- Version 1.0
Author: DataParadise <[email protected]>
This tutorial shows how to get DKIM working on a CentOS box running Postfix using OpenDKIM, I’ll also cover some simple trouble shooting tips and advice for future upgrade on your OpenDKIM installation.
This tutorial is part 1 of the mailserver set-up with virtual users and domains using Postfix and Dovecot series. It goes through the steps of installing and integrating OpenDKIM in Postfix on a CentOS 7 Linux VPS. After completing this tutorial you will end-up having OpenDKIM adding digital signatures to your emails, thus making the Mailserver set-up even more robust and professional.
What is Open DKIM?
It is a digital email signing/verification technology, which is already supported by some common mail providers. In general, DKIM means digitally signing all messages on the mail-server to verify the message was actually sent from the domain in question and was not spam
UPDATE THE SYSTEM
Before going any further, make sure you’re in a screen session and your system is fully up-to-date by running:
## screen -U -S open dkim-screen
## yum update
ENABLE EPEL REPOSITORY
Open DKIM is available in the EPEL repository, so we need to enable it on the system before we can install Open DKIM
## wget -P /tmp http://mirror.pnl.gov/epel/6/i386/epel-release-6-8.noarch.rpm
## rpm -Uvh /tmp/epel-release-6-8.noarch.rpm
## rm -f /tmp/epel-release-6-8.noarch.rpm
INSTALL OPENDKIM
Install the package using yum
:
## yum install opendkim
CONFIGURE OPENDKIM
Next thing to do is to configure OpenDKIM. Its main configuration file is located in /etc/opendkim.conf
, so before making any changes create a backup and add/edit the following:
## cp /etc/opendkim.conf{,.orig}
## vim /etc/opendkim.conf
AutoRestart Yes
AutoRestartRate 10/1h
LogWhy Yes
Syslog Yes
SyslogSuccess Yes
Mode sv
Canonicalization relaxed/simple
ExternalIgnoreList refile:/etc/opendkim/TrustedHosts
InternalHosts refile:/etc/opendkim/TrustedHosts
KeyTable refile:/etc/opendkim/KeyTable
SigningTable refile:/etc/opendkim/SigningTable
SignatureAlgorithm rsa-sha256
Socket inet:[email protected]
PidFile /var/run/opendkim/opendkim.pid
UMask 022
UserID opendkim:opendkim
TemporaryDirectory /var/tmp
SET-UP PUBLIC/PRIVATE KEYS
Generate set of keys for your mydomain.com
domain name:
## mkdir /etc/opendkim/keys/mydomain.com ## opendkim-genkey -D /etc/opendkim/keys/mydomain.com/ -d mydomain.com -s default ## chown -R opendkim: /etc/opendkim/keys/mydomain.com ## mv /etc/opendkim/keys/mydomain.com/default.private /etc/opendkim/keys/mydomain.com/default addmydomain.com
to OpenDKIM’s key table by adding the following record in/etc/opendkim/KeyTable
default._domainkey.mydomain.com mydomain.com:default:/etc/opendkim/keys/mydomain.com/default
next, edit /etc/opendkim/SigningTable
and add the following record to OpenDKIM’s signing table:
*@mydomain.com default._domainkey.mydomain.com
and add your domain
and your hostname
as trusted hosts in /etc/opendkim/TrustedHosts
:
127.0.0.1 mydomain.com host.mydomain.com assuming the domain in question is ‘mydomain.com’ and server’s hostname is set to ‘host.mydomain.com’
finally, edit your mydomain.com
DNS zone and add the TXT record from /etc/opendkim/keys/mydomain.com/default.txt
default._domainkey IN TXT ( "v=DKIM1; k=rsa; "
"p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDApHRr7ZmXRaAB+RQRbP4VdMwIrIHIP18KFtXRsv/xpWc0Gix6ZXN13fcG03KNGKZo2PY+csPkGC5quDnH5V0JEhDZ78KcDWFsU6u4fr9ktVAdt6P7jWXjcyqdHOZ8+YN4cAeU4lRFNgQvdupIcByYwzPYMgBFHfJm9014HvRqhwIDAQAB" ) ; ----- DKIM key default for mydomain.com
it is also a good idea to add an SPF record if you haven’t already
mydomain.com. 14400 IN TXT "v=spf1 a mx ~all"
you can verify your dkim TXT record is valid using dig
for example:
## dig +short default._domainkey.mydomain.com TXT
"v=DKIM1\; k=rsa\; " "p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDApHRr7ZmXRaAB+RQRbP4VdMwIrIHIP18KFtXRsv/xpWc0Gix6ZXN13fcG03KNGKZo2PY+csPkGC5quDnH5V0JEhDZ78KcDWFsU6u4fr9ktVAdt6P7jWXjcyqdHOZ8+YN4cAeU4lRFNgQvdupIcByYwzPYMgBFHfJm9014HvRqhwIDAQAB"
CONFIGURE POSTFIX
In order to integrate OpenDKIM with Postfix we need to add the following few lines in /etc/postfix/main.cf
:
smtpd_milters = inet:127.0.0.1:8891
non_smtpd_milters = $smtpd_milters
milter_default_action = accept
milter_protocol = 2
(RE)START SERVICES
Add OpenDKIM to your system’s start-up and start opendkim and restart postfix using the following commands:
## service opendkim start
## chkconfig opendkim on
## service postfix restart
TEST THE SET-UP
To test the set-up simply send an email to
[email protected]
and you should receive back an email containing something like this:
==========================================================
Summary of Results
==========================================================
SPF check: pass
DomainKeys check: neutral
DKIM check: pass
DKIM check: pass
It is really a great and helpful piece of information. I’m glad that you shared this helpful info with us. Please keep us informed like this. Thanks for sharing.
