DKIM/DomainKEY settings if using Google Apps
-
mehargags
- Support team
- Posts: 1096
- Joined: Sat Sep 06, 2014 9:58 pm
- Contact:
- Os: Debian 8x
- Web: apache + nginx
DKIM/DomainKEY settings if using Google Apps
I Have my DNS outside of VestaCP Server, and the domain hosted is using incoming Emails via Google apps. however the website generates and send a lot of mail from the PHP app, I want to know what I shall put in my DNS so that the mail generated from my VestaCP server (PHP generated) lands well and not marked SPAM
by Default VestaCP creates this in its DNS records when DKIM support is checked
should these be copied to my external DNS?
Are PHP Generated mails signed with domainkey/DKIM or not ?
I do have the SP4 with IPv4 set in my DNS properly. is that enought ?
Thanks alot
by Default VestaCP creates this in its DNS records when DKIM support is checked
Code: Select all
mail._domainkey TXT "k=rsa; Code: Select all
p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCZHHdiKNdEbN3tMJTKqW0BxjLZi1c76Cb+aRfhc1tNE57bfjw59S96bXJc1U+s4S9zR3J3GkHk/4uIRL13XX0rwNwFCJ35Bq2EFGb0DmFPT+5jHoUKJwZLAqJjfHhbU9oz+5JsYh38dAOp2sp6afpJrp9n3V5cMhEujsSk3dsaQwIDAQAB"Code: Select all
_domainkey TXT "t=y; o=~;"Are PHP Generated mails signed with domainkey/DKIM or not ?
I do have the SP4 with IPv4 set in my DNS properly. is that enought ?
Thanks alot
Re: DKIM/DomainKEY settings if using Google Apps
I think there is another way to solve this problem.
When you use extternal mail like Google mail (Google apps) or Yandex mail for domain (lile me), you have two ways:
1) external smtp (it's options, nothing more)
2) or use DKIM
Let's chose second way. We alreade have DKIM support from Google. If we have to sign mail with google dkim, we have to obtain private RSA key (I don't understand how) and we must use DKIM public and private keys from google only. But we have dkim selectors and we can change selector in exim -> /etc/exim4/exim4.conf.template (for debian, in centos conf file may be have another location) -> from
to
Restart exim and then add in your DNS (external and local) new TXT record -- vmail._domainkey
All your mail will be signed by local dkim and in DNS you already have proof, that's mail from your server and signed by your MTA. It's works by the way, I checked this myself in Gmail and Yandex.mail.
PS: Don't forget, you must have correct SPF record too. It's important.
When you use extternal mail like Google mail (Google apps) or Yandex mail for domain (lile me), you have two ways:
1) external smtp (it's options, nothing more)
2) or use DKIM
Let's chose second way. We alreade have DKIM support from Google. If we have to sign mail with google dkim, we have to obtain private RSA key (I don't understand how) and we must use DKIM public and private keys from google only. But we have dkim selectors and we can change selector in exim -> /etc/exim4/exim4.conf.template (for debian, in centos conf file may be have another location) -> from
Code: Select all
dkim_selector = mailCode: Select all
dkim_selector = vmailAll your mail will be signed by local dkim and in DNS you already have proof, that's mail from your server and signed by your MTA. It's works by the way, I checked this myself in Gmail and Yandex.mail.
PS: Don't forget, you must have correct SPF record too. It's important.
-
mehargags
- Support team
- Posts: 1096
- Joined: Sat Sep 06, 2014 9:58 pm
- Contact:
- Os: Debian 8x
- Web: apache + nginx
Re: DKIM/DomainKEY settings if using Google Apps
Ok thanks.
slightly different scenario, Can you tell me how I can make System Generated (Php & code) Email to land safely in hotmail, gmail and other services.
I know how to set ip4 x.x.x.x in the spf for this tast, is there a way to DKIM Sign the Php generated mails ?
that raises another questions, how to setup this for different domains hosted ?
Is there a way Exim can sense the mail being called from, and properly sign the outgoing mail with appropriate key ??
Sorry if I'm asking too much, I will be happy to clear up more thoughts on this if I'm not clear on the questions.
Thanks
slightly different scenario, Can you tell me how I can make System Generated (Php & code) Email to land safely in hotmail, gmail and other services.
I know how to set ip4 x.x.x.x in the spf for this tast, is there a way to DKIM Sign the Php generated mails ?
that raises another questions, how to setup this for different domains hosted ?
Is there a way Exim can sense the mail being called from, and properly sign the outgoing mail with appropriate key ??
Sorry if I'm asking too much, I will be happy to clear up more thoughts on this if I'm not clear on the questions.
Thanks
-
mehargags
- Support team
- Posts: 1096
- Joined: Sat Sep 06, 2014 9:58 pm
- Contact:
- Os: Debian 8x
- Web: apache + nginx
Re: DKIM/DomainKEY settings if using Google Apps
on another note... is there a way you can DKIM sign the outgoing mails generated by PHP Mail() ??
Since PHP and Apache2 both run as a "user" on the system, there must some way for Exim to know the request coming in and Sign the outgoing mails generated through PHP.
Since PHP and Apache2 both run as a "user" on the system, there must some way for Exim to know the request coming in and Sign the outgoing mails generated through PHP.
Re: DKIM/DomainKEY settings if using Google Apps
If you find another way, tell me too.