Applies to:
- Webuzo 2.3.4
- Centos 6.5 64bit
- Exim 4.72
- A dedicated server having its own IP
(*) It should work for different setups with minor adjustments.
Detail: I couldn't find a guide detailing steps to do it and had to spend 2-3 hours on how to do it. I didn't even know what "DKIM" or "SPF" meant before my email started being rejected by GMail and I stopped receiving emails from my WordPress without me changing anything.
Please note that I'm a novice in linux and that there may surely be an easier method to do this. I'm sharing as I really like Webuzo and I believe it may help others.
Steps:
1) Start an ssh session and go to /etc/exim/
(*) It's not required, but it'll help in the next few steps.
2) Generate a private and public key to sign your messages with openssl:
#openssl genrsa -out dkim.private.key 1024
(*) It works well if you get "Returned error code 0" and you see a file named "dkim.private.key" in that directory.
3) Extract the public key from the private key
#openssl rsa -in dkim.private.key -out dkim.public.key -pubout -outform PEM
(*) A new file named "dkim.private.key" will be created in this directory.
4) Open exim.conf to modify it:
Replace:
remote_smtp:
driver = smtp
With:
remote_smtp:
driver = smtp
dkim_domain = ${lc:${domain:$h_from:}}
dkim_selector = x
dkim_private_key = /etc/exim/dkim.private.key
dkim_canon = relaxed
(*) It allows all domains linked to this server to use DKIM and use the private key you just created. if you opt to change "dkim_selector" it'll need to be adjusted in later steps.
5) Restart Exim
(*) I go to "services" in Webuzo, but there are other options.
6) Adjust your DNS settings
6.1) If you don't have a mx record, create one:
Priority: 1
Host: @
Points to: @
6.2) Create a TXT setting specifying your SPF settings:
Host: @
txt value: v=spf1 a mx ip4:999.999.9.99 ip6:9999:9999:99:3a32:: ~all
(*) Adjust to your IPs. It's the only thing required for SPF to work.
6.3) Create a TXT setting specifying your DKIM:
Host: x._domainkey
txt value: v=DKIM1; p=<your public key>
(*) If you changed "dkim_selector" under "Host", "x" will need to be adjusted accordingly.
How to test:
-
https://www.dnswatch.info/dkim/create-dns-record
-
https://www.mail-tester.com/spf-dkim-check
Then: send an email from this address to an external email and check if both SPF and DKIM are specified correctly in the header. You should see "spf=pass" and "dkim=pass" as well as other configurations depending on which email provider you send to. Hotmail and GMail are both good to confirm these settings.