Install and integrate DKIM with OpenDKIM and Postfix on a CentOS 6

Rumi,

UPDATE THE SYSTEM

Before going any further, make sure you’re in a screen session and your system is fully up-to-date by running:

## screen -U -S opendkim-screen
## yum update

ENABLE EPEL REPOSITORY

OpenDKIM is available in the EPEL repository, so we need to enable it on the system before we can install OpenDKIM

## wget -P /tmp http://mirror.pnl.gov/epel/6/i386/epel-release-6-8.noarch.rpm
## rpm -Uvh /tmp/epel-release-6-8.noarch.rpm
## rm -f /tmp/epel-release-6-8.noarch.rpm

Update: Feb-04-2024

Enable the EPEL Repository on CentOS 6.x, RHEL 6.x, or Oracle Linux 6.4 or higher. This section describes how to download and install the EPEL repository.

Download the EPEL repository:

wget https://archives.fedoraproject.org/pub/archive/epel/6/x86_64/epel-release-6-8.noarch.rpm

Install the EPEL repository:

rpm -Uvh epel-release-6*.rpm

INSTALL OPENDKIM

Install the package using yum:

## yum install opendkim

CONFIGURE OPENDKIM

Next thing to do is to configure OpenDKIM. Its main configuration file is located in /etc/opendkim.conf, so before making any changes create a backup and add/edit the following:

## cp /etc/opendkim.conf /etc/opendkim.conf.bal
## vim /etc/opendkim.conf

Paste the below configuration parameters:

AutoRestart Yes
AutoRestartRate 10/1h
LogWhy Yes
Syslog Yes
SyslogSuccess Yes
Mode sv
Canonicalization relaxed/simple
ExternalIgnoreList refile:/etc/opendkim/TrustedHosts
InternalHosts refile:/etc/opendkim/TrustedHosts
KeyTable refile:/etc/opendkim/KeyTable
SigningTable refile:/etc/opendkim/SigningTable
SignatureAlgorithm rsa-sha256
Socket inet:8891@localhost
PidFile /var/run/opendkim/opendkim.pid
UMask 022
UserID opendkim:opendkim
TemporaryDirectory /var/tmp

SET-UP PUBLIC/PRIVATE KEYS

Generate set of keys for your mydomain.com domain name:

## mkdir /etc/opendkim/keys/mydomain.com
## opendkim-genkey -D /etc/opendkim/keys/mydomain.com/ -d mydomain.com -s default
## chown -R opendkim: /etc/opendkim/keys/mydomain.com
## mv /etc/opendkim/keys/mydomain.com/default.private /etc/opendkim/keys/mydomain.com/default

add mydomain.com to OpenDKIM’s key table by adding the following record in /etc/opendkim/KeyTable

default._domainkey.mydomain.com mydomain.com:default:/etc/opendkim/keys/mydomain.com/default

next, edit /etc/opendkim/SigningTable and add the following record to OpenDKIM’s signing table:

*@mydomain.com default._domainkey.mydomain.com

and add your domain and your hostname as trusted hosts in /etc/opendkim/TrustedHosts:

127.0.0.1
mydomain.com
host.mydomain.com

assuming the domain in question is ‘mydomain.com’ and server’s hostname is set to ‘host.mydomain.com’

finally, edit your mydomain.com DNS zone and add the TXT record from /etc/opendkim/keys/mydomain.com/default.txt

default._domainkey IN TXT ( "v=DKIM1; k=rsa; "
"p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDApHRr7ZmXRaAB+RQRbP4VdMwIrIHIP18KFtXRsv/xpWc0Gix6ZXN13fcG03KNGKZo2PY+csPkGC5quDnH5V0JEhDZ78KcDWFsU6u4fr9ktVAdt6P7jWXjcyqdHOZ8+YN4cAeU4lRFNgQvdupIcByYwzPYMgBFHfJm9014HvRqhwIDAQAB" ) ; ----- DKIM key default for mydomain.com

You can verify your dkim TXT record is valid using dig for example:

## dig +short default._domainkey.mydomain.com TXT
"v=DKIM1\; k=rsa\; " "p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDApHRr7ZmXRaAB+RQRbP4VdMwIrIHIP18KFtXRsv/xpWc0Gix6ZXN13fcG03KNGKZo2PY+csPkGC5quDnH5V0JEhDZ78KcDWFsU6u4fr9ktVAdt6P7jWXjcyqdHOZ8+YN4cAeU4lRFNgQvdupIcByYwzPYMgBFHfJm9014HvRqhwIDAQAB"

CONFIGURE POSTFIX

In order to integrate OpenDKIM with Postfix we need to add the following few lines in /etc/postfix/main.cf:

smtpd_milters = inet:127.0.0.1:8891
non_smtpd_milters = $smtpd_milters
milter_default_action = accept
milter_protocol = 2

(RE)START SERVICES

Add OpenDKIM to your system’s start-up and start opendkim and restart postfix using the following commands:

## service opendkim start
## chkconfig opendkim on
## service postfix restart

TEST THE SET-UP

To test the set-up simply send an email to check-auth@verifier.port25.com and you should receive back an email containing something like this:

==========================================================
Summary of Results
==========================================================
SPF check: pass
DomainKeys check: neutral
DKIM check: pass
DKIM check: pass

Src: https://www.rosehosting.com/blog/how-to-install-and-integrate-opendkim-with-postfix-on-a-centos-6-vps/

Administrations Collected Articles Configurations (Linux)

Comments (2)

  1. Hello and thank you very much for your tutorial
    but there is one thing that I dont get it, how do you add the key from /etc/opendkim/keys/mydomain.com/default.txt to the dns zone ?
    thank you very much for your time

    Reply

    1. Let me help you with a sample DNS records entry on my BIND DNS Server-

      202207._domainkey.mydomain.net. IN TXT ( "v=DKIM1; k=rsa; t=s; p=MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAx26cX6DGrC8ig"
      "tQrnej7Z/5V6JnRgTnGKWNXIwUtPissbt0s6ZyFlYQ/sjVuU+O4blb/e1A2sxFxtf2wIbKNv0iqT9Gyw"
      "SsYbR9iaUUwDnyEbzUtYrMRlT1RiW0S3oF0jJoJnUN5KdxP7AA2qYTl3ER/mnImcpJFfmhjsU18BGhxi"
      "PQJdZO9fCYXSto3Nf0GFTb/8OGGTfdlsIk8Ia5/LY68mfdp5DueE1M/LfP0/HKdjivUfSK7tY3xB1i3xf"
      "TyCYJf6opSBf+gezl6OkHpCj+4BTT9Qv5AvEIZPmumO/s5D48i8aSm1la+9N+MX7S/CswIqNAK/y3MWC"
      "3r5xiN9IQIDAQAB" )

      Reply

Leave a Reply

Your email address will not be published. Required fields are marked *