Selor DKIM - Basic Documentation



ATTENTION: This program needs of resources that are available only in Selor 1.3 and beyond

Selor_DKIM is a external tool to generate DKIM signatures in emails that pass through your MTA Selor.
Many emails servers check for these signatures to prove whether its source and content is authentic

If your email has a valid DKIM signature, it will receive a good score on great part of email servers from world.

A quick explanation (IMPORTANT):

In a DKIM signature, we have a selector domain that will used in recipient side to know where seek the public key.

The message is signed with the private key, but is with the public key that the remote  MTA checks the authenticity of this message.

In this example I will use the domain with ''s19801007' selector. You can use a selector that you want.
My DNS must have a TXT DNS entry like this:

If your domain is '' and you have chose the selector 'testselor2015', the entry of your DNS must be:

The entry  really exists in domain. You can check its public key with this command:

host -t txt

You can have many domains in your server and use only one main domain to sign all messages of all domains. I will use this case here, but the selor_dkim has resources to consult a different signature key for each domain with base in your MySQL database.

The part of DNS (named) I will not show to you because this tutorial would be too large.

Well, go to the instalation

Download this tool in website here.

Put the file inside directory 'uteis' of your Selor directory and unzip this. (
Obs: You can change the name of this directory if you want: 'utils', 'tools', etc.)

cp selor_dkim_1.0.tar.bz2 /usr/local/selor/uteis

cd /usr/local/selor/uteis

tar xjf selor_dkim_1.0.tar.bz2

Compile the module conforms your system:

 Linux 32 Bits
gcc selor_dkim.c -o selor_dkim -lssl -lmysqlclient -lcrypto

--> Linux 64 Bits
gcc selor_dkim.c -o selor_dkim -DA64 -lssl -lmysqlclient -lcrypto

--> FreeBSD 32 Bits
gcc selor_dkim.c -o selor_dkim -L/usr/local/lib/mysql -DFreeBSD -lssl -lmysqlclient -Wall

--> FreeBSD 64 Bits
gcc selor_dkim.c -o selor_dkim -L/usr/local/lib/mysql -DFreeBSD -DA64 -lssl -lmysqlclient -Wall


chmod 555 /usr/local/selor/selor_dkim


Now we need generate the private and public keys
The private key must be 'hidden' in your server and used by selor_dkim to generate the signatures that will be placed inside of the emails.

mkdir /usr/local/selor/uteis/dkim_keys/

cd /usr/local/selor/uteis/dkim_keys

openssl genrsa -out dkim_private.key 1024

openssl rsa -pubout -in dkim_private.key  -out dkim_public.key

Take the content of your public key (dkim_public.key) and put in your domain.

cat /usr/local/selor/uteis/dkim_keys/dkim_public.key

In my case, the content is:

-----END PUBLIC KEY-----

Copy the key (Without the lines '-----BEGIN PUBLIC KEY-----' and '-----END PUBLIC KEY-----') with a CTRL+C and paste this in a text editor and let this in a only one line.


Make the TXT entry in you DNS, in my case,  with this content:

v=DKIM1; k=rsa; p=[THE PUBLIC KEY]


Obs: Remember, you must put the content of your public key and this entry is a only one line.

Put the content in your DNS domain and restart him

Now, in file specified by you need call the selor_dkim:

pico /usr/local/selor/rules_data

Put this content in your rules-file (two rules) (Obs: I will use with a example the '' domain. Change this for your domain)

Auth? Internal_from? Exec! "/usr/local/selor/uteis/selor_dkim --gen %L/c%d -h 'From:To:Date:Subject' -s
s19801007 -d '' --pkey /usr/local/selor/uteis/dkim_keys/dkim_private.key"

Auth? Internal_from? Itest? "%t=0" Hadd! "%E"


The first rule runs the selor_dkim that analyzes the email on queue and 'prints' in stdout the generated key, ready to be placed on header of email.
The second rule executes the 'Hadd!' action that marks this printed text on email header when it is sent to a external host. In old versions of MTA Selor (less than 1.3), the Hadd action is not has effect in This feature was added in Selor 1.3. 

It is done. All AUTHENTICATED messages sent by your customers will be signed with a DKIM key.



Powered by C - Assembly