How to configure OpenDKIM with Postfix
In this HowTo, you will find out how we configured OpenDKIM and Postfix(3.1.0) to sign our @postfix.io emails with DKIM. I will not talk about what is DKIM and settings like hash algorithms, DKIM Identity, Selectors etc.
Install OpenDKIM and tools.
apt-get install opendkim opendkim-tools
Add the following settings to /etc/opendkim.conf after “UserID” directive.
Map AuthorDomains to RSA keys.KeyTable /etc/dkimkeys/rsakeys.tableSigningTable refile:/etc/dkimkeys/signingdomains.table# "simple" recommended by DKIMCoreCanonicalization simpleMode svSubDomains noAutoRestart yesAutoRestartRate 10/1MBackground yesDNSTimeout 5SignatureAlgorithm rsa-sha256OversignHeaders From
Generate RSA key for @postfix.io
cd /etc/dkimkeys/opendkim-genkey --bits=1024 --selector=key1 --domain=postfix.io --append-domain
It will create two files. “key1.private” which is for server side and “key1.txt” which contain the following DNS record that needs to be created in @postfix.io zone. You can lookup my existing record with _dig key1.domainkey.postfix.io TXT +short
key1._domainkey.postfix.io. IN TXT ( "v=DKIM1;k=rsa;p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDVgaYb2qaO92yF1DuoSIWybPgiwQ3dfjN1XhzstnEqfi/GroqtN87BrjEr9BGTTiisocbMZOtfErgfCSq+sCjHohEySdngfnxPUqLYqco+Xe3RlESYngKFU9YUUKXE9OcT3dt3v921h1pZ9BJwQ2RyJ+xANYR5DivfRT2gPCdIWwIDAQAB" ) ; ----- DKIM key key1 for postfix.iomv key1.private key1.postfix.io.rsa
Add RSAkey reference to KeyTable file in /etc/dkimkeys/rsakeys.table
postfixdkim postfix.io:key1:/etc/dkimkeys/key1.postfix.io.rsa
Add AuthorDomain and RSAKey reference in /etc/dkimkeys/signingdomains.table
*@postfix.io postfixdkim
“*@postfix.io” says domain with any local-part should be signed with this key. “postfixdkim” is reference to RSA key in KeyTable.
Connect OpenDKIM to Postfix. Since Postfix runs in jail environment so its better to keep OpenDKIM also inside Postfix spool directory.
mkdir /var/spool/postfix/opendkim
Update opendkim.sock path to new location in /etc/default/opendkim
SOCKET="local:/var/spool/postfix/opendkim/opendkim.sock"
Configure opendkim in /etc/postfix/main.cf
# Connect OpenDKIMmilter_default_action = acceptmilter_protocol = 6smtpd_milters = local:/opendkim/opendkim.socknon_smtpd_milters = local:/opendkim/opendkim.sock
Setup proper permissions.
chown -R opendkim:opendkim /etc/opendkim.conf /etc/dkimkeyschown opendkim:postfix /var/spool/postfix/opendkim
Restart opendkim and postfix
systemctl restart opendkim.servicesystemctl restart postfix.service
Comments
Post a Comment