DKIM

Created Thursday 06 March 2014
http://tools.ietf.org/html/rfc6376
http://www.opendkim.org/opendkim-README

http://askubuntu.com/questions/134725/setup-dkim-domainkeys-for-ubuntu-postfix-and-mailman
http://www.tnsolutions.ro/opendkim-multiple-domains/

https://help.ubuntu.com/community/Postfix/DKIM

https://support.google.com/mail/answer/81126
https://productforums.google.com/forum/#!topic/gmail/2_f9EgHvliw

http://blogs.msdn.com/b/tzink/archive/2013/04/26/how-to-set-up-your-dkim-records-if-you-are-outsourcing-some-or-all-of-your-email.aspx

In general the process is:

  1. Generate key:
    1. opendkim-genkey -s somekey -d domain.com
  2. Create directory /etc/opendkim and copy there the generated file somekey.private
    1. chown opendkim /etc/opendkim/somekey.private
  3. Copy from the generated somekey.txt the TXT record, optionally update it with key t=y; (meaning test=yes) for 'soft checking', update authoritative DNS servers with this record. The record may look like:
    1. Name:
      1. somekey._domainkey.domain.com.
    2. Type:
      1. TXT
    3. Spec:
      1. "v=DKIM1; k=rsa; t=y; p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQC56LR4+/tT7TxmDBNfaPK0WfPSFv3JyLgETgpkfAsfqqdggNnxMVz7Crp85MDlw+fuZCPt7SZ8WDgs2qNiQOejGDCyl5be5pTQjZQ8QSeVwOdnUuhUaZrum1rwlGNloFVO18Ab5MSMkfoI/wBTPS/RbLixX0eqykXumEYnX3cwwQIDAQAB"
  4. Test signature:
    1. opendkim-testkey -d example.com -s 201205 -k 201205.private -vvv
  5. Add the following to /etc/opendkim.conf
Domain domain.com
KeyFile /etc/opendkim/somekey.private
Selector somekey
Canonicalization relaxed/simple
Mode sv
SubDomains yes
Syslog yes
LogWhy yes
UMask 002
Canonicalization relaxed/relaxed
Mode sv
SubDomains yes
KeyTable /etc/opendkim/KeyTable
SigningTable /etc/opendkim/SigningTable
ExternalIgnoreList /etc/opendkim/TrustedHosts
InternalHosts /etc/opendkim/TrustedHosts
Socket inet:8891@localhost
OversignHeaders From
  1. Create /etc/opendkim/KeyTable and add there:
somekey._domainkey.domain.com domain.com:somekey:/etc/opendkim/somekey.private
  1. Create /etc/opendkim/SigningTable and add there:
domain.com somekey._domainkey.domain.com
  1. Create /etc/opendkim/TrustedHosts and add there:
127.0.0.1
localhost
domain.com
  1. Add to /etc/postfix/main.cf
# OPENDKIM
milter_default_action = accept
milter_protocol = 2
smtpd_milters=inet:localhost:8891
non_smtpd_milters=inet:localhost:8891
  1. service opendkim restart
  2. service postfix restart



Backlinks: