Install and integrate DKIM with OpenDKIM and Postfix on a CentOS 6 Rumi, August 24, 2019February 4, 2024 UPDATE THE SYSTEM Before going any further, make sure you’re in a screen session and your system is fully up-to-date by running: ## screen -U -S opendkim-screen ## yum update ENABLE EPEL REPOSITORY OpenDKIM is available in the EPEL repository, so we need to enable it on the system before we can install OpenDKIM ## wget -P /tmp http://mirror.pnl.gov/epel/6/i386/epel-release-6-8.noarch.rpm ## rpm -Uvh /tmp/epel-release-6-8.noarch.rpm ## rm -f /tmp/epel-release-6-8.noarch.rpm Update: Feb-04-2024 Enable the EPEL Repository on CentOS 6.x, RHEL 6.x, or Oracle Linux 6.4 or higher. This section describes how to download and install the EPEL repository. Download the EPEL repository: wget https://archives.fedoraproject.org/pub/archive/epel/6/x86_64/epel-release-6-8.noarch.rpm Install the EPEL repository: rpm -Uvh epel-release-6*.rpm INSTALL OPENDKIM Install the package using yum: ## yum install opendkim CONFIGURE OPENDKIM Next thing to do is to configure OpenDKIM. Its main configuration file is located in /etc/opendkim.conf, so before making any changes create a backup and add/edit the following: ## cp /etc/opendkim.conf /etc/opendkim.conf.bal ## vim /etc/opendkim.conf Paste the below configuration parameters: AutoRestart Yes AutoRestartRate 10/1h LogWhy Yes Syslog Yes SyslogSuccess Yes Mode sv Canonicalization relaxed/simple ExternalIgnoreList refile:/etc/opendkim/TrustedHosts InternalHosts refile:/etc/opendkim/TrustedHosts KeyTable refile:/etc/opendkim/KeyTable SigningTable refile:/etc/opendkim/SigningTable SignatureAlgorithm rsa-sha256 Socket inet:8891@localhost PidFile /var/run/opendkim/opendkim.pid UMask 022 UserID opendkim:opendkim TemporaryDirectory /var/tmp SET-UP PUBLIC/PRIVATE KEYS Generate set of keys for your mydomain.com domain name: ## mkdir /etc/opendkim/keys/mydomain.com ## opendkim-genkey -D /etc/opendkim/keys/mydomain.com/ -d mydomain.com -s default ## chown -R opendkim: /etc/opendkim/keys/mydomain.com ## mv /etc/opendkim/keys/mydomain.com/default.private /etc/opendkim/keys/mydomain.com/default add mydomain.com to OpenDKIM’s key table by adding the following record in /etc/opendkim/KeyTable default._domainkey.mydomain.com mydomain.com:default:/etc/opendkim/keys/mydomain.com/default next, edit /etc/opendkim/SigningTable and add the following record to OpenDKIM’s signing table: *@mydomain.com default._domainkey.mydomain.com and add your domain and your hostname as trusted hosts in /etc/opendkim/TrustedHosts: 127.0.0.1 mydomain.com host.mydomain.com assuming the domain in question is ‘mydomain.com’ and server’s hostname is set to ‘host.mydomain.com’ finally, edit your mydomain.com DNS zone and add the TXT record from /etc/opendkim/keys/mydomain.com/default.txt default._domainkey IN TXT ( "v=DKIM1; k=rsa; " "p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDApHRr7ZmXRaAB+RQRbP4VdMwIrIHIP18KFtXRsv/xpWc0Gix6ZXN13fcG03KNGKZo2PY+csPkGC5quDnH5V0JEhDZ78KcDWFsU6u4fr9ktVAdt6P7jWXjcyqdHOZ8+YN4cAeU4lRFNgQvdupIcByYwzPYMgBFHfJm9014HvRqhwIDAQAB" ) ; ----- DKIM key default for mydomain.com You can verify your dkim TXT record is valid using dig for example: ## dig +short default._domainkey.mydomain.com TXT "v=DKIM1\; k=rsa\; " "p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDApHRr7ZmXRaAB+RQRbP4VdMwIrIHIP18KFtXRsv/xpWc0Gix6ZXN13fcG03KNGKZo2PY+csPkGC5quDnH5V0JEhDZ78KcDWFsU6u4fr9ktVAdt6P7jWXjcyqdHOZ8+YN4cAeU4lRFNgQvdupIcByYwzPYMgBFHfJm9014HvRqhwIDAQAB" CONFIGURE POSTFIX In order to integrate OpenDKIM with Postfix we need to add the following few lines in /etc/postfix/main.cf: smtpd_milters = inet:127.0.0.1:8891 non_smtpd_milters = $smtpd_milters milter_default_action = accept milter_protocol = 2 (RE)START SERVICES Add OpenDKIM to your system’s start-up and start opendkim and restart postfix using the following commands: ## service opendkim start ## chkconfig opendkim on ## service postfix restart TEST THE SET-UP To test the set-up simply send an email to check-auth@verifier.port25.com and you should receive back an email containing something like this: ========================================================== Summary of Results ========================================================== SPF check: pass DomainKeys check: neutral DKIM check: pass DKIM check: pass Src: https://www.rosehosting.com/blog/how-to-install-and-integrate-opendkim-with-postfix-on-a-centos-6-vps/ Related Administrations Collected Articles Configurations (Linux) CentOSCentOS6DKIMOpenDKIMPostfix
How to Enable /etc/rc.local with Systemd February 24, 2020 If you are running a Linux distro that uses Systemd, then you may find that your command in /etc/rc.local file would not run on system boot. This guide explains how to enable /etc/rc.local script to run on system startup. Enable /etc/rc.local on Systemd If you type the following command in… Read More
SSH to use two-factor authentication using Google Authenticator on Debian or Ubuntu Server November 19, 2023 A computer running Ubuntu 16.04 LTS or above A phone running Android or iOS A configured SSH connection You should understand the danger of stolen passwords. You don’t need to know what two-factor authentication is and how it works. 🙂 Installing and configuring required packages Start a terminal session and… Read More
How to setup as DNS client / name server IP address August 26, 2008August 26, 2008 Many new Linux user finds it difficult to setup / modify new name server address (NS1 / NS2). Local name resolution is done via /etc/hosts file. If you have small network then use /etc/hosts file. DNS (domain name service is accountable for associating domain names with ip address, for example… Read More
Hello and thank you very much for your tutorial but there is one thing that I dont get it, how do you add the key from /etc/opendkim/keys/mydomain.com/default.txt to the dns zone ? thank you very much for your time Reply
Let me help you with a sample DNS records entry on my BIND DNS Server- 202207._domainkey.mydomain.net. IN TXT ( "v=DKIM1; k=rsa; t=s; p=MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAx26cX6DGrC8ig" "tQrnej7Z/5V6JnRgTnGKWNXIwUtPissbt0s6ZyFlYQ/sjVuU+O4blb/e1A2sxFxtf2wIbKNv0iqT9Gyw" "SsYbR9iaUUwDnyEbzUtYrMRlT1RiW0S3oF0jJoJnUN5KdxP7AA2qYTl3ER/mnImcpJFfmhjsU18BGhxi" "PQJdZO9fCYXSto3Nf0GFTb/8OGGTfdlsIk8Ia5/LY68mfdp5DueE1M/LfP0/HKdjivUfSK7tY3xB1i3xf" "TyCYJf6opSBf+gezl6OkHpCj+4BTT9Qv5AvEIZPmumO/s5D48i8aSm1la+9N+MX7S/CswIqNAK/y3MWC" "3r5xiN9IQIDAQAB" ) Reply