Follow these steps to set up your own DKIM record:
Use the openssl genrsa
command. Run:
openssl genrsa -out private.pem 2048
The last argument is the size of the private key to generate in bits.
openssl rsa -in private.pem -pubout -outform PEM -out public.pem
A DKIM record is a TXT type DNS record that holds the public key part for verifying messages. Its format is defined in RFC 487128. The label for this record is composed as follows:
s._domainkey.d
where d is your domain name, and s is the selector you
chose to use. You will use these two values as parameters to the
dkim_sign
function in your eom
handler. E.g. if your
domain in ‘example.com’ and selector is ‘s2048’, then the
DKIM TXT record label is ‘s2048._domainkey.example.com’.
The public key file generated in step 2 will have the following contents:
-----BEGIN PUBLIC KEY----- base64 -----END PUBLIC KEY-----
where base64 is the key itself in base64 encoding. The minimal DKIM TXT record will be:
"v=DKIM1; p=base64"
The only mandatory tag is in fact ‘p=’. The use of ‘v=’ is recommended. More tags can be added as needed. In particular, while testing the DKIM support, it is advisable to add the ‘t=y’ tag.