0

I'm using WinServer to generate and send emails via my Goggle Apps-hosted domain (my SMTP server is smtp.gmail.com) . My registrar (Network Solutions) supports Text records - so I should be able to sign outgoing mail. Where do I go to generate those keys? Do I need anything running on my server - is there some other entity involved beyond inserting a text record in my registrar's DNS?

thx

justSteve
  • 859
  • 1
  • 7
  • 19

2 Answers2

1
openssl genrsa -out dk.key 768
openssl rsa -in dk.key -out dk.pem -pubout -outform PEM

Will generate the private key (dk.key) and public key (dk.pem).

Take the public key and c&p to a txt record:

k=rsa; t=y; p=[data from dk.key file, strip BEGIN/END blocks]

The key should be named similar to [selector]._domainkey.example.com. Note the selector as you'll have to configure your SMTP server with the same name so the receiving server knows where to look for the key (it can be anything you want, like "key1" or "asdf").

You should also configure a policy record for your domain. The record should be named _domainkey.example.com and contain "o=-" (for all e-mail from domain must be signed) or "o=~" (for signature optional). You may also add "t=y" and some servers will be more forgiving, as it indicates you're testing.

Chris S
  • 77,945
  • 11
  • 124
  • 216
  • Appreciate the details re: selector. Your reference to 'policy record' - you'd be talking about SPF entry? – justSteve Jun 25 '11 at 17:05
  • Nope, DKIM has a policy record too. Some mail servers accepting mail will check for your policy and if they find it will generally follow it. It's somewhat similar to SPF, but definitely not the same. You should also have a SPF record, it's more widely used too. – Chris S Jun 26 '11 at 04:00
1

This page details the steps specific to generating the keys via the Google Apps control panel. Surprising that the handful of pages and posts within google's support didn't detail it this well.

justSteve
  • 859
  • 1
  • 7
  • 19