DomainKeys

Configure DomainKeys (OpenDKIM) with Postfix on CentOS 7

-------

Step:1 Set EPEL Repository using below rpm command

OpenDKIM package is not available in the default yum repositories but available in CentOS 7 EPEL repositories.

[root@mail5 ~]# rpm -Uvh https://dl.fedoraproject.org/pub/epel/epel-release-latest-7.noarch.rpm

Step:2 Install OpenDKIM Package using yum

[root@mail5 ~]# yum install -y opendkim

#CentOS 6

chkconfig opendkim on

#CentOS 7

systemctl enable opendkim.service

Step:3 Run below Command to create keys

Execute the below command to create public & private keys under folder “/etc/opendkim/keys”

[root@mail5 ~]# opendkim-default-keygen Generating default DKIM keys: Default DKIM keys for freshdaymall.com created in /etc/opendkim/keys. [root@mail5 ~]# [root@mail5 ~]# cd /etc/opendkim/keys/ [root@mail5 keys]# ll total 8 -rw-r----- 1 root opendkim 891 Nov 29 08:42 default.private -rw-r--r-- 1 root opendkim 320 Nov 29 08:42 default.txt [root@mail5 keys]#

default.private is the private key for the domain and default.txt is public key that we will publish in DNS record (TXT) in the domain. A Selector ( default ) is created while generating keys, a selector can be unique keyword which is associated in keys and included in DKIM signature.

Step:4 Edit the Following Files :

- /etc/opendkim.conf —- Config file of opendkim
- /etc/opendkim/KeyTable —- As name suggest it defines the path of private key for the domain
- /etc/opendkim/SigningTable — This file tells OpenDKIM how to apply the keys.
- /etc/opendkim/TrustedHosts — This file defines which hosts are allowed to use keys.

Edit the file “ vi /etc/opendkim.conf” & set the below parameters.

# vi /etc/opendkim.conf

39 Mode sv

42 Syslog yes

56 Socket inet:8891@127.0.0.1

60 Umask 002

83 Canonicalization relaxed/relaxed

88 Domain worldcm.net

91 Selector default

98 # KeyFile /etc/opendkim/keys/default.private

103 KeyTable /etc/opendkim/KeyTable

108 SigningTable refile:/etc/opendkim/SigningTable

112 ExternalIgnoreList refile:/etc/opendkim/TrustedHosts

115 InternalHosts refile:/etc/opendkim/TrustedHosts

# vi /etc/opendkim/KeyTable

##[add end]

default._domainkey.worldcm.net worldcm.net:default:/etc/opendkim/keys/default.private

# vi /etc/opendkim/SigningTable

17 *@worldcm.net default._domainkey.worldcm.net

# vi /etc/opendkim/TrustedHosts

7 mail.worldcm.net

8 worldcm.net

Step:5 Edit Postfix Config File (/etc/postfix/main.cf)

[root@mail5 ~]# vi /etc/postfix/main.cf

smtpd_milters = inet:127.0.0.1:8891

non_smtpd_milters = $smtpd_milters

milter_default_action = accept

If you’re running a version of Postfix prior to 2.6, you may need to add:

milter_protocol = 2

Konfiguration von Postfix für OpenDKIM

Der Postfix Konfiguration /etc/postfix/main.cf müssen folgende Zeilen hinzugefügt werden.

# dkim milter

smtpd_milters = inet:localhost:8891

non_smtpd_milters = inet:localhost:8891

milter_default_action = accept

Danach Postfix neu starten.

#CentOS 6

service postfix restart

#CentOS 7

systemctl restart postfix.service

Nun können wir mit dem Testen fortfahren.

Start OpenDKIM & postfix Service

[root@mail5 ~]# hash -r

[root@mail5 ~]# systemctl start opendkim ; systemctl enable opendkim ; systemctl restart postfix

ln -s '/usr/lib/systemd/system/opendkim.service' '/etc/systemd/system/multi-user.target.wants/opendkim.service'

service opendkim start

chkconfig opendkim on

systemctl start opendkim

systemctl status opendkim

opendkim.service - DomainKeys Identified Mail (DKIM) Milter Loaded: loaded (/usr/lib/systemd/system/opendkim.service; enabled) Active: active (running) since Tue 2015-03-24 10:29:56 MDT; 46s ago Docs: man:opendkim(8) man:opendkim.conf(5) man:opendkim-genkey(8) man:opendkim-genzone(8) man:opendkim-testadsp(8) man:opendkim-testkey http://www.opendkim.org/docs.html Process: 6403 ExecStart=/usr/sbin/opendkim $OPTIONS (code=exited, status=0/SUCCESS) Main PID: 6404 (opendkim) CGroup: /system.slice/opendkim.service ââ6404 /usr/sbin/opendkim -x /etc/opendkim.conf -P /var/run/opendkim/opendkim.pid Mar 24 10:29:56 hostname.example.com systemd[1]: Started DomainKeys Identified Mail (DKIM) Milter. Mar 24 10:29:56 hostname.example.com opendkim[6404]: OpenDKIM Filter v2.10.1 starting (args: -x /etc/opendkim.conf -P /var/run/opendkim/opendkim.pid)

[root@mail ~]# cat /etc/opendkim/keys/$MYDOMAIN/default.txt

default._domainkey IN TXT ( "v=DKIM1; k=rsa; "

"p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCzJEkrRCDwfxSohIPuktNXBq5SykmLmP9mAPKskEJVRhV88GzhZIvFl9vDAyMuo5spvyOT0/5GsXZ7G3NdRn7thD7l44TFxrh3xrsFa8WA8gRkor6iY23AoMV4tOZlU1H3fXSoQHSvNh5LT68BkIGcOOvU+8u2glerruOLv7UNpQIDAQAB" ) ; ----- DKIM key default for worldcm.net

Adding DNS Records

cat /etc/opendkim/keys/example.com/default.txt

The output should look something like this:

default._dkim IN TXT ( "v=DKIM1; k=rsa; " "p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDHY7Zl+n3SUldTYRUEU1BErHkKN0Ya52gazp1R7FA7vN5RddPxW/sO9JVRLiWg6iAE4hxBp42YKfxOwEnxPADbBuiELKZ2ddxo2aDFAb9U/lp47k45u5i2T1AlEBeurUbdKh7Nypq4lLMXC2FHhezK33BuYR+3L7jxVj7FATylhwIDAQAB" ) ; ----- DKIM default for example.com

---

Automating Configuration and Key Generation for Multiple Domains

If you’re hosting a large number of domains, generating keys and editing all the appropriate files can be time-consuming. The following script was submitted by a reader (Almir Duarte Jr.) to help speed up the process. Use at your own risk.

view raw

opendkim_multi_config.sh

--------