How to enable DKIM in cPanel server.

DomainKeys Identified Mail (DKIM) lets an organization take responsibility for a message while it is in transit and one can use this to prevent from getting blacklisted by the free email providers like Yahoo, MSN and Google. DKIM can increase the mail authenticity.

cPanel does not have an interface to enable DKIM like we have for SPF and Domain Keys. cPanel is still working on it for getting it implemented. However we can enable it manually by following the below steps.

Check if exim is compiled with DKIM support enabled.



[bash]root@server # /usr/sbin/exim -dd 2>&1 | grep Experimental_DKIM[/bash]

[bash]Support for: crypteq iconv() IPv6 PAM Perl OpenSSL Content_Scanning Old_Demime Experimental_SPF Experimental_SRS
Experimental_DomainKeys Experimental_DKIM[/bash]

Generate the SSL keys
[bash]cd /usr/local/cpanel/etc/exim[/bash]

[bash]openssl genrsa -out dkim.key 1024[/bash]



[bash]openssl rsa -in dkim.key -out dkim.public -pubout -outform PEM[/bash]


You will find two keys, dkim.key & dkim.public

Open dkim.public and copy the contents excluding the –Begin– and –End– section. This is your DKIM key.  Now open exim configuration file and append the below entries under the section ‘remote_smtp’

Sample file: vi /etc/exim.conf

——————————-

[bash]remote_smtp:
driver = smtp
#
dkim_domain=your_domain_name.com
dkim_selector=mail
dkim_private_key=/usr/local/cpanel/etc/exim/dkim.key #path to the dkim.key key.
interface = ${if exists {/etc/mailips}{${lookup{$sender_address_domain}lsearch*{/etc/mailips}{$value}{}}}{}}
helo_data = ${if exists {/etc/mailhelo}{${lookup{$sender_address_domain}lsearch*{/etc/mailhelo}{$value}{$primary_hostname}}}
{$primary_hostname}}[/bash]

————————–

Now on WHM, open DNS editor for the particular domain and add the TXT entry with DKIM key like below.

————————–

[bash]mail._domainkey.domain_name.com. IN TXT "v=DKIM1; g=*; k=rsa;p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDv4PSEM9P
cxlI2tRojAUQ9hpRQ0Zj/XM4SK08/Drhm/CaspJAKZF9rZDAw18TrfuXeRgsMWAdS2vJ4Oa/kXqX0NM2eBJcmasu4GeNXANmXvC1umz+8mC6r
EPlE/Ucau4tmAHOZL0HJ9IDd/PIxoTkeTm3mjGeqvKBLbdvVIDXbcQIDAQAB"[/bash]

————————–

Here p=the_key_you_have_copied_from_dkim.public

Restart exim and named services.

[bash]/scripts/restartsrv exim[/bash]

[bash]/scripts/restartsrv named[/bash]

To check whether DKIM is setup properly, send a mail to dkimtest@atmail.org , if setup properly, you will get a reply like below ,else a failure message.

—————————————————-

Subject:    AutoReply from dkimtest@atmail.org

From:    spftest@your_domain_name.com

Date:    Sun, May 23, 2010 1:27 am

To:    spftest@your_domain_name.com

*** DKIM TEST SUCCESSFUL ***

—————————————————–

Or you can also test from http://www.brandonchecketts.com/emailtest.php

33 thoughts on “How to enable DKIM in cPanel server.

  1. Thanks for the great writeup. I've been looking all over for how to get DKIM working on cpanel and your tutorial was perfect.

    Will this setup survive cpanel/whm updates or does some of it need to be redone each time?

  2. I guess I spoke too soon. I'm not seeing the DKIM header added to outgoing messages. I already had domainkeys set up and that header is present. I suspect the differences in my exim.conf from the domainkeys configuration is causing it not to work but I haven't been able to nail down why yet.

    1. This should survive even after a WHM update I believe, since configurations are not re-written while updating.

      I was able to figure out the DKIM keys on mail header. Can you send a test mail to gmail and verify the header? Hope you have entered the configuration properly.

  3. I used the following because i have multiple domains which send using their unique IP's:

    dkim_domain=$sender_address_domain

    dkim_selector=mail

    dkim_private_key=/usr/local/cpanel/etc/exim/dkim.key

    I had to disable domain keys on each cPanel account and manually enter the dkim dns settings in WHM:

    mail._domainkey 14400 IN TXT "v=DKIM1; g=*; k=rsa; p=(whaterver your dkim.public contents were with no brackets);"

    It seems to be working!

