This is a quick and fairly painless way of setting up DKIM, on a postfix server. DomainKeys Identified Mail (DKIM) is a method for associating a domain name to an email message, thereby allowing a person, role, or organization to claim some responsibility for the message and helps verify that your mail is legitimate. This will help your email not get flagged a spam or fraud, especially if you are doing bulk emailing or important emails.
This tutorial is written for debian, so if using centos the paths to some files may be /etc/mail prefix or similar.
First, install dkim-filters
Debian based
apt-get install dkim-filter
Redhat Based
Enable EPEL
yum install dkim-milter
Setup a domain key for a domain – feel free to setup a few of these if needed
DKIMDOMAIN=yourdomain.com
mkdir -p /etc/dkim/keys/$DKIMDOMAIN
cd /etc/dkim/keys/$DKIMDOMAIN
dkim-genkey -r -d $DKIMDOMAIN
If you want an easy web based way check out http://www.socketlabs.com/services/dkwiz which also gives you the DNS records.
Create a file /etc/dkim-keys.conf and insert into it a line like this (replacing 'domain.com' with your own domain)
*@domain.com:domain.com:/etc/dkim/keys/domain.com/default.private
If you have problems, rename the default.private to just 'default' and use the website mentioned above to generate the keys. I found occasionally the command line generation failed on some distros .
If you used command line then check the file at /etc/dkim/keys/yourdomain/default.txt which will have something like this
default._domainkey IN TXT "v=DKIM1; k=rsa; p=MIGfMA0frgfrefgrweferNYlS+8jyrbAxNsghsPrWYgOQQWI0Ab4e9MT" ; —– DKIM default for yourdomain.com
Yours should be much longer, this was snipped for brevity. You need to add the TXT record default._domainkey with the key between the quotes. If you are using standard bind then you can copy/paste that into the named file.
NOTE: Newer versions use default.private._domainkey
Another TXT record worth adding is
_domainkey IN TXT t=y;o=~;
Now look for and edit your /etc/dkim-filter.conf (Debian based distros may have this in /etc/dkim/dkim-filter.conf ).
You need to have 2 lines like this
KeyList /etc/dkim-keys.conf
Socket inet:8891@localhost
If you use debian you need to also edit /etc/default/dkim-filter and have the socket in there as SOCKET="inet:8891@localhost"
Then restart the DKIM filter
/etc/init.d/dkim-filter restart
Now add the following code into the postifx config. This goes into main.cf (/etc/postfix/main.cf )
milter_default_action = accept
milter_protocol = 2
smtpd_milters = inet:localhost:8891
non_smtpd_milters = inet:localhost:8891
Then of course restart postfix
This should now sign emails going out with the domain key, it pays to use this webpage to check things are working http://www.brandonchecketts.com/emailtest.php .postfix reload
Resources:
http://protodave.com/security/checking-your-dkim-dns-record/
http://www.port25.com/support/domainkeysdkim-wizard/
http://blogs.cisco.com/security/common_errors_causing_dkim_verification_failures/
http://blog.rimuhosting.com/2012/05/17/setting-up-domains-keys-dkim-on-postfix/
http://www.brandonchecketts.com/emailtest.php?email=UZgMB0ZNwZ%40www.brandonchecketts.com