/munetakaJupyterHub/Computer/2024/MailServer/03-DKIM

§2024-09-24

[DNS DKIM Record Lookup](https://dnschecker.org/dkim-record-checker.php?query=yushei.net&selector=mail

DKIM (DomainKeys Identified Mail) and DMARC (Domain-based Message Authentication, Reporting, and Conformance)

Step 1: Generate DKIM Keys Manually

alexlai@mail:~/build/DKIM_DMARC$ pwd
/home/alexlai/build/DKIM_DMARC

alexlai@mail:~/build/DKIM_DMARC$ openssl genpkey -algorithm RSA -out private.key -pkeyopt rsa_keygen_bits:2048
.........+.....+......+.........+......+.+.....+...+......+......+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++*....+.+..............+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++*........+...............+....+...+.....+...........................+..........+..+....+...........+.+.....+....+...+.....+...+...+....+........+.........+....+..+.........+..........+......+..+.+......+........+......+.+.....+......+.......+...........+......+....+............+..+.+..+...............+.......+......+......+...+.....+............+..........+...+...+..+.......+......+...+..+...+....+..+.+.........+...+..+....+.....+.......+..+...+...+....+......+.....+......+................+..+...+.........+.....................+.........+...+......+....+...+..+...+...+.+.........+....................+......+..........+..................+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
...............+..+.+...+...........+......+....+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++*.....+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++*..+.....+......+....+...+............+......+.....+.+......+...+..+....+...+........+....+.........+............+..+..........+............+...+............+...+..+....+...............+...........+...+...+..........+....................+....+.....+...+...+....+...+...+..+.......+.....+...+.......+........+.+..............+...+...+...............+................+...........+..........+...+..+...+......+....+.....+..........+.....+.......+..............+......+...+....+..+..........+..............+.......+..+.......+...+...+..+.......+........+...+...+.+...+...........+.+...+...........+......+...+.+.........+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
alexlai@mail:~/build/DKIM_DMARC$ openssl rsa -pubout -in private.key -out public.key
writing RSA key
alexlai@mail:~/build/DKIM_DMARC$ ls
private.key  public.key

$ cat public.key 
-----BEGIN PUBLIC KEY-----
MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmT0vFIGpAUrCnBPU24b7
YxRONjRPYCnTHnKjwttSjbYF1vC0mAN64831E0QRGZwX+8wzbkXHSqusVtNf5/dj
/HmfvoHMtfh+NTI3utpTbIsYbdaiDzRhLEhzXC0hW/8hNayDrJ0XOjFmvO9tS9Km
480YxO4aszWfw2eIOKZIRPSBf2Ii2SlsvXZh64wrT3T7x6i3MX25Z630zbHAapK0
J+D2uC8XAwtKoG12rkJ0NdxrM3h1BzCsOKT6pCCpMamWicFdimD04RnW2P+hj7xU
Cm5ElKcJnCrkJTV+sHMqM0tRMnMG5j4PRgaNsjC+rebAEIgXLMx7FoP9KsmWj9oF
1wIDAQAB
-----END PUBLIC KEY-----

MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmT0vFIGpAUrCnBPU24b7YxRONjRPYCnTHnKjwttSjbYF1vC0mAN64831E0QRGZwX+8wzbkXHSqusVtNf5/dj/HmfvoHMtfh+NTI3utpTbIsYbdaiDzRhLEhzXC0hW/8hNayDrJ0XOjFmvO9tS9Km480YxO4aszWfw2eIOKZIRPSBf2Ii2SlsvXZh64wrT3T7x6i3MX25Z630zbHAapK0J+D2uC8XAwtKoG12rkJ0NdxrM3h1BzCsOKT6pCCpMamWicFdimD04RnW2P+hj7xUCm5ElKcJnCrkJTV+sHMqM0tRMnMG5j4PRgaNsjC+rebAEIgXLMx7FoP9KsmWj9oF1wIDAQAB

Step 2. DMARC Setup

DMARC allows you to specify how your domain handles authentication failures (e.g., if SPF or DKIM fails) and gives you feedback on your domain's email authentication activity.

Step 1: Create DMARC Record Log in to your DNS provider and add a new TXT record for DMARC.

Host/Name: _dmarc Type: TXT Value: Define your DMARC policy. A basic DMARC policy looks like: css Copy code v=DMARC1; p=none; rua=mailto:postmaster@yushei.net; ruf=mailto:admin@yushei.net; pct=100 Here’s what the tags mean:

v=DMARC1: Specifies this is a DMARC record. p=none: The policy that specifies what to do with unauthenticated emails (none, quarantine, or reject). rua=mailto:postmaster@yushei.net: The email address to send aggregate reports. ruf=mailto:admin@yushei.net: The email address to send forensic reports. pct=100: Apply this policy to 100% of emails.

DNS_Checker_DKIM_lookup-01