Networking - DNS - Bind - DKIM (Domain Keys Identified Mail)

Domain Keys Identified Mail (DKIM) helps you protect your company from email spamming and phishing attempts.

It provides a method for validating a domain name identity that is associated with a message through cryptographic authentication.

• A public key for each DKIM-protected domain is stored in DNS.
• The private key for each DKIM-protected domain is stored on your mailserver.

When a mail is sent a number of fields are hashed together, and that hash is then signed with the private key.

To validate an incoming message the receiver can see the from-address, perform the DNS-lookup necessary to find the public-key, and then repeat the hashing-process to compute the signature. If it matches then the result will be a “pass”.

The intention is that only somebody who has control of the DNS for a domain can send mail from it - because all others will be missing the private key, and unable to sign the message.

A DKIM signature is recorded as an RFC2822 header field for the signed message.

For example:

DKIM-Signature a=rsa-sha1; q=dns;
     d=example.com;
     i=user@eng.example.com;
     s=jun2005.eng; c=relaxed/simple;
     t=1117574938; x=1118006938;
     h=from:to:subject:date;
     b=dzdVyOfAKCdLXdJOc9G2q8LoXSlEniSb
     av+yuU4zGeeruD00lszZVoG4ZHRNiYzR

and configured as

selector._domainkey.example.com IN TXT "v=DKIM1;p=MIG…QIDAQAB"

Where the following parts are defined:

• `v=DKIM1`: This optional fragment identifies the record as a DKIM version 1 public key.
• `p=MIG…QIDAQAB`: This fragment contains the public key in Base64 encoding.

The process of setting up DKIM involves several tasks:

• Create a selector. This is a simple, user-defined text string that you will associate with a public key in a later step.
• Generate a public/private key pair by using a tool such as ssh-keygen on Linux or PuTTYgen on Windows.
• Publish the selector and public key by creating a DNS TXT record.
• Attach the token to each outgoing email.

Before storing the public key in DNS you need to pick a “selector”. A domain might have multiple keys involved, and to differentiate between them a label is used, that label is called a selector.

To make it obvious when a key was generated I recommend you use a date, e.g. 20161117.

Once you have chosen your selector you need to publish the key in DNS. If you're protecting the domain example.com you need to publish a TXT record with the name:

20161117._domainkey.example.com

openssl genrsa -out example.com.private.pem 1024
openssl rsa -in example.com.private.pem -out example.com.public.pem -pubout -outform PEM

or

openssl genrsa -out example.com.private.pem 1024 -outform PEM
openssl rsa -in example.com.private.pem -out example.com.public.pem -pubout -outform PEM

This will result in two files:

The public key is in the /etc/exim4/example.com.public.pem file.

cat /etc/exim4/example.com.public.pem

Result

-----BEGIN PUBLIC KEY-----
abCdefGhijKLm
noPQRsTuvWxyZ
-----END PUBLIC KEY-----

The DKIM DNS record is a TXT record containing the public DKIM key without line breaks.

20161117._domainkey.example.com TXT IN "k=rsa; p=abCdefGhijKLmnoPQRsTuvWxyZ"

MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQD78Ki2d0zmOlmjYNDC7eLG3af12KrjmPDeYRr3
q9MGquKRkRFlY+Alq4vMxnp5pZ7lDaAXXwLYjN91YY7ARbCEpqapA9Asl854BCHMA7L+nvk9kgC0
ovLlGvg+hhqIPqwLNI97VSRedE60eS+CwcShamHTMOXalq2pOUw7anuenQIDAQAB

20161117._domainkey        IN      TXT     ("v=DKIM1; t=s; p=" 
"MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQD78Ki2d0zmOlmjYNDC7eLG3af12KrjmPDeYRr3"
"q9MGquKRkRFlY+Alq4vMxnp5pZ7lDaAXXwLYjN91YY7ARbCEpqapA9Asl854BCHMA7L+nvk9kgC0"
"ovLlGvg+hhqIPqwLNI97VSRedE60eS+CwcShamHTMOXalq2pOUw7anuenQIDAQAB")

