how to create DKIM private key and public key - ORF Forums

how to create DKIM private key and public key RSS Back to forum

1

Now I'm testing ORF 6.61 and deploy the DMRAC, and used ORF + IIS SMTP front-end to relay outbound emails。
How to get DKIM private key and public key , and public the DKIM/DMARC TXT record 。

by Monkeenmao 2 years ago
2

and DKIM Setting for Outgoing Messages on ORF6.6.1 ?

by Monkeenmao 2 years ago
3

@Monkeenmao: Hello Monkeenmao,

As of v6.6.1, ORF can verify the DKIM signature(s) in incoming emails, but it cannot sign outbound messages. This feature will be added in a future update.

As for the DKIM and DMARC TXT records, they should be published in the zone file of the DNS server authoritative for your domain, under the following locations:

DMARC: _dmarc.your-domain.com
DKIM: your-dkim-selector._domainkey.your-domain.com

I hope this helps.

by Daniel Novak (Vamsoft) 2 years ago
(in reply to this post)

4

@Daniel Novak (Vamsoft): Thanks for your comments!
ORF v6.6.1 can not sign outbound message, this means DKIM private key and public key can not been produced on ORF server.
message receiver can not verify the mail DKIM. it's right?

by Monkeenmao 2 years ago
(in reply to this post)

5

@Monkeenmao: You can generate and export the private key for DKIM using the key generator on the "ARC Signing" page (ORF Administration Tool > ARC Signing > Key button ), because ARC uses the same keys as DKIM. You can also use the generated DNS TXT record too.

by Daniel Novak (Vamsoft) 2 years ago
(in reply to this post)

6

@Daniel Novak (Vamsoft): thanks!
If enable SPF/DMIM/ DMARC under the authentication , the arrived email will be filtered from SPF to DKIM ,then DMARC。 it's right? what‘s your advice?

by Monkeenmao 2 years ago
(in reply to this post)

7

@Monkeenmao: When the DMARC test is enabled *and* the domain in the "Author" email address has a published DMARC record, ORF performs only the DMARC Test (which includes the SPF and DKIM tests, but when these are run as part of the DMARC Test, their results don't trigger any filtering action - instead they are used as "helpers" to produce the DMARC Test result).

If the author's domain has no DMARC record, ORF performs the SPF and DKIM tests (if the corresponding DNS records exist) and evaluates their results separately. The order is always DMARC Test > SPF Test > DKIM Test.

I hope this clarifies your question.

by Daniel Novak (Vamsoft) 2 years ago
(in reply to this post)

8

thanks!
Now we use the message outing as IIS smtp +ORF, ORF be able to set DKIM on messages going out? maybe the next version?

by Monkeenmao 2 years ago
9

@Monkeenmao: We are planning to add a DKIM signing module to ORF in a future release, but there is no ETA yet, I am afraid. The next release (v6.7) is not going to include this feature.

by Daniel Novak (Vamsoft) 2 years ago
(in reply to this post)

New comment

Fill in the form below to add a new comment. All fields are required. If you are a registered user on our site, please sign in first.

It will not be published.
hnp1 | hnp2