Set Up DKIM (DomainKeys Identified Mail) Working With Postfix and Sendmail On CentOS Using OpenDKIM

0
(0)

This tutorial shows how to get DKIM working on a CentOS box running Postfix using OpenDKIM, I’ll also cover some simple trouble shooting tips and advice for future upgrade on your OpenDKIM installation.

setup DKIM This tutorial is part 1 of the mailserver set-up with virtual users and domains using   Postfix and Dovecot series. It goes through the steps of installing and integrating   OpenDKIM in Postfix on a CentOS 7 Linux VPS. After completing this tutorial you will end-up having OpenDKIM adding digital signatures to your emails, thus making the Mailserver set-up even more robust and professional.

What is Open DKIM?

It is a digital email signing/verification technology, which is already supported by some common mail providers. In general, DKIM means digitally signing all messages on the mail-server to verify the message was actually sent from the domain in question and was not spam

UPDATE THE SYSTEM 

Before going any further, make sure you’re in a screen session and your system is fully up-to-date by running:

## screen -U -S open dkim-screen
## yum update

ENABLE EPEL REPOSITORY

Open DKIM is available in the EPEL repository, so we need to enable it on the system before we can install Open DKIM

## wget -P /tmp http://mirror.pnl.gov/epel/6/i386/epel-release-6-8.noarch.rpm
## rpm -Uvh /tmp/epel-release-6-8.noarch.rpm
## rm -f /tmp/epel-release-6-8.noarch.rpm

INSTALL OPENDKIM

Install the package using yum:

## yum install opendkim

CONFIGURE OPENDKIM

Next thing to do is to configure OpenDKIM. Its main configuration file is located in /etc/opendkim.conf, so before making any changes create a backup and add/edit the following:

## cp /etc/opendkim.conf{,.orig}
## vim /etc/opendkim.conf


AutoRestart             Yes
AutoRestartRate         10/1h
LogWhy                  Yes
Syslog                  Yes
SyslogSuccess           Yes
Mode                    sv
Canonicalization        relaxed/simple
ExternalIgnoreList      refile:/etc/opendkim/TrustedHosts
InternalHosts           refile:/etc/opendkim/TrustedHosts
KeyTable                refile:/etc/opendkim/KeyTable
SigningTable            refile:/etc/opendkim/SigningTable
SignatureAlgorithm      rsa-sha256
Socket                  inet:8891@localhost
PidFile                 /var/run/opendkim/opendkim.pid
UMask                   022
UserID                  opendkim:opendkim
TemporaryDirectory      /var/tmp

SET-UP PUBLIC/PRIVATE KEYS

Generate set of keys for your mydomain.com domain name:

## mkdir /etc/opendkim/keys/mydomain.com
## opendkim-genkey -D /etc/opendkim/keys/mydomain.com/ -d mydomain.com -s default
## chown -R opendkim: /etc/opendkim/keys/mydomain.com
## mv /etc/opendkim/keys/mydomain.com/default.private /etc/opendkim/keys/mydomain.com/default


 add mydomain.com to OpenDKIM’s key table by adding the following record in /etc/opendkim/KeyTable

default._domainkey.mydomain.com mydomain.com:default:/etc/opendkim/keys/mydomain.com/default 
next, edit /etc/opendkim/SigningTable and add the following record to OpenDKIM’s signing table:  

*@mydomain.com default._domainkey.mydomain.com

 and add your domain and your hostname as trusted hosts in /etc/opendkim/TrustedHosts: 
127.0.0.1
mydomain.com
host.mydomain.com

assuming the domain in question is ‘mydomain.com’ and server’s hostname is set to ‘host.mydomain.com’


 finally, edit your mydomain.com DNS zone and add the TXT record from /etc/opendkim/keys/mydomain.com/default.txt

default._domainkey      IN      TXT     ( "v=DKIM1; k=rsa; "
          "p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDApHRr7ZmXRaAB+RQRbP4VdMwIrIHIP18KFtXRsv/xpWc0Gix6ZXN13fcG03KNGKZo2PY+csPkGC5quDnH5V0JEhDZ78KcDWFsU6u4fr9ktVAdt6P7jWXjcyqdHOZ8+YN4cAeU4lRFNgQvdupIcByYwzPYMgBFHfJm9014HvRqhwIDAQAB" )  ; ----- DKIM key default for mydomain.com



it is also a good idea to add an SPF record if you haven’t already


mydomain.com. 14400 IN TXT "v=spf1 a mx ~all"


you can verify your dkim TXT record is valid using dig for example: 
## dig +short default._domainkey.mydomain.com TXT

"v=DKIM1\; k=rsa\; " "p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDApHRr7ZmXRaAB+RQRbP4VdMwIrIHIP18KFtXRsv/xpWc0Gix6ZXN13fcG03KNGKZo2PY+csPkGC5quDnH5V0JEhDZ78KcDWFsU6u4fr9ktVAdt6P7jWXjcyqdHOZ8+YN4cAeU4lRFNgQvdupIcByYwzPYMgBFHfJm9014HvRqhwIDAQAB"

CONFIGURE POSTFIX

In order to integrate OpenDKIM with Postfix we need to add the following few lines in /etc/postfix/main.cf:

smtpd_milters           = inet:127.0.0.1:8891
non_smtpd_milters       = $smtpd_milters
milter_default_action   = accept
milter_protocol         = 2


(RE)START SERVICES

 Add OpenDKIM to your system’s start-up and start opendkim and restart postfix using the following commands:

## service opendkim start
## chkconfig opendkim on
## service postfix restart

TEST THE SET-UP

To test the set-up simply send an email to

[email protected] and you should receive back an email containing something like this:

==========================================================
Summary of Results
==========================================================
SPF check:          pass
DomainKeys check:   neutral
DKIM check:         pass
DKIM check:         pass

How useful was this post?