Thank you for another informative site. Where else could I get that type of info written in such an ideal way? I have a project that I’m just now working on, and I’ve been on the look out for such information.
You made some decent points there. I did a search on the topic and found most people will approve with your blog.
ThankYou..:)!
Good point! Interesting info over here. It’s pretty worth enough for me. In my opinion, if all website owners and bloggers made good content as you did, the net will be a lot more useful than ever before.| I couldn’t resist commenting. I have spent some hours searching for such tips. I’ll also share it with a couple of friends interested in it. I have just bookmarked this web. Now with the job done, I will visit some live Webcams. Thank you very much!! Greetings from Catalonia!
We are trying our best to help our clients and assuming clients in the market.
It is my pleasure that our post is liked by you 🙂
Hope we will meet again with any business opportunity.
Thankyou
I don’t even know the way I stopped up right here, however
I assumed this put up was once great. I do not know who you’re but certainly you are going to
a famous blogger in the event you aren’t already.
Cheers!
This blog was… how do you say it? Relevant!! Finally I’ve found something that helped me.
Thanks!
Thank you for the auspicious writeup. It if truth be told
was a entertainment account it. Glance advanced to more added
agreeable from you! By the way, how can we communicate?
I just like the valuable info you supply to your articles.
I’ll bookmark your blog and test again right here frequently.
I’m slightly certain I will be informed lots of new stuff
right here! Good luck for the following!
Simple and easy!! Interesting tips over here. It’s pretty worth enough for me. Personally, if all site owners and bloggers made good content as you did, the net will be a lot more useful than ever before.| I couldn’t refrain from commenting. I ‘ve spent some hours trying to find such informations. I’ll also share it with a couple of friends interested in it. I’ve just bookmarked this web. Finished with the job done, I will watch some Russia 2018 Webcams. Thank you!! Regards from Russia 2018!
Hello there friend! Your place is valueble for me. Thanks!? Again thanks alot for this!
I think other web site proprietors should take this web site as an model, very clean and excellent user genial style and design, let alone the content. You are an expert in this topic!
hello there and thank you for your info – I have certainly picked up anything new from right here. I did however expertise a few technical points using this website, since I experienced to reload the website a lot of times previous to I could get it to load correctly. I had been wondering if your web hosting is OK? Not that I’m complaining, but slow loading instances times will often affect your placement in google and could damage your high-quality score if ads and marketing with Adwords. Anyway I’m adding this RSS to my email and could look out for a lot more of your respective fascinating content. Ensure that you update this again soon..
I’m curious to find out what blog platform you happen to be using? I’m having some small security issues with my latest blog and I’d like to find something more risk-free. Do you have any recommendations?
mail – [email protected]
Great 🙂 !!!
We are happy that our blog is liked by you.
And we will update you with new related to quality article.
Regards
Data Paradise
Hello,
We are recommend always update your Blog and add-on and configure DDos protection and firewall security
Great tremendous issues here. I am very happy to look your post. Thank you a lot and i am having a look forward to touch you. Will you please drop me a e-mail?
It is really a cool and useful piece of information. I am satisfied that you just shared this helpful info with us. Please keep us informed like this. Thanks for sharing.
I’m still learning from you, but I’m trying to reach my goals. I definitely love reading all that is posted on your site.Keep the posts coming. I enjoyed it!
“It’s awesome in favor of me to have a website, which is helpful in favor of my knowledge. thanks admin”
Looking forward to reading more. Great blog post.Really looking forward to read more. Much obliged.
I am extremely inspired together with your writing skills and also with the layout for your weblog.
Is that this a paid theme or did you modify it your self?
Anyway keep up the nice high quality writing, it is uncommon to see a nice
blog like this one nowadays..
Thanks for the auspicious writeup. It in fact used to be a leisure account it.
Glance advanced to far delivered agreeable from you!
However, how can we keep up a correspondence?
Wow, this paragraph is fastidious, my younger sister is analyzing such things,
therefore I am going to inform her.
I’m gone to convey my little brother, that he should
also pay a quick visit this web site on regular basis to take updated from most recent
news update.
thanks…
modify it my self.
I don’t even know how I ended up here, but I thought
this post was great. I do not know who you are but definitely you are
going to a famous blogger if you are not already 😉 Cheers!
Thanks for one’s marvelous posting! I truly enjoyed reading it, you are a great author.I will be sure to bookmark your blog and definitely will come back in the future. I want to encourage that you continue your great work, have a nice morning!
I believe you have noted some very interesting details , regards for the post.
Heya i am for the first time here. I came across this board andI find It really helpful & it helped me out a lot. I am hoping to present something back and help others like you aided me.
It’s actually a cool and useful piece of info. I’m glad that you shared
this helpful info wth us. Please stay us informed like this.
Thank you for sharing.