UPDATE THE SYSTEM
Before going any further, make sure you’re in a screen session and your system is fully up-to-date by running:
## screen -U -S opendkim-screen ## yum update
ENABLE EPEL REPOSITORY
OpenDKIM is available in the EPEL repository, so we need to enable it on the system before we can install OpenDKIM
## wget -P /tmp http://mirror.pnl.gov/epel/6/i386/epel-release-6-8.noarch.rpm ## rpm -Uvh /tmp/epel-release-6-8.noarch.rpm ## rm -f /tmp/epel-release-6-8.noarch.rpm
Update: Feb-04-2024
Enable the EPEL Repository on CentOS 6.x, RHEL 6.x, or Oracle Linux 6.4 or higher. This section describes how to download and install the EPEL repository.
Download the EPEL repository:
wget https://archives.fedoraproject.org/pub/archive/epel/6/x86_64/epel-release-6-8.noarch.rpmInstall the EPEL repository:
rpm -Uvh epel-release-6*.rpm
INSTALL OPENDKIM
Install the package using yum:
## yum install opendkim
CONFIGURE OPENDKIM
Next thing to do is to configure OpenDKIM. Its main configuration file is located in /etc/opendkim.conf, so before making any changes create a backup and add/edit the following:
## cp /etc/opendkim.conf /etc/opendkim.conf.bal ## vim /etc/opendkim.conf
Paste the below configuration parameters:
AutoRestart Yes AutoRestartRate 10/1h LogWhy Yes Syslog Yes SyslogSuccess Yes Mode sv Canonicalization relaxed/simple ExternalIgnoreList refile:/etc/opendkim/TrustedHosts InternalHosts refile:/etc/opendkim/TrustedHosts KeyTable refile:/etc/opendkim/KeyTable SigningTable refile:/etc/opendkim/SigningTable SignatureAlgorithm rsa-sha256 Socket inet:8891@localhost PidFile /var/run/opendkim/opendkim.pid UMask 022 UserID opendkim:opendkim TemporaryDirectory /var/tmp
SET-UP PUBLIC/PRIVATE KEYS
Generate set of keys for your mydomain.com domain name:
## mkdir /etc/opendkim/keys/mydomain.com ## opendkim-genkey -D /etc/opendkim/keys/mydomain.com/ -d mydomain.com -s default ## chown -R opendkim: /etc/opendkim/keys/mydomain.com ## mv /etc/opendkim/keys/mydomain.com/default.private /etc/opendkim/keys/mydomain.com/default
add mydomain.com to OpenDKIM’s key table by adding the following record in /etc/opendkim/KeyTable
default._domainkey.mydomain.com mydomain.com:default:/etc/opendkim/keys/mydomain.com/default
next, edit /etc/opendkim/SigningTable and add the following record to OpenDKIM’s signing table:
*@mydomain.com default._domainkey.mydomain.com
and add your domain and your hostname as trusted hosts in /etc/opendkim/TrustedHosts:
127.0.0.1 mydomain.com host.mydomain.com
assuming the domain in question is ‘mydomain.com’ and server’s hostname is set to ‘host.mydomain.com’
finally, edit your mydomain.com DNS zone and add the TXT record from /etc/opendkim/keys/mydomain.com/default.txt
default._domainkey IN TXT ( "v=DKIM1; k=rsa; " "p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDApHRr7ZmXRaAB+RQRbP4VdMwIrIHIP18KFtXRsv/xpWc0Gix6ZXN13fcG03KNGKZo2PY+csPkGC5quDnH5V0JEhDZ78KcDWFsU6u4fr9ktVAdt6P7jWXjcyqdHOZ8+YN4cAeU4lRFNgQvdupIcByYwzPYMgBFHfJm9014HvRqhwIDAQAB" ) ; ----- DKIM key default for mydomain.com
You can verify your dkim TXT record is valid using dig for example:
## dig +short default._domainkey.mydomain.com TXT
"v=DKIM1\; k=rsa\; " "p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDApHRr7ZmXRaAB+RQRbP4VdMwIrIHIP18KFtXRsv/xpWc0Gix6ZXN13fcG03KNGKZo2PY+csPkGC5quDnH5V0JEhDZ78KcDWFsU6u4fr9ktVAdt6P7jWXjcyqdHOZ8+YN4cAeU4lRFNgQvdupIcByYwzPYMgBFHfJm9014HvRqhwIDAQAB"
CONFIGURE POSTFIX
In order to integrate OpenDKIM with Postfix we need to add the following few lines in /etc/postfix/main.cf:
smtpd_milters = inet:127.0.0.1:8891 non_smtpd_milters = $smtpd_milters milter_default_action = accept milter_protocol = 2
(RE)START SERVICES
Add OpenDKIM to your system’s start-up and start opendkim and restart postfix using the following commands:
## service opendkim start ## chkconfig opendkim on ## service postfix restart
TEST THE SET-UP
To test the set-up simply send an email to check-auth@verifier.port25.com and you should receive back an email containing something like this:
========================================================== Summary of Results ========================================================== SPF check: pass DomainKeys check: neutral DKIM check: pass DKIM check: pass
Src: https://www.rosehosting.com/blog/how-to-install-and-integrate-opendkim-with-postfix-on-a-centos-6-vps/
Hello and thank you very much for your tutorial
but there is one thing that I dont get it, how do you add the key from /etc/opendkim/keys/mydomain.com/default.txt to the dns zone ?
thank you very much for your time
Let me help you with a sample DNS records entry on my BIND DNS Server-
202207._domainkey.mydomain.net. IN TXT ( "v=DKIM1; k=rsa; t=s; p=MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAx26cX6DGrC8ig"
"tQrnej7Z/5V6JnRgTnGKWNXIwUtPissbt0s6ZyFlYQ/sjVuU+O4blb/e1A2sxFxtf2wIbKNv0iqT9Gyw"
"SsYbR9iaUUwDnyEbzUtYrMRlT1RiW0S3oF0jJoJnUN5KdxP7AA2qYTl3ER/mnImcpJFfmhjsU18BGhxi"
"PQJdZO9fCYXSto3Nf0GFTb/8OGGTfdlsIk8Ia5/LY68mfdp5DueE1M/LfP0/HKdjivUfSK7tY3xB1i3xf"
"TyCYJf6opSBf+gezl6OkHpCj+4BTT9Qv5AvEIZPmumO/s5D48i8aSm1la+9N+MX7S/CswIqNAK/y3MWC"
"3r5xiN9IQIDAQAB" )