This is simple!
I installed Qmail Toaster and then did the following:
cd /var/qmail/control/domainkeys mkdir [MY-DOMAIN-NAME.TLD] cd [MY-DOMAIN-NAME.TLD] dknewkey private » public.txt chmod 440 private cd .. chown -R root.vchkpw [MY-DOMAIN-NAME.TLD]
This gives you two things:
- A file called “private” that contains your private key for generating message hashes. Don’t give this out!
- A file called “public.txt” that contains the data to add to your DNS record.
Notes
The phrase “private” used above is actually what’s called the “selector” when it comes to DKIM or DomainKeys. Effectively, each domain can have multiple different public/private key pairs (each with their own ’selector’) that can be used to generate DKIM or DomainKeys message hashes.
The one that is used to sign (actually) depends on the configuration and set up of your sending mail server.
Receiving mail servers are told which public key to use via the ’s=’ section of the DKIM or DomainKeys header in the received mail.
To understand further, simply look at the contents of “public.txt”:
private._domainkey IN TXT "k=rsa; p=MEwwDQYJKoZIhvcNAQEBBQADOwAwOAIxAMNtJGxhM6rXJCc//y/LyzChfLaoqe4GXs9YkFtMV512i74eKtmvJtQ10mMNNFb8GQIDAQAB"
This tells us to create a DNS record of type TXT for the ’sub-domain’ private._domainkey (so this might be private._domainkey.phpsystems.co.uk) with the contents of that long string, but excluding then quote marks.
Don’t think this post tells you all you need to know about configuring DKIM/DomainKeys. More coming soon.