    I can't believe the tools at cPanel are saying "Well we may just end up giving you one or the other" for the last what couple of years?? and we could already easily enable one of the two ourselves with this little tweak?

    Thanks

    1. @DKIM'r Thanks for your note :) I will modify the post and put your note to enable DKIM for multiple domains.

      I believe there are some licensing issues with DKIM that is keeping cPanel away from enabling this by default. Glad they cPanel exim is compiled to support DKIM by default ;) .

  4. I have done all steps (to single and after to multiple domains) and mails are not signed, what can i do? i dont see any error on /var/log/exim_mainlog :/

  5. hi

    I set up everything but when I send email in exim log file I get

    2010-12-27 22:19:32 1PXI8R-0002PJ-74 DKIM: signing failed (RC -101)

    and no dkim attach to my email where is the poroblems

  6. The best DKIM online tutorial. One question…

    Inside exim.conf: "dkim_domain=your_domain_name.com"

    That's for 1 domain only.

    What would put in if I also want to add dkim for: your_domain_name_2.com

    Can you please kindly provide the copy-paste solution. :)

    Thank you so much.

  7. I did follow step by step as the tut, but can't get it working. The DKIM header never show up? Do I have to wait for the DNS to up propagated world wide or something?

  8. Thanx for this great tip.

    From what I understand, this will install DKIM on a single domain.

    How do I configure the server if it's a shared hosting server (i.e. there are about 200 domains on the server) for each domain to have DKIM support?

  9. Followed the instructions above on cpanel… I removed domain keys from all sites, then followed the above instructions. I used the dkim_domain=$sender_address_domain for multiple domains, restarted exim and named and nothing is being signed.

    I then went in and change dkim_domain=mysite.com…. restarted both again… sent an email and nothing…

    Everything went smooth, however, nothing is getting signed… tested by sending email to gmail as well and it auto goes to the spam folder with no sig…

    Please help… really need to get this implemented for all domains, but would be happy if just one works for now…

    Anyone have any ideas!?

  10. Just spoke to cpanel and the changes made in exim.conf will be overwritten if there is an upgrade. You cannot edit in whm exim advanced editor because it does not support changing the remote_smtp transport… cpanel gave me this response :

    1. Create a file named /scripts/posteximup

    2. Give it permissions of 0700

    3. Place code inside that file that will change the remote_smtp transport

    to the one you wish to use. This can be shell scripting, or perl, or any other

    language you'd like.

    The "posteximup" hook is documented here:

    Service script hooks

    cPanel & WHM Script Hooks

    Basically it just says this:

    ~~~~~~~~~~~~~~~~~~~~~~~~~~

    Runs after Exim updates

    (post /scripts/eximup)

    ~~~~~~~~~~~~~~~~~~~~~~~~~~

    If anyone would like to tacke that please do so… it is over my head and laguages I am not familiar with… it would be nice to include this if it will just be wiped on an exim upgrade…

      1. or copy /etc/exim.conf to ‘somewhere else’ and create a file called /scripts/posteximup (chmod to 700) and put this code:

        scp -p ‘somewhere else’ /etc/exim.conf
        service exim restart

  11. Hey guys… first I want to thank everyone for the really awesome tutorial.

    I'm having some trouble with the 2rd step. When I open the EXIM advanced configuration file via WHM I cannot save the information in the file. I get an error stating driver SMTP not found.

    This is the information i'm trying to copy. Thoughts?

    `remote_smtp:

    driver = smtp

    #

    dkim_domain=your_domain_name.com

    dkim_selector=mail

    dkim_private_key=/usr/local/cpanel/etc/exim/dkim.key #path to the dkim.key key.

    interface = ${if exists {/etc/mailips}{${lookup{$sender_address_domain}lsearch*{/etc/mailips}{$value}{}}}{}}

    helo_data = ${if exists {/etc/mailhelo}{${lookup{$sender_address_domain}lsearch*{/etc/mailhelo}{$value}{$primary_hostname}}}

    {$primary_hostname}}

    `

  12. ^^^ please ignore the comment above. I was able to get around the smtp issue. I was saving the configuration changes in the wrong place.

