OpenDKIM

August 17, 2018 (Last Modified: August 18, 2018) Mailserver

Installation

pacman -S opendkim
dnf install opendkim opendkim-tools

mkdir /etc/postfix/dkim
chown root:opendkim /etc/postfix/dkim -R

Create config

/etc/opendkim/opendkim.conf

AutoRestart             Yes
AutoRestartRate         10/1h
UMask                   002
Syslog                  yes
SyslogSuccess           Yes
LogWhy                  Yes
SendReports    		    yes
SoftwareHeader    	    yes

Canonicalization        relaxed/simple

KeyTable                /etc/postfix/dkim/KeyTable
ExternalIgnoreList      refile:/etc/postfix/dkim/TrustedHosts
InternalHosts           refile:/etc/postfix/dkim/TrustedHosts
SigningTable            refile:/etc/postfix/dkim/SigningTable

Mode                    sv
SignatureAlgorithm      rsa-sha256
MinimumKeyBits		    1024
OversignHeaders		    From
#QueryCache	        	yes

UserID                  opendkim:opendkim
Socket                  inet:12301@localhost

OversignHeaders		From

Add Dkim to Postfix

/etc/postfix/main.cf

# DKIM
milter_default_action 			= accept
non_smtpd_milters 			= inet:localhost:12301
smtpd_milters 				= inet:localhost:12301

Create directory for socket

mkdir /var/run/opendkim
chown opendkim:opendkim /var/run/opendkim

Create Dkim key

opendkim-genkey -r -s default -b 4096 –subdomains –directory=/etc/postfix/dkim/keys/ -d <domain>

Create Dkim config

/etc/postfix/dkim/TrustedHosts

127.0.0.1
::1
<mail-server-domain>
<server-ip>/32

/etc/postfix/dkim/KeyTable

mail._domainkey.<domain> <domain>;:mail:/etc/postfix/dkim/keys/mail.private

/etc/postfix/dkim/SigningTable

*@<domain> mail._domainkey.<domain>

Add Dkim to Nameserver

You find the needed Infomations in /etc/postfix/dkim/key/<domain>.txt
Something like this

mail._domainkey	IN	TXT	( "v=DKIM1; k=rsa; t=y;" "p=<your_key>" );

Use everything between ( and )

Check DKIM

host -t TXT mail._domainkey.<domain> or sudo -u opendkim opendkim-testkey -vvvv -d <domain> -s <selector>