
Missing DNS Recorddig +short txt default._domainkeyVerify DNS propagation
Signature Mismatchopendkim-testkey -d example.comCheck private key alignment
Expired Keyopendkim-testkey -vRotate keys immediately