How to add DKIM record for iRedMail

Suppose iRedMail was installed, the DKIM key was generated during the installation process, now let’s see which public keys are present:

sudo amavisd-new showkeys
sudo amavisd-new -c /etc/amavis/conf.d/50-user showkeys

Suppose the following is displayed:

; key#1 1024 bits, i=dkim,, /var/lib/dkim/   3600 TXT (
  "v=DKIM1; p="

Accordingly, now we add a TXT record on the DNS server:

dkim._domainkey TXT v=DKIM1;p=AAABBBCCCDDD;

And also for the mail subdomain:

dkim._domainkey.mail TXT v=DKIM1;p=AAABBBCCCDDD;

Let’s wait for a while and test:

sudo amavisd-new testkeys
dig -t txt
dig -t txt

You can check from the Windows command line:

nslookup -type=txt
nslookup -type=txt

If the DNS record has not yet been updated, or if something was indicated incorrectly, there will be an error:

TESTING#1 => invalid (public key: not available)

If everything is correct, then:

TESTING#1 => pass

If you need to generate DKIM for a new domain, then execute (you can specify 2048 instead of 1024, but not all DNS can support such a key length):

amavisd-new genrsa /var/lib/dkim/ 1024
chown amavis:amavis /var/lib/dkim/
chmod 0400 /var/lib/dkim/

Find in the configuration file /etc/amavis/conf.d/50-user records about the old domain and add new ones after them. By default, one DKIM key is specified for all domains.
After the changes, restart amavis:

service amavis restart
service amavis status

To track down problems, you can add a primary domain to, statistics will also be displayed for subdomains, you can read help here

See also my articles:
How to configure SPF records
How to add DKIM record
How to add DMARC record

Leave a comment

Leave a Reply