Difference between revisions of "DKIM with postfix"
(Created page with " Install DKIM # yum install opendkim Backup the original conf file. # cp /etc/opendkim.conf{,.bak} Open '''/etc/opendkim.conf''' and make it look like below: AutoRestart ...") |
|||
(8 intermediate revisions by the same user not shown) | |||
Line 22: | Line 22: | ||
UserID opendkim:opendkim | UserID opendkim:opendkim | ||
TemporaryDirectory /var/tmp | TemporaryDirectory /var/tmp | ||
+ | |||
+ | Generate keys | ||
+ | # mkdir /etc/opendkim/keys/example.com | ||
+ | # opendkim-genkey -D /etc/opendkim/keys/example.com/ -d example.com -s default | ||
+ | # chown -R opendkim: /etc/opendkim/keys/example.com | ||
+ | # mv /etc/opendkim/keys/example.com/default.private /etc/opendkim/keys/example.com/default | ||
+ | Open the file '''/etc/opendkim/KeyTable''' and add the following lines but with your domain instead of example.com: | ||
+ | default._domainkey.example.com example.com:default:/etc/opendkim/keys/example.com/default | ||
+ | Open the file '''/etc/opendkim/SigningTable''' and add the following line: | ||
+ | *@example.com default._domainkey.example.com | ||
+ | Open the file '''/etc/opendkim/TrustedHosts''' and make sure you have: | ||
+ | 127.0.0.1 | ||
+ | mydomain.com | ||
+ | host.mydomain.com | ||
+ | Note: host.mydomain.com should be your actual hostname. | ||
+ | |||
+ | Set TXT record for your domain from the file '''/etc/opendkim/keys/mydomain.com/default.txt'''. | ||
+ | Domain field: | ||
+ | default._domainkey | ||
+ | Value field: | ||
+ | v=DKIM1; k=rsa; p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDh3kJR4v0HW+sw5LmSPtM3uPeAZrwfU+yWkVk1AMyqSTRDO74JJCJl55gWSdB4+fGQ6uV5HvjvtKSHztJ+0jxrK0bOOeUgkIjsAqnk1xGPIO/YMp81zJneQ5Bli0crCsXDM3ipT73vUC/iuU1/R9uecB+aRszgZmoLQaDGK2WxjwIDAQAB | ||
+ | |||
+ | Check TXT record: | ||
+ | dig +short default._domainkey.example.com TXT | ||
+ | |||
+ | |||
+ | == SEE ALSO: == | ||
+ | |||
+ | It is a good idea to set the following TXT records: SPF and DMARC. | ||
+ | |||
+ | Examples: | ||
+ | |||
+ | SPF | ||
+ | Domain: example.com Record: v=spf1 a mx ~all | ||
+ | DMARC | ||
+ | Domain: _dmarc.example.com Record: v=DMARC1; p=quarantine; rua=mailto:mailmaster@example.com | ||
+ | |||
+ | [[Category:Linux]] |
Latest revision as of 15:26, 5 December 2014
Install DKIM
# yum install opendkim
Backup the original conf file.
# cp /etc/opendkim.conf{,.bak}
Open /etc/opendkim.conf and make it look like below:
AutoRestart Yes AutoRestartRate 10/1h LogWhy Yes Syslog Yes SyslogSuccess Yes Mode sv Canonicalization relaxed/simple ExternalIgnoreList refile:/etc/opendkim/TrustedHosts InternalHosts refile:/etc/opendkim/TrustedHosts KeyTable refile:/etc/opendkim/KeyTable SigningTable refile:/etc/opendkim/SigningTable SignatureAlgorithm rsa-sha256 Socket inet:8891@localhost PidFile /var/run/opendkim/opendkim.pid UMask 022 UserID opendkim:opendkim TemporaryDirectory /var/tmp
Generate keys
# mkdir /etc/opendkim/keys/example.com # opendkim-genkey -D /etc/opendkim/keys/example.com/ -d example.com -s default # chown -R opendkim: /etc/opendkim/keys/example.com # mv /etc/opendkim/keys/example.com/default.private /etc/opendkim/keys/example.com/default
Open the file /etc/opendkim/KeyTable and add the following lines but with your domain instead of example.com:
default._domainkey.example.com example.com:default:/etc/opendkim/keys/example.com/default
Open the file /etc/opendkim/SigningTable and add the following line:
*@example.com default._domainkey.example.com
Open the file /etc/opendkim/TrustedHosts and make sure you have:
127.0.0.1 mydomain.com host.mydomain.com
Note: host.mydomain.com should be your actual hostname.
Set TXT record for your domain from the file /etc/opendkim/keys/mydomain.com/default.txt. Domain field:
default._domainkey
Value field:
v=DKIM1; k=rsa; p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDh3kJR4v0HW+sw5LmSPtM3uPeAZrwfU+yWkVk1AMyqSTRDO74JJCJl55gWSdB4+fGQ6uV5HvjvtKSHztJ+0jxrK0bOOeUgkIjsAqnk1xGPIO/YMp81zJneQ5Bli0crCsXDM3ipT73vUC/iuU1/R9uecB+aRszgZmoLQaDGK2WxjwIDAQAB
Check TXT record:
dig +short default._domainkey.example.com TXT
SEE ALSO:
It is a good idea to set the following TXT records: SPF and DMARC.
Examples:
SPF
Domain: example.com Record: v=spf1 a mx ~all
DMARC
Domain: _dmarc.example.com Record: v=DMARC1; p=quarantine; rua=mailto:mailmaster@example.com