Quantcast

need little help with DKIM, if possible.

Previous Topic Next Topic
 
classic Classic list List threaded Threaded
3 messages Options
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

need little help with DKIM, if possible.

Fazzina, Angelo

Hi,

I ran this.

opendkim-genkey -v -D /etc/opendkim/keys/uconn/ -d uconn.edu -s 2017_uconn_DKIM

which created the private key and selector name

 

 

I created an entry in DNS and it shows up when I run this.

dig any mta4.uits.uconn.edu

 

My issue is how do I get this command to work ?

dig 2017_uconn_DKIM._domainkey.mta4.uits.uconn.edu TXT

 

 

I am learning by reverse engineering the fact that I saw this worked.

dig google._domainkey.protodave.com TXT

got it from here. https://protodave.com/security/checking-your-dkim-dns-record/

 

Anyone with time to help thanks, if your too busy no problem.

-ALF

 

P.S. this is all POC stuff not in production.

 

 

 

-Angelo Fazzina

Operating Systems Programmer / Analyst

University of Connecticut,  UITS, SSG, Server Systems

860-486-9075

 

Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: need little help with DKIM, if possible.

Wietse Venema
Fazzina, Angelo:

> Hi,
> I ran this.
> opendkim-genkey -v -D /etc/opendkim/keys/uconn/ -d uconn.edu -s 2017_uconn_DKIM
> which created the private key and selector name
>
>
> I created an entry in DNS and it shows up when I run this.
> dig any mta4.uits.uconn.edu
>
> My issue is how do I get this command to work ?
> dig 2017_uconn_DKIM._domainkey.mta4.uits.uconn.edu TXT

Works for me, and I tried all three hosts with the NS record for
uconn.edu.
>
> I am learning by reverse engineering the fact that I saw this
> worked.  dig google._domainkey.protodave.com TXT got it from here.
> https://protodave.com/security/checking-your-dkim-dns-record

Reverse engineering is not needed. All internet protocol specs are
on-line, available at no cost other than your Internet connection.

        Wietse
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: need little help with DKIM, if possible.

Doug-2
In reply to this post by Fazzina, Angelo

--------------------------------------------
On Thu, 3/16/17, Fazzina, Angelo <[hidden email]> wrote:

 Subject: need little help with DKIM, if possible.
 To: "[hidden email]" <[hidden email]>
 Date: Thursday, March 16, 2017, 12:19 PM

 Hi,  I ran this.
 opendkim-genkey -v -D /etc/opendkim/keys/uconn/ -d uconn.edu -s 2017_uconn_DKIM
 which created the private key and selector name

[] That selector name is inappropriate. If you want to use something that long, use dashes instead of underscores. But there is no reason to use something that complicated. I just use 'dkim' for mine.  

 I am learning by reverse engineering

[] Don't do that. :)  Different sites have different needs, and you really don't need anything as complex as Google's.
   
This is a pretty good tutorial for a single domain:
https://help.ubuntu.com/community/Postfix/DKIM

Obviously you can ignore the Ubuntu-specific parts if you're not using Ubuntu. Also, I would not use autorestart, see the man page for why. If you are setting up multiple domains the configuration is slightly more complex, but still not that difficult.

In regards to your DNS question, assuming you pick 'dkim' for your selector, and your domain is 'uconn.edu' you would want to put the following record in the uconn.edu zone file:

dkim._domainkey TXT     ( "v=DKIM1; k=rsa; t=y;"
"p=<key stuff goes here>;" )

When you're done testing you can remove t=y; from the above example.

hope this helps,

Doug
Loading...