DomainKeys
Configure DomainKeys (OpenDKIM) with Postfix on CentOS 7
-------
Step:1 Set EPEL Repository using below rpm command
OpenDKIM package is not available in the default yum repositories but available in CentOS 7 EPEL repositories.
[root@mail5 ~]# rpm -Uvh https://dl.fedoraproject.org/pub/epel/epel-release-latest-7.noarch.rpm
Step:2 Install OpenDKIM Package using yum
[root@mail5 ~]# yum install -y opendkim
#CentOS 6
chkconfig opendkim on
#CentOS 7
systemctl enable opendkim.service
Step:3 Run below Command to create keys
Execute the below command to create public & private keys under folder “/etc/opendkim/keys”
[root@mail5 ~]# opendkim-default-keygen Generating default DKIM keys: Default DKIM keys for freshdaymall.com created in /etc/opendkim/keys. [root@mail5 ~]# [root@mail5 ~]# cd /etc/opendkim/keys/ [root@mail5 keys]# ll total 8 -rw-r----- 1 root opendkim 891 Nov 29 08:42 default.private -rw-r--r-- 1 root opendkim 320 Nov 29 08:42 default.txt [root@mail5 keys]#
default.private is the private key for the domain and default.txt is public key that we will publish in DNS record (TXT) in the domain. A Selector ( default ) is created while generating keys, a selector can be unique keyword which is associated in keys and included in DKIM signature.
Step:4 Edit the Following Files :
/etc/opendkim.conf —- Config file of opendkim
/etc/opendkim/KeyTable —- As name suggest it defines the path of private key for the domain
/etc/opendkim/SigningTable — This file tells OpenDKIM how to apply the keys.
/etc/opendkim/TrustedHosts — This file defines which hosts are allowed to use keys.
Edit the file “ vi /etc/opendkim.conf” & set the below parameters.
# vi /etc/opendkim.conf
39 Mode sv
42 Syslog yes
56 Socket inet:8891@127.0.0.1
60 Umask 002
83 Canonicalization relaxed/relaxed
88 Domain worldcm.net
91 Selector default
98 # KeyFile /etc/opendkim/keys/default.private
103 KeyTable /etc/opendkim/KeyTable
108 SigningTable refile:/etc/opendkim/SigningTable
112 ExternalIgnoreList refile:/etc/opendkim/TrustedHosts
115 InternalHosts refile:/etc/opendkim/TrustedHosts
# vi /etc/opendkim/KeyTable
##[add end]
default._domainkey.worldcm.net worldcm.net:default:/etc/opendkim/keys/default.private
# vi /etc/opendkim/SigningTable
17 *@worldcm.net default._domainkey.worldcm.net
# vi /etc/opendkim/TrustedHosts
7 mail.worldcm.net
8 worldcm.net
Step:5 Edit Postfix Config File (/etc/postfix/main.cf)
[root@mail5 ~]# vi /etc/postfix/main.cf
smtpd_milters = inet:127.0.0.1:8891
non_smtpd_milters = $smtpd_milters
milter_default_action = accept
If you’re running a version of Postfix prior to 2.6, you may need to add:
milter_protocol = 2
Konfiguration von Postfix für OpenDKIM
Der Postfix Konfiguration /etc/postfix/main.cf müssen folgende Zeilen hinzugefügt werden.
1
2
3
4
# dkim milter
smtpd_milters = inet:localhost:8891
non_smtpd_milters = inet:localhost:8891
milter_default_action = accept
Danach Postfix neu starten.
1
2
3
4
5
#CentOS 6
service postfix restart
#CentOS 7
systemctl restart postfix.service
Nun können wir mit dem Testen fortfahren.
Start OpenDKIM & postfix Service
[root@mail5 ~]# hash -r
[root@mail5 ~]# systemctl start opendkim ; systemctl enable opendkim ; systemctl restart postfix
ln -s '/usr/lib/systemd/system/opendkim.service' '/etc/systemd/system/multi-user.target.wants/opendkim.service'
service opendkim start
chkconfig opendkim on
systemctl start opendkim
systemctl status opendkim
opendkim.service - DomainKeys Identified Mail (DKIM) Milter Loaded: loaded (/usr/lib/systemd/system/opendkim.service; enabled) Active: active (running) since Tue 2015-03-24 10:29:56 MDT; 46s ago Docs: man:opendkim(8) man:opendkim.conf(5) man:opendkim-genkey(8) man:opendkim-genzone(8) man:opendkim-testadsp(8) man:opendkim-testkey http://www.opendkim.org/docs.html Process: 6403 ExecStart=/usr/sbin/opendkim $OPTIONS (code=exited, status=0/SUCCESS) Main PID: 6404 (opendkim) CGroup: /system.slice/opendkim.service ââ6404 /usr/sbin/opendkim -x /etc/opendkim.conf -P /var/run/opendkim/opendkim.pid Mar 24 10:29:56 hostname.example.com systemd[1]: Started DomainKeys Identified Mail (DKIM) Milter. Mar 24 10:29:56 hostname.example.com opendkim[6404]: OpenDKIM Filter v2.10.1 starting (args: -x /etc/opendkim.conf -P /var/run/opendkim/opendkim.pid)
[root@mail ~]# cat /etc/opendkim/keys/$MYDOMAIN/default.txt
default._domainkey IN TXT ( "v=DKIM1; k=rsa; "
"p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCzJEkrRCDwfxSohIPuktNXBq5SykmLmP9mAPKskEJVRhV88GzhZIvFl9vDAyMuo5spvyOT0/5GsXZ7G3NdRn7thD7l44TFxrh3xrsFa8WA8gRkor6iY23AoMV4tOZlU1H3fXSoQHSvNh5LT68BkIGcOOvU+8u2glerruOLv7UNpQIDAQAB" ) ; ----- DKIM key default for worldcm.net
Adding DNS Records
cat /etc/opendkim/keys/example.com/default.txt
The output should look something like this:
default._dkim IN TXT ( "v=DKIM1; k=rsa; " "p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDHY7Zl+n3SUldTYRUEU1BErHkKN0Ya52gazp1R7FA7vN5RddPxW/sO9JVRLiWg6iAE4hxBp42YKfxOwEnxPADbBuiELKZ2ddxo2aDFAb9U/lp47k45u5i2T1AlEBeurUbdKh7Nypq4lLMXC2FHhezK33BuYR+3L7jxVj7FATylhwIDAQAB" ) ; ----- DKIM default for example.com
---
Automating Configuration and Key Generation for Multiple Domains
If you’re hosting a large number of domains, generating keys and editing all the appropriate files can be time-consuming. The following script was submitted by a reader (Almir Duarte Jr.) to help speed up the process. Use at your own risk.
--------