Setup Exim with DKIM for Multiple Domains with Smarthost

  • Recently I have had to enable DKIM for Exim for some customers using POP3/IMAP servers. This was not working even though I followed the steps on here:

    I had folllowed the article to the tee but it was not working. This is what worked for me.

    1- Login to your Exim Server
    2- Create the Dkim folder

    sudo mkdir /etc/exim4/dkim

    3- Create a private key for each domain (you can use a script) in the /etc/exim4/dkim folder.

    cd /etc/exim4/dkim
    sudo openssl genrsa -out 2048 -outform PEM

    4- Create the Public key

    openssl rsa -in -out -pubout -outform PEM

    5- Create the /etc/exim4/conf.d/main/00_local_macros file

    sudo nano /etc/exim4/conf.d/main/00_local_macros

    6- Fill the content

    DKIM_CANON = relaxed
    DKIM_SELECTOR = 20200422
    # Get the domain from the outgoing mail.
    DKIM_DOMAIN = ${sg{${lc:${domain:$h_from:}}}{^www\.}{}}
    # The file is based on the outgoing domain-name in the from-header.
    DKIM_FILE = /etc/exim4/dkim/{DKIM_DOMAIN}-private.pem
    # If key exists then use it, if not don't.
    DKIM_PRIVATE_KEY = ${if exists{DKIM_FILE}{DKIM_FILE}{0}}

    7- Set the permissions on the file

    sudo chown -R Debian-exim:Debian-exim /etc/exim4/dkim/
    sudo chmod 640 /etc/exim4/dkim/*

    8 - Update the /etc/exim4/conf.d/transport/30_exim4-config_remote_smtp_smarthost file

    sudo nano /etc/exim4/conf.d/transport/30_exim4-config_remote_smtp_smarthost

    9- Add the following to the bottom of the file and save it

    .ifdef DKIM_DOMAIN
    dkim_domain = DKIM_DOMAIN
    .ifdef DKIM_SELECTOR
    dkim_selector = DKIM_SELECTOR
    dkim_private_key = DKIM_PRIVATE_KEY
    .ifdef DKIM_CANON
    dkim_canon = DKIM_CANON
    .ifdef DKIM_STRICT
    dkim_strict = DKIM_STRICT
    dkim_sign_headers = DKIM_SIGN_HEADERS

    10- Update the Exim4 Configuration

    sudo update-exim4.conf

    10- Restart the Exim4 Service

    sudo service exim4 restart

    Now your emails coming from domains that have DKIM will be signed. In order to get your DKIM record you must match the select your configured and use the Public key that you made earlier. You can find instructions below