Install and integrate DKIM with OpenDKIM and Postfix on a CentOS 6 Rumi, August 24, 2019February 4, 2024 UPDATE THE SYSTEM Before going any further, make sure you’re in a screen session and your system is fully up-to-date by running: ## screen -U -S opendkim-screen ## yum update ENABLE EPEL REPOSITORY OpenDKIM is available in the EPEL repository, so we need to enable it on the system before we can install OpenDKIM ## wget -P /tmp http://mirror.pnl.gov/epel/6/i386/epel-release-6-8.noarch.rpm ## rpm -Uvh /tmp/epel-release-6-8.noarch.rpm ## rm -f /tmp/epel-release-6-8.noarch.rpm Update: Feb-04-2024 Enable the EPEL Repository on CentOS 6.x, RHEL 6.x, or Oracle Linux 6.4 or higher. This section describes how to download and install the EPEL repository. Download the EPEL repository: wget https://archives.fedoraproject.org/pub/archive/epel/6/x86_64/epel-release-6-8.noarch.rpm Install the EPEL repository: rpm -Uvh epel-release-6*.rpm INSTALL OPENDKIM Install the package using yum: ## yum install opendkim CONFIGURE OPENDKIM Next thing to do is to configure OpenDKIM. Its main configuration file is located in /etc/opendkim.conf, so before making any changes create a backup and add/edit the following: ## cp /etc/opendkim.conf /etc/opendkim.conf.bal ## vim /etc/opendkim.conf Paste the below configuration parameters: AutoRestart Yes AutoRestartRate 10/1h LogWhy Yes Syslog Yes SyslogSuccess Yes Mode sv Canonicalization relaxed/simple ExternalIgnoreList refile:/etc/opendkim/TrustedHosts InternalHosts refile:/etc/opendkim/TrustedHosts KeyTable refile:/etc/opendkim/KeyTable SigningTable refile:/etc/opendkim/SigningTable SignatureAlgorithm rsa-sha256 Socket inet:8891@localhost PidFile /var/run/opendkim/opendkim.pid UMask 022 UserID opendkim:opendkim TemporaryDirectory /var/tmp SET-UP PUBLIC/PRIVATE KEYS Generate set of keys for your mydomain.com domain name: ## mkdir /etc/opendkim/keys/mydomain.com ## opendkim-genkey -D /etc/opendkim/keys/mydomain.com/ -d mydomain.com -s default ## chown -R opendkim: /etc/opendkim/keys/mydomain.com ## mv /etc/opendkim/keys/mydomain.com/default.private /etc/opendkim/keys/mydomain.com/default add mydomain.com to OpenDKIM’s key table by adding the following record in /etc/opendkim/KeyTable default._domainkey.mydomain.com mydomain.com:default:/etc/opendkim/keys/mydomain.com/default next, edit /etc/opendkim/SigningTable and add the following record to OpenDKIM’s signing table: *@mydomain.com default._domainkey.mydomain.com and add your domain and your hostname as trusted hosts in /etc/opendkim/TrustedHosts: 127.0.0.1 mydomain.com host.mydomain.com assuming the domain in question is ‘mydomain.com’ and server’s hostname is set to ‘host.mydomain.com’ finally, edit your mydomain.com DNS zone and add the TXT record from /etc/opendkim/keys/mydomain.com/default.txt default._domainkey IN TXT ( "v=DKIM1; k=rsa; " "p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDApHRr7ZmXRaAB+RQRbP4VdMwIrIHIP18KFtXRsv/xpWc0Gix6ZXN13fcG03KNGKZo2PY+csPkGC5quDnH5V0JEhDZ78KcDWFsU6u4fr9ktVAdt6P7jWXjcyqdHOZ8+YN4cAeU4lRFNgQvdupIcByYwzPYMgBFHfJm9014HvRqhwIDAQAB" ) ; ----- DKIM key default for mydomain.com You can verify your dkim TXT record is valid using dig for example: ## dig +short default._domainkey.mydomain.com TXT "v=DKIM1\; k=rsa\; " "p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDApHRr7ZmXRaAB+RQRbP4VdMwIrIHIP18KFtXRsv/xpWc0Gix6ZXN13fcG03KNGKZo2PY+csPkGC5quDnH5V0JEhDZ78KcDWFsU6u4fr9ktVAdt6P7jWXjcyqdHOZ8+YN4cAeU4lRFNgQvdupIcByYwzPYMgBFHfJm9014HvRqhwIDAQAB" CONFIGURE POSTFIX In order to integrate OpenDKIM with Postfix we need to add the following few lines in /etc/postfix/main.cf: smtpd_milters = inet:127.0.0.1:8891 non_smtpd_milters = $smtpd_milters milter_default_action = accept milter_protocol = 2 (RE)START SERVICES Add OpenDKIM to your system’s start-up and start opendkim and restart postfix using the following commands: ## service opendkim start ## chkconfig opendkim on ## service postfix restart TEST THE SET-UP To test the set-up simply send an email to check-auth@verifier.port25.com and you should receive back an email containing something like this: ========================================================== Summary of Results ========================================================== SPF check: pass DomainKeys check: neutral DKIM check: pass DKIM check: pass Src: https://www.rosehosting.com/blog/how-to-install-and-integrate-opendkim-with-postfix-on-a-centos-6-vps/ Administrations Collected Articles Configurations (Linux) CentOSCentOS6DKIMOpenDKIMPostfix
Hello and thank you very much for your tutorial but there is one thing that I dont get it, how do you add the key from /etc/opendkim/keys/mydomain.com/default.txt to the dns zone ? thank you very much for your time
Let me help you with a sample DNS records entry on my BIND DNS Server- 202207._domainkey.mydomain.net. IN TXT ( "v=DKIM1; k=rsa; t=s; p=MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAx26cX6DGrC8ig" "tQrnej7Z/5V6JnRgTnGKWNXIwUtPissbt0s6ZyFlYQ/sjVuU+O4blb/e1A2sxFxtf2wIbKNv0iqT9Gyw" "SsYbR9iaUUwDnyEbzUtYrMRlT1RiW0S3oF0jJoJnUN5KdxP7AA2qYTl3ER/mnImcpJFfmhjsU18BGhxi" "PQJdZO9fCYXSto3Nf0GFTb/8OGGTfdlsIk8Ia5/LY68mfdp5DueE1M/LfP0/HKdjivUfSK7tY3xB1i3xf" "TyCYJf6opSBf+gezl6OkHpCj+4BTT9Qv5AvEIZPmumO/s5D48i8aSm1la+9N+MX7S/CswIqNAK/y3MWC" "3r5xiN9IQIDAQAB" )