Example DKIM header:

DKIM-Signature:
v=1;
a=rsa-sha256;
c=relaxed/relaxed;
d=sharewiz.net;
s=sel42;
t=1399817581;
bh=Pl25…dcMqN+E=;
h=Message-ID:Date:Subject:From:To:MIME-Version:Content-Type;
b=Xp/nL93bv6Qo73K…KmskU/xefbYhHUA=

• v=1: This indicates the DKIM version in use. For the time being this must be “v=1”.
• a=rsa-sha256: The algorithm suite that was used to generate the crypto signature. The current specification defines `rsa-sha1` and `rsa-sha256`. The latter is recommended. Note that while the specification leaves room for defining other algorithms, using an algorithm not known to an ISP negates the effect of using DKIM in the first place because the recipient is required to ignore unknown signatures.
• c=relaxed/relaxed: The “canonicalization” scheme used to pre-process the headers prior to calculating the crypto signature, to protect against small (and normal) transformations that the headers could be subjected to in transit, such as line folding. The specification provides for two algorithms: “simple”, which means don’t change headers in any way; and “relaxed” that normalizes the headers dealing with character case, whitespace folding and line breaks to try and be more robust when headers are changed in transit. Note that the `c=` fragment defines two algorithms. One is used for processing the headers covered by the signature, the other is used for processing of the message’s body.
• d=sharewiz.net: The domain name of the organization that claims responsibility for issuing this DKIM signature – in this example that is sharewiz.net. Typically the signing organization is either the ESP sending on behalf of a customer or the email author (domain) itself. Note that a sender responsible for various mail streams can use separate signatures thanks to the “selector”, discussed next.
• s=sel42: The “selector” used to find the corresponding Public Key to validate the signature. The DKIM validator will fetch the public key by issuing a DNS query for the TXT record located at ._domainkey.
• t=1399817581: The UTC timestamp of signature creation, expressed as the number of seconds since 00:00:00 on January 1st, 1970 (Unix Epoch time).
• bh=Pl25…dcMqN+E=: A crypto hash of the body part of the message. Note that an author can choose to protect only a part of the content, by using `l=` to specify the number of octets to consider for generating this hash. This is often used in scenarios where a very large number of signatures must be done and the processing cost of signing the whole messages is prohibitive. Note that by not covering the complete contents, it would be possible for the message to be tampered with without detection.
• h=Message-ID:Date:Subject:From:…: The colon-separated list of header lists that were signed. This allows the sender to omit headers that will be changed or stripped by expected mail handling while including headers that are relevant, such as message identifiers, source and destination address, abuse handling information, etc.
• b=Xp/nL93bv6Qo73K…KmskU/xefbYhHUA=: The crypto signature data itself, encoded in Base64 and possibly with whitespace inserted to conform to line length limitations.

RFC-6376 § 3.5 contains a detailed description of all the fragments and flags that can be added to customize the extent of protection that DKIM provides through its signatures.

dig 20161117._domainkey.example.com txt

With that entry stored in DNS we can now configure exim to sign the mail.

After line CONFDIR = /etc/exim4, add:

/etc/exim4/conf.d/main/00_local_macros

DKIM_CANON = relaxed
DKIM_SELECTOR = 20161117
DKIM_DOMAIN = example.com
DKIM_PRIVATE_KEY = /etc/exim4/dkim/example.com.private.pem

or

/etc/exim4/conf.d/main/00_local_macros

DKIM_CANON = relaxed
DKIM_SELECTOR = 20161117
DKIM_DOMAIN = ${sender_address_domain}
DKIM_PRIVATE_KEY = CONFDIR/dkim.private

or

/etc/exim4/conf.d/main/00_local_macros

# DKIM
DKIM_SELECTOR = 20161117
# Get the domain from the outgoing mail.
DKIM_DOMAIN = ${lc:${domain:$h_from:}}
# If key exists then use it, if not don't.
DKIM_PRIVATE_KEY=${if exists{/etc/exim4/dkim/${dkim_domain}.private.pem} {/etc/exim4/dkim/${dkim_domain}.private.pem}}

