public blogs

DKIM configure with opendkim and postfix

This blog was published by web_admin at 2023-03-09 06:20:21
Last time modified: 2024-02-01 13:05:50
Key words: email;DKIM

DKIM (Domain Keys Identified Mail) is one of the email authentication systems. It uses the private key/public key pair algorithm which set the public key in a dns recorder, and sign the email with the private key. When a MTA receives the email, it tries to check the signature with public key, if they match, the DKIM check passes.

Install OpenDKIM

To install DKIM on Fedora/Centos/Rocky Linux, execute the following command:
sudo dnf install opendkim opendkim-tools

Setting Opendkim

uncomment these four lines in the configure file(/etc/opendkim.conf):
# ExternalIgnoreList refile:/etc/opendkim/TrustedHosts
# InternalHosts refile:/etc/opendkim/TrustedHosts
# KeyTable /etc/opendkim/KeyTable
# SigningTable refile:/etc/opendkim/SigningTable

Change Mode to sv
Change Socket inet:8891@localhost to Socket inet:8891@interface
if you want other MTA use your signature.

Config Postfix

Add this line if it doesn't exist:
milter_default_action = accept
Add the following 2 lines:
smtpd_milters = inet:localhost(or interface):8891
non_smtpd_milters = inet:localhost(or interface):8891

Prepare to generate key pair

Create a directory structure that will hold the trusted hosts, key tables, signing tables and crypto keys:
sudo mkdir /etc/opendkim
sudo mkdir /etc/opendkim/keys
Edit /etc/opendkim/TrustedHosts:
insert this line: your.domain
Create file /etc/opendkim/KeyTable:
SelectorName._domainkey.domainname domainname:SelectorName:/etc/opendkim/keys/domainname/SelectorName.private
(Change the SelectorName to real selector name, and change the domainname to your real domain name.)
Create file /etc/opendkim/SigningTable:
*@domainname SelectorName._domainkey.domainname
(Change the SelectorName and domainname as above)

Generate key pair

cd /etc/opendkim/keys
sudo mkdir domainname
cd domainname
sudo opendkim-genkey -s SelectorName -d domainname
Change the owner of the private key to opendkim:
sudo chown opendkim:opendkim SelectorName.private

Add the public key to DNS record

Add a new TXT record:
Input "SelectorName._domainkey.domainname"(not include ") to the name field;
Copy the content in the file "SelectorName.txt" to the content field:
v=DKIM1; k=rsa; p=...(no ")

Check authentication

send an email to check-auth@verifier.port25.com, then you will receive a report.

Home

Back to list

Previous blog

Next blog

DKIM configure with opendkim and postfix

This blog was published by web_admin at 2023-03-09 06:20:21
Last time modified: 2024-02-01 13:05:50
Key words: email;DKIM

Install OpenDKIM

Setting Opendkim

Config Postfix

Prepare to generate key pair

Generate key pair

Add the public key to DNS record

Check authentication

Home

Back to list

Previous blog

Next blog

DKIM configure with opendkim and postfix

This blog was published by web_admin at 2023-03-09 06:20:21Last time modified: 2024-02-01 13:05:50Key words: email;DKIM

Install OpenDKIM

Setting Opendkim

Config Postfix

Prepare to generate key pair

Generate key pair

Add the public key to DNS record

Check authentication

This blog was published by web_admin at 2023-03-09 06:20:21
Last time modified: 2024-02-01 13:05:50
Key words: email;DKIM