Grid Guides

Explore How System On Grid Can Work For You

Grid Guide Topics

How To Install and Configure DKIM with Postfix on Debian Wheezy

Table Of Contents


    ## Table of Contents

    – [Introduction](#introduction
    – [Prerequisites](#prerequisites
    – [About DKIM](#about-dkim
    – [Install OpenDKIM](#install-opendkim
    – [Configure OpenDKIM](#configure-opendkim
    – [Generate the Public and Private Keys](#generate-the-public-and-private-keys
    – [Add the Public Key to the Domains DNS Records](#add-the-public-key-to-the-domains-dns-records
    – [Conclusion](#conclusion

    ## Introduction

    This guide describes how to install and configuring OpenDKIM, is an open source implementation of the DKIM sender authentication system.

    ## Prerequisites

    You should have already know how to access the server over SSH, Postfix, and dovecot installed on your server.

    ## About DKIM

    [DKIM](http://www.dkim.org/ stands for DomainKeys Identified Mail, is an email authentication technique that allows the receiver to check that an email was indeed sent and authorized by the owner of that domain. This is done by giving the email a digital signature. This DKIM signature is a header that is added to the message and is secured with encryption.

    ## Install OpenDKIM

    You have to update your system before starting the installation.

    “`
    $ sudo apt-get update
    $ sudo apt-get dist-upgrade
    “`

    First of all, install OpenDKIM and its dependencies.

    “`
    $ sudo apt-get install opendkim opendkim-tools
    “`

    Additional packages will be listed as dependencies, type yes and Enter to continue.

    ## Configure OpenDKIM

    In order to configure OpenDKIM some files must be created and edited.

    Now you have to start with the main configuration file using the below command.

    “`
    $ sudo nano /etc/opendkim.conf
    “`

    You have to add the below lines to the end of this configuration file. You can choose a custom port number for the socket, which is not used by a different application.

    “`
    AutoRestart Yes
    AutoRestartRate 10/1h
    UMask 002
    Syslog yes
    SyslogSuccess Yes
    LogWhy Yes
    Canonicalization relaxed/simple

    ExternalIgnoreList refile:/etc/opendkim/TrustedHosts
    InternalHosts refile:/etc/opendkim/TrustedHosts
    KeyTable refile:/etc/opendkim/KeyTable
    SigningTable refile:/etc/opendkim/SigningTable

    Mode sv
    PidFile /var/run/opendkim/opendkim.pid
    SignatureAlgorithm rsa-sha256

    UserID opendkim:opendkim

    Socket inet:12301@localhost
    “`

    This configuration file allows the message signing for one or more domains.

    To connect the milter to postfix use the below command.

    “`
    $ sudo nano /etc/default/opendkim
    “`

    Include the below command and edit the port number only if a custom one is used.

    “`
    SOCKET=”inet:12301@localhost”
    “`

    If you want to use this milter you have to configure postfix.

    “`
    $ sudo nano /etc/postfix/main.cf
    “`

    You have to ensure that these two lines are present in the postfix config file and those are not commented out.

    “`
    milter_protocol = 2
    milter_default_action = accept
    “`

    It seems like the filter is already used by postfix, if the following parameters are present, just append the opendkim milter to them.

    The port number should be the same as in opendkim.conf:

    “`
    smtpd_milters = unix:/spamass/spamass.sock, inet:localhost:12301
    non_smtpd_milters = unix:/spamass/spamass.sock, inet:localhost:12301
    “`

    Define the parameters as follows:

    “`
    smtpd_milters = inet:localhost:12301
    non_smtpd_milters = inet:localhost:12301
    “`

    You have to create a directory structure that will hold the trusted hosts, key tables, signing tables and crypto keys:

    “`
    $ sudo mkdir /etc/opendkim
    $ sudo mkdir /etc/opendkim/keys
    “`

    You have to specify the trusted hosts as follows:

    “`
    $ sudo nano /etc/opendkim/TrustedHosts
    “`

    You can use this file to define both ExternalIgnoreList and InternalHosts, messages originating from these hosts, domains and IP addresses will be trusted and signed.

