Install and integrate DKIM with OpenDKIM and Postfix on a CentOS 6 Rumi, August 24, 2019February 4, 2024 UPDATE THE SYSTEM Before going any further, make sure you’re in a screen session and your system is fully up-to-date by running: ## screen -U -S opendkim-screen ## yum update ENABLE EPEL REPOSITORY OpenDKIM is available in the EPEL repository, so we need to enable it on the system before we can install OpenDKIM ## wget -P /tmp http://mirror.pnl.gov/epel/6/i386/epel-release-6-8.noarch.rpm ## rpm -Uvh /tmp/epel-release-6-8.noarch.rpm ## rm -f /tmp/epel-release-6-8.noarch.rpm Update: Feb-04-2024 Enable the EPEL Repository on CentOS 6.x, RHEL 6.x, or Oracle Linux 6.4 or higher. This section describes how to download and install the EPEL repository. Download the EPEL repository: wget https://archives.fedoraproject.org/pub/archive/epel/6/x86_64/epel-release-6-8.noarch.rpm Install the EPEL repository: rpm -Uvh epel-release-6*.rpm INSTALL OPENDKIM Install the package using yum: ## yum install opendkim CONFIGURE OPENDKIM Next thing to do is to configure OpenDKIM. Its main configuration file is located in /etc/opendkim.conf, so before making any changes create a backup and add/edit the following: ## cp /etc/opendkim.conf /etc/opendkim.conf.bal ## vim /etc/opendkim.conf Paste the below configuration parameters: AutoRestart Yes AutoRestartRate 10/1h LogWhy Yes Syslog Yes SyslogSuccess Yes Mode sv Canonicalization relaxed/simple ExternalIgnoreList refile:/etc/opendkim/TrustedHosts InternalHosts refile:/etc/opendkim/TrustedHosts KeyTable refile:/etc/opendkim/KeyTable SigningTable refile:/etc/opendkim/SigningTable SignatureAlgorithm rsa-sha256 Socket inet:8891@localhost PidFile /var/run/opendkim/opendkim.pid UMask 022 UserID opendkim:opendkim TemporaryDirectory /var/tmp SET-UP PUBLIC/PRIVATE KEYS Generate set of keys for your mydomain.com domain name: ## mkdir /etc/opendkim/keys/mydomain.com ## opendkim-genkey -D /etc/opendkim/keys/mydomain.com/ -d mydomain.com -s default ## chown -R opendkim: /etc/opendkim/keys/mydomain.com ## mv /etc/opendkim/keys/mydomain.com/default.private /etc/opendkim/keys/mydomain.com/default add mydomain.com to OpenDKIM’s key table by adding the following record in /etc/opendkim/KeyTable default._domainkey.mydomain.com mydomain.com:default:/etc/opendkim/keys/mydomain.com/default next, edit /etc/opendkim/SigningTable and add the following record to OpenDKIM’s signing table: *@mydomain.com default._domainkey.mydomain.com and add your domain and your hostname as trusted hosts in /etc/opendkim/TrustedHosts: 127.0.0.1 mydomain.com host.mydomain.com assuming the domain in question is ‘mydomain.com’ and server’s hostname is set to ‘host.mydomain.com’ finally, edit your mydomain.com DNS zone and add the TXT record from /etc/opendkim/keys/mydomain.com/default.txt default._domainkey IN TXT ( "v=DKIM1; k=rsa; " "p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDApHRr7ZmXRaAB+RQRbP4VdMwIrIHIP18KFtXRsv/xpWc0Gix6ZXN13fcG03KNGKZo2PY+csPkGC5quDnH5V0JEhDZ78KcDWFsU6u4fr9ktVAdt6P7jWXjcyqdHOZ8+YN4cAeU4lRFNgQvdupIcByYwzPYMgBFHfJm9014HvRqhwIDAQAB" ) ; ----- DKIM key default for mydomain.com You can verify your dkim TXT record is valid using dig for example: ## dig +short default._domainkey.mydomain.com TXT "v=DKIM1\; k=rsa\; " "p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDApHRr7ZmXRaAB+RQRbP4VdMwIrIHIP18KFtXRsv/xpWc0Gix6ZXN13fcG03KNGKZo2PY+csPkGC5quDnH5V0JEhDZ78KcDWFsU6u4fr9ktVAdt6P7jWXjcyqdHOZ8+YN4cAeU4lRFNgQvdupIcByYwzPYMgBFHfJm9014HvRqhwIDAQAB" CONFIGURE POSTFIX In order to integrate OpenDKIM with Postfix we need to add the following few lines in /etc/postfix/main.cf: smtpd_milters = inet:127.0.0.1:8891 non_smtpd_milters = $smtpd_milters milter_default_action = accept milter_protocol = 2 (RE)START SERVICES Add OpenDKIM to your system’s start-up and start opendkim and restart postfix using the following commands: ## service opendkim start ## chkconfig opendkim on ## service postfix restart TEST THE SET-UP To test the set-up simply send an email to check-auth@verifier.port25.com and you should receive back an email containing something like this: ========================================================== Summary of Results ========================================================== SPF check: pass DomainKeys check: neutral DKIM check: pass DKIM check: pass Src: https://www.rosehosting.com/blog/how-to-install-and-integrate-opendkim-with-postfix-on-a-centos-6-vps/ Related Administrations Collected Articles Configurations (Linux) CentOSCentOS6DKIMOpenDKIMPostfix
Postfix 2.2.3 main.cf configured sample file October 28, 2008 queue_directory = /var/spool/postfix command_directory = /usr/sbin daemon_directory = /usr/libexec/postfix mail_owner = postfix myhostname = server.domain.com mydomain = domain.com myorigin = $mydomain inet_interfaces = all mydestination = $myhostname, localhost.$mydomain, localhost, $mydomain, mail. $mydomain, www.$mydomain, ftp.$mydomain local_recipient_maps = unknown_local_recipient_reject_code = 550 mynetworks = 192.168.1.0/24 127.0.0.0/8 #relay_domains = $mydestination #relayhost = $mydomain #relayhost… Read More
Destroy Linux operating system with fork bomb January 20, 2024 If you don’t want to completely destroy your Linux system but just neutralize it, you can go with a fork bomb using the following command: :(){ :|: & };: This will create a process which will duplicate it self infinitely until the system crash. If you are in a situation… Read More
10 Useful APIs for your Web Site & App September 28, 2010 Web APIs change the way content and services are consumed and manipulated. Web developers can take advantage of 1000s of APIs to add more content or functionality to their site. We’ve compiled a list of 10 most useful APIs you can consider using for your web site or application. Google… Read More
Hello and thank you very much for your tutorial but there is one thing that I dont get it, how do you add the key from /etc/opendkim/keys/mydomain.com/default.txt to the dns zone ? thank you very much for your time Reply
Let me help you with a sample DNS records entry on my BIND DNS Server- 202207._domainkey.mydomain.net. IN TXT ( "v=DKIM1; k=rsa; t=s; p=MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAx26cX6DGrC8ig" "tQrnej7Z/5V6JnRgTnGKWNXIwUtPissbt0s6ZyFlYQ/sjVuU+O4blb/e1A2sxFxtf2wIbKNv0iqT9Gyw" "SsYbR9iaUUwDnyEbzUtYrMRlT1RiW0S3oF0jJoJnUN5KdxP7AA2qYTl3ER/mnImcpJFfmhjsU18BGhxi" "PQJdZO9fCYXSto3Nf0GFTb/8OGGTfdlsIk8Ia5/LY68mfdp5DueE1M/LfP0/HKdjivUfSK7tY3xB1i3xf" "TyCYJf6opSBf+gezl6OkHpCj+4BTT9Qv5AvEIZPmumO/s5D48i8aSm1la+9N+MX7S/CswIqNAK/y3MWC" "3r5xiN9IQIDAQAB" ) Reply