It seems almost impossible to sign outgoing emails with DKIM / DomainKey. I have spent a couple of hours trying, and did not succeed.
There are no extensions for doing this, and there are no straightforward way to do this.
I want to know if it's possible at all, and if so, how to do it?
Help get this topic noticed by sharing it on Twitter, Facebook, or email.
You need both: access to the DNS TXT record and access to the mailserver setup - with postfix: mail.cf
The public key generated with a keygen tool description for debian/ubuntu here:
is set up at the TXT record either of your domain name or your MX record.
The private key is kept secert on your server (limited access to users) and is used to generate a single key which can be check at the recipient side against the public key. (result: pass - not passed)
It is not difficult - but needs some experience in setting up a mailserver.
For the other way round a "milter" is reqired - i suggest the use of milter-manager.
This needs more experience as the milter porcess has to be fully understood.
Also the way local ports are used to pass the data to an other process and back to the mailserver (postfix) needs to be understood .. otherwise the mail gets stuck.
To check unprocessed / the success of filtering mail I use webmin ..
Finally: also spamassassin can "learn" to filter out DKIM signed mail with a wrong key phrase.
That is the most elegant way: so a false / faked phrase would receive the subject text SPAM.
Hint: to run a successful mailserver you need a static IP + an rDNS entry which is according your MX record.