Important!
Tested:
Debian 9.0.x
Tutorial configuration:
Example domain – domain.com
DNS Server – Bind9
Mail Server – Postfix
Install and configure OpenDKIM.
Update system, install OpenDKIM and some needed dependencies (perl).
sudo apt-get update sudo apt-get dist-upgrade sudo apt-get install opendkim opendkim-tools sudo apt-get install libdigest-sha-perl libdigest-sha-perl libcrypt-openssl-rsa-perl liberror-perl perl libnet-dns-perl libnet-server-perl libmail-dkim-perl libmailtools-perl
Add user postfix to opendkim.
sudo adduser postfix opendkim
Edit opendkim config file /etc/opendkim.conf.
sudo mkdir -p /var/spool/postfix/opendkim/ sudo chown opendkim:opendkim /var/spool/postfix/opendkim/
sudo nano /etc/opendkim.conf
Syslog yes Selector mail Mode sv SubDomains yes Socket local:/var/spool/postfix/opendkim/opendkim.sock PidFile /run/opendkim/opendkim.pid OversignHeaders From TrustAnchorFile /usr/share/dns/root.key UserID opendkim LogWhy yes
Add these lines below.
KeyTable /etc/opendkim/KeyTable SigningTable /etc/opendkim/SigningTable ExternalIgnoreList /etc/opendkim/TrustedHosts InternalHosts /etc/opendkim/TrustedHosts
Edit /etc/opendkim/TrustedHosts.
sudo mkdir /etc/opendkim sudo nano /etc/opendkim/TrustedHosts
Add domain.com and IP addresses:
127.0.0.1 localhost 192.168.0.0/255.255.255.0 external_IP domain.com
Generate a key for domain.com server
sudo mkdir -p /etc/opendkim/keys/domain.com cd /etc/opendkim/keys/domain.com sudo opendkim-genkey -b 2048 -d domain.com -s mail sudo chown opendkim:opendkim -R /etc/opendkim sudo chmod 600 /etc/opendkim/keys/domain/mail.private
Edit /etc/opendkim/KeyTable, specify key location.
sudo nano /etc/opendkim/KeyTable
mail._domainkey.domain.com domain.com:mail:/etc/opendkim/keys/domain.com/mail.private
Edit /etc/opendkim/SigningTable, specify which key will sign a domain.
sudo nano /etc/opendkim/SigningTable
domain.com mail._domainkey.domain.com
Add DKIM key to DNS server.
Print key:
cat /etc/opendkim/keys/domain.com/mail.txt
Copy and paste printed key to your domain.com config file in DNS server (Bind9 – domain.com).
mail._domainkey IN TXT "v=DKIM1; g=*; k=rsa; p=MIGfMA0GCSqGSIb3... ...DQEBAQUAA4GNAB" ; ----- DKIM default for domain.com
Add extra ADSP (Author Domain Signing Practices).
_adsp._domainkey.domain.com IN TXT "dkim=unknown"
Restart servers.
sudo systemctl restart opendkim sudo /etc/init.d/bind9 restart
Configure Postfix.
Edit /etc/postfix/main.cf.
sudo nano /etc/postfix/main.cf
Add these lines to postfix.
milter_default_action = accept milter_protocol = 6 smtpd_milters = local:/opendkim/opendkim.sock non_smtpd_milters = local:/opendkim/opendkim.sock
Restart Postfix.
sudo service postfix restart
Testing.
sudo opendkim-testkey -d domain.com -s mail -vvv
opendkim-testkey: using default configfile /etc/opendkim.conf opendkim-testkey: checking key 'mail._domainkey.domain.com' opendkim-testkey: key not secure opendkim-testkey: key OK
Notice
Support my work by donation. Thank You.
[/notice]
7 comments
Skip to comment form
Worked like a charm after failing with 2 other instruction pages. Thanks!
Add user postfix to opendkim.
sudo adduser postfix opendkim
What? Did you mean:
usermod -aG opendkim postifx
Author
It is the same..
Oct 23 08:43:37 LSPC02 opendkim[17024]: OpenDKIM Filter: Unable to bind to port local:/var/spool/postfix/opendkim/opendkim.sock: Permission denied
Oct 23 08:43:37 LSPC02 opendkim[17024]: OpenDKIM Filter: Unable to create listening socket on conn local:/var/spool/postfix/opendkim/opendkim.sock
Oct 23 08:43:37 LSPC02 opendkim[17024]: smfi_opensocket() failed
I set permissions to postfix:root on opendkim folder. I cant figure out how to fix it.
Author
sudo chown opendkim:opendkim /var/spool/postfix/opendkim/
then
sudo systemctl restart opendkim
sudo service postfix restart
it should work now
RE: Copy and paste printed key to your domain.com config file in DNS server (Bind9 – domain.com).
That doesn’t tell me WHERE – what file or path – to copy the string. Would the file name be something like bind9.conf?
Author
Copy and paste in your own domain.com config in /etc/bind at the end of config..