Difference between revisions of "DKIM with postfix"
Line 50: | Line 50: | ||
== SEE ALSO: == | == SEE ALSO: == | ||
− | It is a good idea to set SPF and | + | It is a good idea to set the following TXT records: SPF and DMARC. |
Examples: | Examples: |
Latest revision as of 15:26, 5 December 2014
Install DKIM
# yum install opendkim
Backup the original conf file.
# cp /etc/opendkim.conf{,.bak}
Open /etc/opendkim.conf and make it look like below:
AutoRestart Yes AutoRestartRate 10/1h LogWhy Yes Syslog Yes SyslogSuccess Yes Mode sv Canonicalization relaxed/simple ExternalIgnoreList refile:/etc/opendkim/TrustedHosts InternalHosts refile:/etc/opendkim/TrustedHosts KeyTable refile:/etc/opendkim/KeyTable SigningTable refile:/etc/opendkim/SigningTable SignatureAlgorithm rsa-sha256 Socket inet:8891@localhost PidFile /var/run/opendkim/opendkim.pid UMask 022 UserID opendkim:opendkim TemporaryDirectory /var/tmp
Generate keys
# mkdir /etc/opendkim/keys/example.com # opendkim-genkey -D /etc/opendkim/keys/example.com/ -d example.com -s default # chown -R opendkim: /etc/opendkim/keys/example.com # mv /etc/opendkim/keys/example.com/default.private /etc/opendkim/keys/example.com/default
Open the file /etc/opendkim/KeyTable and add the following lines but with your domain instead of example.com:
default._domainkey.example.com example.com:default:/etc/opendkim/keys/example.com/default
Open the file /etc/opendkim/SigningTable and add the following line:
*@example.com default._domainkey.example.com
Open the file /etc/opendkim/TrustedHosts and make sure you have:
127.0.0.1 mydomain.com host.mydomain.com
Note: host.mydomain.com should be your actual hostname.
Set TXT record for your domain from the file /etc/opendkim/keys/mydomain.com/default.txt. Domain field:
default._domainkey
Value field:
v=DKIM1; k=rsa; p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDh3kJR4v0HW+sw5LmSPtM3uPeAZrwfU+yWkVk1AMyqSTRDO74JJCJl55gWSdB4+fGQ6uV5HvjvtKSHztJ+0jxrK0bOOeUgkIjsAqnk1xGPIO/YMp81zJneQ5Bli0crCsXDM3ipT73vUC/iuU1/R9uecB+aRszgZmoLQaDGK2WxjwIDAQAB
Check TXT record:
dig +short default._domainkey.example.com TXT
SEE ALSO:
It is a good idea to set the following TXT records: SPF and DMARC.
Examples:
SPF
Domain: example.com Record: v=spf1 a mx ~all
DMARC
Domain: _dmarc.example.com Record: v=DMARC1; p=quarantine; rua=mailto:mailmaster@example.com