This website is deprecated, and remains online only for historic access to old issues and docs for historic versions of Virtualmin. It has been unmaintained for several years, and should not be relied on for up-to-date information. Please visit www.virtualmin.com instead.
Virtualmin has support for DKIM built in. This is found in Virtualmin, Email Messages, DomainKeys Identified Mail. The first time you click this it will offer to install the package for you, accept that and let it install. The second time you will get the setup form. The field "Selector for DKIM record name" can be anything, such as the year which it deafults to. The field "Signing of outgoing mail enabled?" needs to be set to yes of course. It should also default to including the hub domain and a key of 2048. The field "Reject incoming email with invalid DKIM signature?" is safest set to No. Click save then open the form again. The form will now contain the records for DNS. Copy "DNS records for additional domains" field box to notepad.
Browse to wherever you set up your DNS and create a new TXT entry. The first DNS TXT entry you need is named _domainkey.Virtual_Server_Domain, e.g. _domainkey.example.com . This has content of either "o=-" (without quotes) which means all e-mails are signed, or "o=~" means emails may be signed or unsigned. The name of second DNS TXT entry is the part xxxxx._domainkey from notepad. The contents of this TXT entry is everything inside the ( ) after joining the strings at the " ", that is delete everything between the "....." to make one long string, then delete the outside (" and "). Although maybe your DNS will accept it formatted into separate strings but that did not work for me.
Setting up SPF is simpler. Again you need to add a TXT record to your DNS. This is named after the virtual domain, i.e. example.com. The contents are "v=spf1 mx ptr:hub_domain -all" (less the quotes) where hub_domain is the FQDN of the hub, e.g. hub.com. What this means any mx at this domain is allowed, so if my from address is me@example.com then the recipient looks up the DNS record for example.com and any mx there is allowed. And when doing a reverse DNS, IP number to domain name, the result of hub_domain is allowed. If those tests pass then the email is kosher otherwise reject it (-all). You can relax this with ~all.
Testing DKIM and SPF can be done at appmaildev which has tools for this. You get a random email address from this site and then send an email to that address. The reply back confirms if DKIM and SPF is set up correctly or not.
Virtualmin has support for DKIM built in. This is found in Virtualmin, Email Messages, DomainKeys Identified Mail. The first time you click this it will offer to install the package for you, accept that and let it install. The second time you will get the setup form. The field "Selector for DKIM record name" can be anything, such as the year which it deafults to. The field "Signing of outgoing mail enabled?" needs to be set to yes of course. It should also default to including the hub domain and a key of 2048. The field "Reject incoming email with invalid DKIM signature?" is safest set to No. Click save then open the form again. The form will now contain the records for DNS. Copy "DNS records for additional domains" field box to notepad.
Browse to wherever you set up your DNS and create a new TXT entry. The first DNS TXT entry you need is named _domainkey.Virtual_Server_Domain, e.g. _domainkey.example.com . This has content of either "o=-" (without quotes) which means all e-mails are signed, or "o=~" means emails may be signed or unsigned. The name of second DNS TXT entry is the part xxxxx._domainkey from notepad. The contents of this TXT entry is everything inside the ( ) after joining the strings at the " ", that is delete everything between the "....." to make one long string, then delete the outside (" and "). Although maybe your DNS will accept it formatted into separate strings but that did not work for me.
Setting up SPF is simpler. Again you need to add a TXT record to your DNS. This is named after the virtual domain, i.e. example.com. The contents are "v=spf1 mx ptr:hub_domain -all" (less the quotes) where hub_domain is the FQDN of the hub, e.g. hub.com. What this means any mx at this domain is allowed, so if my from address is me@example.com then the recipient looks up the DNS record for example.com and any mx there is allowed. And when doing a reverse DNS, IP number to domain name, the result of hub_domain is allowed. If those tests pass then the email is kosher otherwise reject it (-all). You can relax this with ~all.
Testing DKIM and SPF can be done at appmaildev which has tools for this. You get a random email address from this site and then send an email to that address. The reply back confirms if DKIM and SPF is set up correctly or not.