openssl genrsa -out dkim.private.key 1024

 openssl rsa -in dkim.private.key -out dkim.public.key -pubout -outform PEM

Check what configuration type is being used

 grep "db_use_split_config" /etc/exim4/update-exim4.conf.conf

If the line says “true” then see Split config, else follow Single file config

Create file /etc/exim4/conf.d/main/00_local_macros with these variables:

 DKIM_CANON = relaxed
 DKIM_SELECTOR = www
 DKIM_DOMAIN = example.com
 DKIM_PRIVATE_KEY = /etc/exim4/dkim.private.key

At beginning of /etc/exim4/exim4.conf.template insert above variables.

 update-exim4.conf
 service exim4 restart

 www._domainkey                  IN      TXT     "v=DKIM1\; k=rsa\; o=~\;     p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDcUXcOEEt5daq1PE7PuDYoq2f5Hna51Nicby9J9ZCQNHPbozJjA2nelm51j754o0wQ6zjoM4sL+XL0a4CouAcNSvgjJaZ050e7akEwfYgOZ3OFyC6F8YfBlpHv3HFwhGZ0UNAqQ3DGA7nga7Ybmsxk/9XDhZnlLtKk4KhlAUrVSQIDAQAB\;"

p contains the public key.

 named-checkzone example.com /etc/bind/example.com.zone
 systemctl reload bind9.service
 systemctl status bind9.service
 

Visit http://dkimvalidator.com/ and send email to random address, ex.

 echo "This is a test." | mail -s Test8 Q4yy4YbE613Rrd@dkimvalidator.com
 

Another test site is https://www.mail-tester.com/ and https://www.unlocktheinbox.com (send email to mailtest@unlocktheinbox.com).

For DMARC you can add to DNS zone this as well:

 _dmarc                          IN      TXT     "v=DMARC1\; p=none\; adkim=r\; aspf=r\; rua=mailto:admin@example.com\;"

• Debian 7 Wheezy

• Openssl commands
• Receive dmarc reports to different domain
• DMARC and DKIM operation from Microsoft Docs
• Very nice comprehensive guide on SPF, DKIM and DMARC

DMARC generator wizard

• https://mikepultz.com/2010/02/using-dkim-in-exim/
• https://debian-administration.org/article/718/DKIM-signing_outgoing_mail_with_exim4
• http://www.exim.org/exim-html-current/doc/html/spec_html/ch-dkim_and_spf.html#SECDKIMSIGN
• https://debian-administration.org/article/720/Tying_together_SPF_and_DKIM_with_DMARC