A DKIM record is used to validate the actual email itself. This ensures the message wasn’t tampered with even if it did come from a valid mail server.
mkdir /etc/exim4/keys chown -R Debian-exim:adm keys openssl genrsa -out dkim.key 1024 openssl rsa -in dkim.key -out dkim.pub -pubout -outform pem chmod 600 /etc/opendkim/dkim.key
A DKIM record such as the following is needed: “v=DKIM1; k=rsa; p=[Your public key]”
Get your public key:
cat dkim.pub
returns
-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDHKj656cdca3dkJNFw5Lji63O+ R+sZWDdWiHUcwnf40sSEarmShXG8u3o6QwaDAiaVAboIpUDa0I68Lz+aP2Ws9Y5w tE9jPO57QeGjDdByX6nXrvBgOAyZ072oF70+C3VqkN3zjA1YNuMjP5ugjo6B4sds DR5MBOcVHc3wNFZ1FwIDAQAB -----END PUBLIC KEY-----
Replace the “p=“ section with your own public key without any line breaks.
Now create a new file /etc/exim4/dkim_vhosts. Here you would list out all the virtual hosts and allowed sender addresses in your domains. For example:
*@sharewiz.net: sharewiz.net admin@example.com: example.com
Now edit /etc/exim4/conf.d/transport/30_exim4_config_remote_smtp. The entire file should look something like this:
remote_smtp_dkim: debug_print = "T: remote_smtp_dkim for $local_part@$domain" driver = smtp .ifdef REMOTE_SMTP_HOSTS_AVOID_TLS hosts_avoid_tls = REMOTE_SMTP_HOSTS_AVOID_TLS .endif .ifdef REMOTE_SMTP_HEADERS_REWRITE headers_rewrite = REMOTE_SMTP_HEADERS_REWRITE .endif .ifdef REMOTE_SMTP_RETURN_PATH return_path = REMOTE_SMTP_RETURN_PATH .endif .ifdef REMOTE_SMTP_HELO_DATA helo_data=REMOTE_SMTP_HELO_DATA .endif dkim_domain = ${lookup{$sender_address}lsearch*@{/etc/exim4/dkim_vhosts}} dkim_selector = mail dkim_private_key = /etc/exim4/keys/dkim.key dkim_canon = relaxed dkim_strict = false #dkim_sign_headers = DKIM_SIGN_HEADERS
sudo service exim4 restart
Now just send a test email it shouldn't be marked as spam anymore!
IMPORTANT: The sender email should be valid, that includes “no-reply” addresses.