Once you've updated your configuration template you need to rebuild the real configuration, and restart exim such that it takes effect:

update-exim4.conf
service exim4 restart

The previous example used a single domain, example.com, but to handle mail for multiple domains, you need to update your 00_local_macros file to allow conditional lookup of the domain and corresponding key:

DKIM_CANON = relaxed
DKIM_SELECTOR = 20150726
 
# Get the domain from the outgoing mail.
DKIM_DOMAIN = ${sg{${lc:${domain:$h_from:}}}{^www\.}{}}
 
# The file is based on the outgoing domain-name in the from-header.
DKIM_FILE = /etc/exim4/dkim/{DKIM_DOMAIN}.pem
 
# If key exists then use it, if not don't.
DKIM_PRIVATE_KEY = ${if exists{DKIM_FILE}{DKIM_FILE}{0}}

DKIM_FILE= /etc/exim4/dkim/$dkim_domain.pem

# DKIM
DKIM_SELECTOR = 20161117
 
# Get the domain from the outgoing mail.
DKIM_DOMAIN = ${lc:${domain:$h_from:}}
 
# If key exists then use it, if not don't.
DKIM_PRIVATE_KEY=${if exists{/etc/exim4/dkim/${dkim_domain}.private.pem} {/etc/exim4/dkim/${dkim_domain}.private.pem}}

The net result of this is that if your mailserver sends mail from “john@example.com” the key-file will be loaded from /etc/exim4/dkim/example.com.private.pem, but if you send mail from “john@me.com” the private-key will be loaded from /etc/exim4/dkim/me.com.private.pem - unless it is missing, and in that case the outgoing mail won't be signed at all.

${domain:$h_from} - The domain-name of the From: header.

${lc:XXXX} - The string "xxxx" in lower-case

${lc:${domain:$h_from}}

DKIM_DOMAIN = ${sg{${lc:${domain:$h_from:}}}{^www\.}{}}

DKIM_PRIVATE_KEY = ${if exists{DKIM_FILE}{DKIM_FILE}{0}}

To check that Exim supports DKIM.

exim4 -bV

result:

Exim version 4.80 #3 built 24-Jul-2014 03:28:10
Copyright (c) University of Cambridge, 1995 - 2012
(c) The Exim Maintainers and contributors in ACKNOWLEDGMENTS file, 2007 - 2012
Berkeley DB: Berkeley DB 5.1.29: (October 25, 2011)
Support for: crypteq iconv() IPv6 GnuTLS move_frozen_messages DKIM
Lookups (built-in): lsearch wildlsearch nwildlsearch iplsearch cdb dbm dbmjz dbmnz dnsdb dsearch nis nis0 passwd
Authenticators: cram_md5 plaintext
Routers: accept dnslookup ipliteral manualroute queryprogram redirect
Transports: appendfile/maildir/mailstore autoreply lmtp pipe smtp
Fixed never_users: 0
Size of off_t: 8
Configuration file is /var/lib/exim4/config.autogenerated

See the line starting with “Support for:“. This shows DKIM is compiled in.

The first step towards publishing DKIM Public Keys is deciding on your key rotation schedule. Private keys, and the corresponding Public keys, must be rotated out of use periodically to limit the probability of a compromised or broken key being used.

Common practice involves rotating the keys at varying intervals. Some organizations rotate keys weekly, while other organizations can go up to a year or more before changing the keys.

DKIM Key Rotation is actually very simple thanks to the introduction of the key selectors (the `s=` fragment in the DKIM Signature header). The key selector allows introducing new keys at any point, maintaining the old keys around for a prudent period of time so that all in-transit messages have time to be processed and delivered.