    Because our main configuration file declares TrustedHosts as a regular expressions file, we can use wildcard patterns.

    Customize and add the following lines to the newly created file. Multiple domains can be specified, do not edit the first three lines.

    “`
    127.0.0.1
    localhost
    192.168.0.1/24
    *.example.com
    #*.example.net
    #*.example.org
    “`

    Create a key table:

    “`
    $ sudo vi /etc/opendkim/KeyTable
    “`

    The key table contains selector/domain pair and the path to their private key.

    “`
    mail._domainkey.numbeo.com numbeo.com:mail:/etc/opendkim/keys/numbeo.com/mail.private
    “`

    Signing table creation:
    “`
    $ sudo vi /etc/opendkim/SigningTable
    “`

    To declaring the domain/email addresses and their selectors use the below file:
    “`
    *@example.com mail._domainkey.example.com
    “`

    ## Generate the Public and Private keys

    Change to the keys directory:

    “`
    cd /etc/opendkim/keys
    “`

    You have to create a separate folder for the domain to hold the keys:

    “`
    sudo mkdir testdkim.com
    cd testdkim.com
    “`

    Generate the keys:

    “`
    $ sudo opendkim-genkey -s mail -d testdkim.com
    “`
    -s specifies the selector and -d specify the domain, this command will create two files, mail.private is our private key and mail.txt contains the public key.

    You have to change the owner of the private key to opendkim using the below command.

    “`
    $ sudo chown opendkim:opendkim mail.private
    “`

    ## Add the Public Key to the Domains DNS Records

    To open mail.text use the below command.

    “`
    $ sudo vi -$ mail.txt
    “`

    The public key is defined under p parameter.

    “`
    mail._domainkey IN TXT “v=DKIM1; k=rsa; p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQC5N3lnvvrYgPCRSoqn+awTpE+iGYcKBPpo8HHbcFfCIIV10Hwo4PhCoGZSaKVHOjDm4yefKXhQjM7iKzEPuBatE7O47hAx1CJpNuIdLxhILSbEmbMxJrJAG0HZVn8z6EAoOHZNaPHmK2h4UUrjOG8zA5BHfzJf7tGwI+K619fFUwIDAQAB” ; —– DKIM key mail for example.com
    “`

    Copy the key and add a TXT record to your domain’s DNS entries as follows:

    “`
    Name: mail._domainkey.example.com.
    Text: “v=DKIM1; k=rsa; p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQC5N3lnvvrYgPCRSoqn+awTpE+iGYcKBPpo8HHbcFfCIIV10Hwo4PhCoGZSaKVHOjDm4yefKXhQjM7iKzEPuBatE7O47hAx1CJpNuIdLxhILSbEmbMxJrJAG0HZVn8z6EAoOHZNaPHmK2h4UUrjOG8zA5BHfzJf7tGwI+K619fFUwIDAQAB”
    “`

    You have to note the DNS changes. It may take a long time to propagate.

    You have to restart the postfix and OpenDKIM using the below commands.

    “`
    sudo service postfix restart
    sudo service opendkim restart
    “`

    Then you will get below output.

    “`
    Congratulations! You have successfully configured DKIM for your mail server!
    “`

    The configuration can be tested by sending an empty email to check- auth@verifier.port25.com and you will get a reply will be received. If it is working properly, then you can see DKIM check: pass under Summary of Results.

    You will get like this.

    “`
    Summary of Results
    SPF check: pass
    DomainKeys check: neutral
    DKIM check: pass
    Sender-ID check: pass
    SpamAssassin check: ham
    “`

    ## Conclusion

    In this guide, we have described How to install and configure DKIM with Postfix on Debian Wheezy.