DKIM with postfix

From vpsget wiki
Revision as of 15:26, 5 December 2014 by Vq (talk | contribs)
(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)
Jump to: navigation, search

Install DKIM

# yum install opendkim

Backup the original conf file.

# cp /etc/opendkim.conf{,.bak}

Open /etc/opendkim.conf and make it look like below:

AutoRestart             Yes
AutoRestartRate         10/1h
LogWhy                  Yes
Syslog                  Yes
SyslogSuccess           Yes
Mode                    sv
Canonicalization        relaxed/simple
ExternalIgnoreList      refile:/etc/opendkim/TrustedHosts
InternalHosts           refile:/etc/opendkim/TrustedHosts
KeyTable                refile:/etc/opendkim/KeyTable
SigningTable            refile:/etc/opendkim/SigningTable
SignatureAlgorithm      rsa-sha256
Socket                  inet:8891@localhost
PidFile                 /var/run/opendkim/opendkim.pid
UMask                   022
UserID                  opendkim:opendkim
TemporaryDirectory      /var/tmp

Generate keys

# mkdir /etc/opendkim/keys/example.com
# opendkim-genkey -D /etc/opendkim/keys/example.com/ -d example.com -s default
# chown -R opendkim: /etc/opendkim/keys/example.com
# mv /etc/opendkim/keys/example.com/default.private /etc/opendkim/keys/example.com/default

Open the file /etc/opendkim/KeyTable and add the following lines but with your domain instead of example.com:

default._domainkey.example.com example.com:default:/etc/opendkim/keys/example.com/default

Open the file /etc/opendkim/SigningTable and add the following line:

*@example.com default._domainkey.example.com

Open the file /etc/opendkim/TrustedHosts and make sure you have:

127.0.0.1
mydomain.com
host.mydomain.com

Note: host.mydomain.com should be your actual hostname.

Set TXT record for your domain from the file /etc/opendkim/keys/mydomain.com/default.txt. Domain field:

default._domainkey

Value field:

v=DKIM1; k=rsa; p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDh3kJR4v0HW+sw5LmSPtM3uPeAZrwfU+yWkVk1AMyqSTRDO74JJCJl55gWSdB4+fGQ6uV5HvjvtKSHztJ+0jxrK0bOOeUgkIjsAqnk1xGPIO/YMp81zJneQ5Bli0crCsXDM3ipT73vUC/iuU1/R9uecB+aRszgZmoLQaDGK2WxjwIDAQAB

Check TXT record:

dig +short default._domainkey.example.com TXT


SEE ALSO:

It is a good idea to set the following TXT records: SPF and DMARC.

Examples:

SPF

Domain: example.com Record: v=spf1 a mx ~all

DMARC

Domain: _dmarc.example.com Record: v=DMARC1; p=quarantine; rua=mailto:mailmaster@example.com