Click on a star to rate it!

Average rating 0 / 5. Vote count: 0

No votes so far! Be the first to rate this post.

About the Author: [email protected]

33 Comments

  1. It is really a great and helpful piece of information. I’m glad that you shared this helpful info with us. Please keep us informed like this. Thanks for sharing.

  2. Thank you for another informative site. Where else could I get that type of info written in such an ideal way? I have a project that I’m just now working on, and I’ve been on the look out for such information.

  3. You made some decent points there. I did a search on the topic and found most people will approve with your blog.

  4. Good point! Interesting info over here. It’s pretty worth enough for me. In my opinion, if all website owners and bloggers made good content as you did, the net will be a lot more useful than ever before.| I couldn’t resist commenting. I have spent some hours searching for such tips. I’ll also share it with a couple of friends interested in it. I have just bookmarked this web. Now with the job done, I will visit some live Webcams. Thank you very much!! Greetings from Catalonia!

  5. We are trying our best to help our clients and assuming clients in the market.
    It is my pleasure that our post is liked by you 🙂

    Hope we will meet again with any business opportunity.

    Thankyou

  6. I don’t even know the way I stopped up right here, however
    I assumed this put up was once great. I do not know who you’re but certainly you are going to
    a famous blogger in the event you aren’t already.
    Cheers!

  7. Thank you for the auspicious writeup. It if truth be told
    was a entertainment account it. Glance advanced to more added
    agreeable from you! By the way, how can we communicate?

  8. I just like the valuable info you supply to your articles.
    I’ll bookmark your blog and test again right here frequently.
    I’m slightly certain I will be informed lots of new stuff
    right here! Good luck for the following!

  9. Simple and easy!! Interesting tips over here. It’s pretty worth enough for me. Personally, if all site owners and bloggers made good content as you did, the net will be a lot more useful than ever before.| I couldn’t refrain from commenting. I ‘ve spent some hours trying to find such informations. I’ll also share it with a couple of friends interested in it. I’ve just bookmarked this web. Finished with the job done, I will watch some Russia 2018 Webcams. Thank you!! Regards from Russia 2018!

  10. I think other web site proprietors should take this web site as an model, very clean and excellent user genial style and design, let alone the content. You are an expert in this topic!

  11. hello there and thank you for your info – I have certainly picked up anything new from right here. I did however expertise a few technical points using this website, since I experienced to reload the website a lot of times previous to I could get it to load correctly. I had been wondering if your web hosting is OK? Not that I’m complaining, but slow loading instances times will often affect your placement in google and could damage your high-quality score if ads and marketing with Adwords. Anyway I’m adding this RSS to my email and could look out for a lot more of your respective fascinating content. Ensure that you update this again soon..

  12. I’m curious to find out what blog platform you happen to be using? I’m having some small security issues with my latest blog and I’d like to find something more risk-free. Do you have any recommendations?

  13. Great 🙂 !!!
    We are happy that our blog is liked by you.
    And we will update you with new related to quality article.

    Regards
    Data Paradise

  14. Hello,

    We are recommend always update your Blog and add-on and configure DDos protection and firewall security

  15. Great tremendous issues here. I am very happy to look your post. Thank you a lot and i am having a look forward to touch you. Will you please drop me a e-mail?

  16. It is really a cool and useful piece of information. I am satisfied that you just shared this helpful info with us. Please keep us informed like this. Thanks for sharing.

  17. I’m still learning from you, but I’m trying to reach my goals. I definitely love reading all that is posted on your site.Keep the posts coming. I enjoyed it!

  18. “It’s awesome in favor of me to have a website, which is helpful in favor of my knowledge. thanks admin”

  19. Looking forward to reading more. Great blog post.Really looking forward to read more. Much obliged.

  20. I am extremely inspired together with your writing skills and also with the layout for your weblog.

    Is that this a paid theme or did you modify it your self?
    Anyway keep up the nice high quality writing, it is uncommon to see a nice
    blog like this one nowadays..

  21. Thanks for the auspicious writeup. It in fact used to be a leisure account it.
    Glance advanced to far delivered agreeable from you!
    However, how can we keep up a correspondence?

  22. Wow, this paragraph is fastidious, my younger sister is analyzing such things,
    therefore I am going to inform her.

  23. I’m gone to convey my little brother, that he should
    also pay a quick visit this web site on regular basis to take updated from most recent
    news update.

  24. I don’t even know how I ended up here, but I thought
    this post was great. I do not know who you are but definitely you are
    going to a famous blogger if you are not already 😉 Cheers!

  25. Thanks for one’s marvelous posting! I truly enjoyed reading it, you are a great author.I will be sure to bookmark your blog and definitely will come back in the future. I want to encourage that you continue your great work, have a nice morning!

  26. Heya i am for the first time here. I came across this board andI find It really helpful & it helped me out a lot. I am hoping to present something back and help others like you aided me.

  27. It’s actually a cool and useful piece of info. I’m glad that you shared
    this helpful info wth us. Please stay us informed like this.
    Thank you for sharing.

Leave a Reply