User Tools

Site Tools


Add DKIM and DMARC to exim4 MTA

Create keys

 openssl genrsa -out dkim.private.key 1024
 openssl rsa -in dkim.private.key -out dkim.public.key -pubout -outform PEM

Check what configuration type is being used

 grep "db_use_split_config" /etc/exim4/update-exim4.conf.conf

If the line says “true” then see Split config, else follow Single file config

Split config

Create file /etc/exim4/conf.d/main/00_local_macros with these variables:

 DKIM_CANON = relaxed
 DKIM_PRIVATE_KEY = /etc/exim4/dkim.private.key

Single file config

At beginning of /etc/exim4/exim4.conf.template insert above variables.

Update configuration

 service exim4 restart

On DNS server create new TXT record

 www._domainkey                  IN      TXT     "v=DKIM1\; k=rsa\; o=~\;     p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDcUXcOEEt5daq1PE7PuDYoq2f5Hna51Nicby9J9ZCQNHPbozJjA2nelm51j754o0wQ6zjoM4sL+XL0a4CouAcNSvgjJaZ050e7akEwfYgOZ3OFyC6F8YfBlpHv3HFwhGZ0UNAqQ3DGA7nga7Ybmsxk/9XDhZnlLtKk4KhlAUrVSQIDAQAB\;"

p contains the public key.

Reload bind and send test email

 named-checkzone /etc/bind/
 systemctl reload bind9.service
 systemctl status bind9.service


Visit and send email to random address, ex.

 echo "This is a test." | mail -s Test8

Another test site is and (send email to


For DMARC you can add to DNS zone this as well:

 _dmarc                          IN      TXT     "v=DMARC1\; p=none\; adkim=r\; aspf=r\;\;"

Tested on

  • Debian 7 Wheezy

See also


wiki/add_dkim_dmarc_exim4_mta.txt · Last modified: 2022/10/05 16:18 by antisa

Except where otherwise noted, content on this wiki is licensed under the following license: CC0 1.0 Universal
CC0 1.0 Universal Donate Powered by PHP Valid HTML5 Valid CSS Driven by DokuWiki