Sending mail using phpmailer using smpt with dkim going thru postfix

Question

So I am using phpmailer using smpt and it is going thru postfix to send emails. When I send a email from my email it goes thru without a problem when it comes to using DKIM and DMARC. But when I send using phpmailer Im not getting a DKIM.

 <?php


   function send_email($to, $from_email, $from_name, $subject, $body, 
      $is_html=false, $attachments=null) {
         global $smtp_host, $smtp_port, $smtp_user, $smtp_password;
       try {
        $email = new PHPMailer(true);
           if ($from_email === $smtp_user) {
             $email->isSMTP();
             $email->Host = $smtp_host;
             $email->Port = $smtp_port;
             $email->SMTPAuth = true;
             $email->Username = $smtp_user;
             $email->Password = $smtp_password;
             $email->SMTPSecure = 'tls';
          }

             $email->CharSet = 'UTF-8';
             $email->From      = $from_email;
             $email->FromName  = $from_email;
             $email->Subject   = $subject;
             $email->Body      = $body;
             $email->AddAddress($to);

         if ($is_html == true) {
             $email->IsHTML(true);
             $email->Encoding = 'base64';
         }

         if ($attachments != null) {
           foreach ($attachments as $attachment) {
                $apath = $attachment["path"];
                $aname = $attachment["name"];
                $email->AddAttachment($apath , $aname);
            }
        }

             $email->Send();
             $status = "success";
       }
           catch (phpmailerException $e) {
           $status = $e->errorMessage();
      }
           catch (Exception $e) {
           $status = $e->getMessage();
      }
          return $status;
     }

So I think I need to add this to my code but I'm not sure if I have to add this to the code. I was thinking that opendkim would just add the DKIM to the header. But its not.

$email->DKIM_domain = 'mydomain.com';
$email->DKIM_private = '/path/to/private_key';
$email->DKIM_selector = 'default'; 
$email->DKIM_passphrase = '1234567';

Answer 1

There are several ways you can implement DKIM signing.

1. With those properties in PHPMailer, where your client script needs direct access to your private keys. Good when you have no control over the sending environment - e.g. on shared hosting, but it means each individual sending script is responsible for signing, which isn't ideal.
2. Getting your mail server to do the signing for you. Good when you have you own mail server and the ability to configure it - all mail that goes through it can be signed automatically, and you don't have to do anything at the client end.
3. Using a signing SMTP relay/proxy server in line with your existing mail server, such as Hmailserver for Windows. Good when you have your own mail server, but don't have admin access to it, or it can't do DKIM.

The selector needs to match the key you're signing with, so if you have a selector called s1, you would expect the public key to be available in a TXT record called s1._domainkey in your domain's DNS. The matching private key just needs to be somewhere safe and web-inaccessible on the server.

The DNS and key arrangements are the same whichever signing mechanism you use. If you use PHPMailer's DKIM, you don't need openDKIM, but if you want to use OpenDKIM, you need to tell it which selector you want to use in its config. Some mail servers (like GreenArrow that I use) allow dynamic control of selectors via custom message headers, but I don't think OpenDKIM supports that. You may be able to set up virtual MTAs within postfix that allow something similar.

For a PHPMailer reference, look at the DKIM signing example provided, and the DKIM test in the test suite.