Implementing DKIM in Zentyal MTA with SoGO

To implement this authentication mechanism, you can use a third party software called OpenDKIM. These are the steps you have to follow to deploy DKIM.

1. Install the necessary packages:

sudo apt-get install -y opendkim opendkim-tools

2. Create the folder for the DKIM keys:

sudo mkdir -vp /etc/opendkim/keys

3. Generate the DKIM keys:

sudo opendkim-genkey -s mail -d zentyal-domain.lan -D /etc/opendkim/keys

4. Configure the folder permissions:

chown -R opendkim:opendkim /etc/opendkim/
sudo chmod 0640 /etc/opendkim/keys/*.private

Read more

Share

Using NSLOOKUP to view DKIM records

NSLOOKUP is a quick and convenient way to verify that your DK/DKIM records are set up properly. The policy for DK/DKIM is a TXT record at this location:

_adsp._domainkey.<domain.com>

For the selector record you have to use:

<selector>._domainkey.<domain.com>

For example, do a NSLOOKUP for TXT at: c3po._domainkey.altn.com

Open the Start menu
Select Run...
Type cmd [Enter]
In the command window, type: NSLOOKUP [Enter]
Type: set q=txt [Enter]
Type: dcontrol._domainkey.tweenpath.net [Enter]
Share

Configure DomainKeys- DKIM (OpenDKIM) with Postfix on CentOS 7

OpenDKIM is method to digitally sign & verify emails on the mail servers using public & private keys. In other words opendkim implements the DKIM (DomainKeys Identified Mail) standard for signing and verifying email messages on a per-domain basis. DomainKeys are implemented to reduce the chances of outgoing mails to be marked as SPAM.

In this post we will demonstrate how to install & configure DomainKeys with postfix (MTA) on CentOS 7, i am assuming Postfix is already installed with following domain and hostname.

Hostname = mail5.freshdaymall.com
Domain = freshdaymall.com

Step:1 Set EPEL Repository using below rpm command

OpenDKIM package is not available in the default yum repositories but available in CentOS 7 EPEL repositories

[root@mail5 ~]# rpm -Uvh https://dl.fedoraproject.org/pub/epel/epel-release-latest-7.noarch.rpm

Step:2 Install OpenDKIM Package using yum

[root@mail5 ~]# yum install -y opendkim

Step:3 Run below Command to create keys

Execute the below command to create public & private keys under folder “/etc/opendkim/keys”

Read more

Share

Install and integrate DKIM with OpenDKIM and Postfix on a CentOS 6

UPDATE THE SYSTEM

Before going any further, make sure you’re in a screen session and your system is fully up-to-date by running:

## screen -U -S opendkim-screen
## yum update

ENABLE EPEL REPOSITORY

OpenDKIM is available in the EPEL repository, so we need to enable it on the system before we can install OpenDKIM

## wget -P /tmp http://mirror.pnl.gov/epel/6/i386/epel-release-6-8.noarch.rpm
## rpm -Uvh /tmp/epel-release-6-8.noarch.rpm
## rm -f /tmp/epel-release-6-8.noarch.rpm

Update: Feb-04-2024

Enable the EPEL Repository on CentOS 6.x, RHEL 6.x, or Oracle Linux 6.4 or higher. This section describes how to download and install the EPEL repository.

Download the EPEL repository:

wget https://archives.fedoraproject.org/pub/archive/epel/6/x86_64/epel-release-6-8.noarch.rpm

Install the EPEL repository:

rpm -Uvh epel-release-6*.rpm

INSTALL OPENDKIM

Install the package using yum:

## yum install opendkim

CONFIGURE OPENDKIM

Next thing to do is to configure OpenDKIM. Its main configuration file is located in /etc/opendkim.conf, so before making any changes create a backup and add/edit the following:

Read more

Share

SPF, DKIM, DMARC – Sample and perfect record values

Sharing some sample record value of the post subject for future reference:

SPF:

domain.gov.bd. IN TXT "v=spf1 a mx ip4:1.2.3.4 ?all"

DKIM:

MDaemon._domainkey.domain.gov.bd. IN TXT "v=DKIM1; p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDIaJcNDjvJ6LJ/zyZCIOuaQiLMSC+FBfky8JMFE7LUGlP4LXwmpaKO3Z67x+PVXgYbbFU9nzLaFOfIXTbsCh6LYLBgQF+PNghbTAchQ59IEMrMRsTPCCg95+gKYRupN0B96Uz7rrXifZL8T+yl9MkpIlAsXXs7e8Vhzwa94NdVjQIDAQAB"

DMARC:

_dmarc.domain.gov.bd. 3600 IN TXT "v=DMARC1; p=quarantine; sp=quarantine; rua=mailto:postmaster@domain.gov.bd; ruf=mailto:postmaster@domain.gov.bd; rf=afrf; pct=100; ri=86400"

DMARC Generator: 

https://www.unlocktheinbox.com/dmarcwizard/

Share

Best Practices on Email Protection: SPF, DKIM and DMARC

Once we installed Zimbra Collaboration, we need to be aware of some additional configurations that will allow us to send emails to other Email systems with an improve Security, such Gmail, Hotmail, Yahoo!, etc. This Wiki article will show the different Email Protection resources that exists, depends of the volume of sent email, will be better to implement only one, or two, or maybe all of them, depends.

SPF
Sender Policy Framework (SPF) is an email validation system, designed to prevent unwanted emails using a spoofing system. To check this common security problem, SPF going to verify the source IP of the email and compare it with a DNS TXT record with a SPF content. 

Where needs to be configured?
SPF needs to be configured in the Public DNS

Read more

Share

DKIM installation on Debian

 

This is a quick and fairly painless way of setting up DKIM, on a postfix server. DomainKeys Identified Mail (DKIM) is a method for associating a domain name to an email message, thereby allowing a person, role, or organization to claim some responsibility for the message and helps verify that your mail is legitimate. This will help your email not get flagged a spam or fraud, especially if you are doing bulk emailing or important emails.

This tutorial is written for debian, so if using centos the paths to some files may be /etc/mail prefix or similar.

First, install dkim-filters

Debian based

apt-get install dkim-filter

Redhat Based

Enable EPEL

yum install dkim-milter

Read more

Share

Configuring DKIM signing in MDaemon

DomainKeys Identified Mail (DKIM) is an open protocol for protecting email users against email address identity theft and email message content tampering. It does this by providing positive identification of the signer’s identity along with an encrypted “hash” of the message content.
To configure and use DKIM: 
  1. The system administrator creates a private/public key pair for the server and publishes the public key in the domain’s domain name server.
  2. Using the private key, the sending server creates a signature for each outgoing message. The resulting signature data is stored in a “DKIM-Signature” header within the message.
  3. The receiving server obtains the signature from the “DKIM-Signature” header and verifies it using the signer’s public key.

    Read more

Share