    However i'm now getting the error:

    Error message from syntax check:

    2011-04-26 22:29:18 Exim configuration error in line 1144 of /etc/exim.conf.buildtest.work.lQ9WiSdEkvkwLLEA:

    option setting expected: {$primary_hostname}}

    Any thoughts? this is what I plugged in. I'm trying to enable this to work with multiple domains.

    remote_smtp:

    driver = smtp

    #

    dkim_domain=$sender_address_domain

    dkim_selector=mail

    dkim_private_key=/usr/local/cpanel/etc/exim/dkim.key #path to the dkim.key key.

    interface = ${if exists {/etc/mailips}{${lookup{$sender_address_domain}lsearch*{/etc/mailips}{$value}{}}}{}}

    helo_data = ${if exists {/etc/mailhelo}{${lookup{$sender_address_domain}lsearch*{/etc/mailhelo}{$value}{$primary_hostname}}}

    {$primary_hostname}}

    1. Mike, can I have the line numbers for the pasted lines? Also dkim_domain=example.com
      where example.com is the domain name for which DKIM has to be enabled.

    2. Followed all the steps this is the error i am getting/ Plz help

      Error message from syntax check:
      2012-03-06 23:26:02 Exim configuration error in line 1165 of /etc/exim.conf.buildtest.work.jRc38kDTtlB_xqHq:
      option setting expected: {$primary_hostname}}}

  13. Faheem,

    is this solution only for a single site? I havee a dedicated machine with 8 sites on it. If I can only use one site this is no good.

    Also, please look at my second example not the first. I need an answer to the error I was getting in the second.

  14. I try to add this at all. I done every thing very well but the test fails what to do? I have server with cPanel Centos OS
    Thank YOu

  15. The strangest thing.. And I’m pretty sure that the solution is fairly simple..

    I’m trying to install DKIM for one of my domain hosted on a dedicated server with cPanel WHM..

    I’m following this tutorial (http://techinterplay.com/enabled-dkim-cpanel-server.html) but the DKIM test is unsuccessful..

    Since I host the email for this domain name at Google Apps, I make the DKIM test from a simple php code by using the php mail() function

    What’s causing the failure of the DKIM? Thanks for your help!!

  16. In this part

    Open dkim.public and copy the contents excluding the –Begin– and –End– section. This is your DKIM key. Now open exim configuration file and append the below entries under the section ‘remote_smtp’

    Where can I find the key or what folder is it?

  17. I can see my changes to exim.conf in vi editor but when I go to the Exim advanced editor in WHM I do not see my changes. Any ideas?

  18. Hi everyone,

    Fantastic tutorial, thanks so much. I’ve been struggling to get it done, but thanks to your tuto, I got it up and running in no time!

    I have a small issue on which I’ve been pulling my hair out.
    I followed all the instructions religiously, but I get the following error when checking on brandoncheckkets:

    DKIM Signature

    Message contains this DKIM Signature:

    Signature Information:
    v= Version:
    a= Algorithm: rsa-sha1
    c= Method: nofws
    d= Domain: rehoba.com
    s= Selector: default
    q= Protocol: dns
    bh=
    h= Signed Headers: Received:User-Agent:Date:Subject:From:To:Message-ID:Thread-Topic:Mime-version:Content-type
    b= Data: keEigxrLWqujR1El3PWtB5/HQvrQZ4G8OYUsWJ1GlwIBwG4EOILMWTLf2cAvyboah6OEThw1G9fM/8fU5EUuudWd9S6s2ONSmEu+jkgSuRWSkLk+e5vUfcu9aWuf87/B
    Public Key DNS Lookup

    Building DNS Query for default._domainkey.rehoba.com
    Retrieved this publickey from DNS: v=DKIM1; g=*; k=rsa;p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDJOouIS9zVNj9QHkWGRrtEhd86Haff/KoTAU9VQN1D+1XIknsWBZTUNXMcihXVJ4fwnktcaG+1UTX5KfqRqIkaxqHVVtUon+mfCGyiOXlXM8mCONxl8PuhBH7bt/OF/ew9WhCQELiQdpmuu6Hl2lPi1vEKPPFRgV5gMMBbYT3zQIDAQAB

    Validating Signature

    result = invalid
    Details: public key: OpenSSL error: bad base64 decode

    Does anyone know what could be causing this ?

    Thanks!
    Greg

Leave a Reply

Your email address will not be published. Required fields are marked *

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>