Since Atmail 5.5 DKIM support is added to the mail-server version of the software.
DomainKeys Identified Mail (DKIM) lets an organization take responsibility for a message while it is in transit. Technically DKIM provides a method for validating a domain name identity that is associated with a message through cryptographic authentication. This can assist with marking your emails as "trusted" and guarantee a greater level of delivery and less false positives with spam-filters. Providers such as Gmail and other large ISP's validate DKIM headers, and we recommend admins adopt this practice to help with message integrity.
Should you wish for all outgoing messages sent from your server to be DKIM signed, follow the steps below.
1: Make sure you are running Atmail 5.5, otherwise upgrade your copy to the latest version. Verify your server has DKIM support compiled into Exim:
/usr/local/atmail//mailserver/bin/exim -dd 2>&1 | grep Experimental_DKIM
This should return:
Support for: crypteq iconv() OpenSSL Content_Scanning Experimental_DKIM
2: Create a new private/public pair key via the cmd-line:
openssl genrsa -out /usr/local/atmail/mailserver/dkim.key 1024 openssl rsa -in /usr/local/atmail/mailserver/dkim.key -out /usr/local/atmail/mailserver/dkim.public -pubout -outform PEM
3: View the contents of /usr/local/atmail/mailserver/dkim.public
-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDEYVlzEzrHH1ile+IYBZasjVTi n+kacOvmpiJGhxNuGKhTmOCrvLh4Z+eQp1Dvj7kJNUU3EF5nEbFl7WTb/Z3uxxET MImk47xX2eJdr/q98c+gJurZvlbpFuTT9JhXRmA8kkHZrARHUpsWZMsNt69ewgQK XaAKH1MH5I4y0+JsqQIDAQAB -----END PUBLIC KEY-----
4: Remove the --BEGIN and --END tags, and remove line breaks so the public key spans a single line. Add the following to your DNS server zone file:
mail._domainkey.yourdomain.com. IN TXT "v=DKIM1; g=*; k=rsa; p=MIGfMA0GCSqGSIb3DQE............KXaAKH1MH5I4y0+JsqQIDAQAB"
5: Open the Exim configure file, locate the transport "remote_smtp" and append the following.
remote_smtp: driver = smtp #
6: Restart your nameserver and the Atmail services ( /etc/init.d/atmailserver restart )
7: Via Webmail or an external mail-client, send a message via SMTP to an outside address. View the headers of the email and if successful, you will see the header lines:
Dkim-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;d=yourdomain.com; s=mail; h=MIME-Version:Message-ID:To:Reply-To:Content-Type:Date:Subject:From; bh=4WWVzoOsUWW0f4BYC2VHYfz2dQAB9PwjbTcHsvaaHrY=; b=GvkmrnJM1f2MhkRxZjTwKIPWTYmVUm//P2hqSw4eJ7izAo0GFunTddhlZ4UOWfBiObJj7+E8OGcVjyoMKj+4bNVhPqaMEi3Iidzexn8uqYbM+1vGCUf7b1tg10C+dzfdnsQIiGrkAYYlMvWGefhDlRhFq0OQfI1sDYN7pMMoqeQ= You can also test the DKIM header is successful by emailing email@example.com , on success you will receive an autoreply, otherwise a returned mail "Bad DKIM header"
This will be natively supported in Atmail 5.6 due Dec 2008 - In the meantime these changes can be made to any existing Atmail 5.5 installation with DKIM support.