Installing and Configuring openDKIM on Debian
This guide will show you how to install and configure openDKIM on a Debian Squeeze VPS. DKIM is a signature/cryptography email authentication technology used to validate that a message was sent by an authorized source. DKIM allows an organization to take responsibility for transmitting a message, in a way that can be verified by a recipient. More information can be found at the official DKIM web site.
Install openDKIM
aptitude install opendkim
Create a new directory for your key
mkdir /etc/opendkim/keys/your-domain.com
Generate singing keys
opendkim-genkey -D /etc/opendkim/keys/your-domain.com -d your-domain.com -s mail
The above command will create two files under the newly created directory – mail.private and mail.txt
Change the ownership to opendkim
chown -R opendkim:opendkim /etc/opendkim/keys/your-domain.com
Open the openDKIM configuration file /etc/opendkim.conf , delete everything and add the following
PidFile /var/run/opendkim/opendkim.pid Mode sv Syslog yes SyslogSuccess yes LogWhy yes UserID opendkim:opendkim Socket inet:8891@localhost Umask 002 Canonicalization relaxed/simple Selector mail KeyFile /etc/opendkim/keys/your-domain.com/mail.private KeyTable /etc/opendkim/KeyTable SigningTable /etc/opendkim/SigningTable
Open /etc/opendkim/KeyTable (list of keys available for signing) and add the following line
mail._domainkey.your-domain.com your-domain.com:mail:/etc/opendkim/keys/your-domain.com/mail.private
Open /etc/opendkim/SigningTable and add the following line
your-domain.com mail._domainkey.your-domain.com
Open /etc/opendkim/TrustedHosts and add the following lines
127.0.0.1 localhost your-domain.com
Add the content of the /etc/opendkim/keys/your-domain.com/mail.txt file to your DNS zone file
mail._domainkey IN TXT "v=DKIM1; g=*; k=rsa; p=MIG.......B58FQIDAQAB" ; ----- DKIM mail for your-domain.com
Open the postfix configuration file (/etc/postfix/main.cf) and add the following lines
smtpd_milters = inet:127.0.0.1:8891 non_smtpd_milters = $smtpd_milters milter_default_action = accept milter_protocol = 2
Restart both openDKIM and postfix
/etc/init.d/opendkim restart /etc/init.d/postfix restart
To check if everything works as expected send an email to check-auth@verifier.port25.com. In a few seconds you will get an email as follows
==================================== Summary of Results ==================================== SPF check: pass DomainKeys check: pass DKIM check: pass Sender-ID check: pass SpamAssassin check: ham
The line “DKIM check: pass” means that you have successfully installed openDKIM on your sever.
PS. If you liked this post please share it with your friends on the social networks using the buttons on the left or simply leave a reply below. Thanks.
You add a private key here KeyFile /etc/opendkim/keys/your-domain.com/mail.private,
yet you then add multiple domain ( I have 27 domains for signing ) into other files. I suppose you are using the same key for signing all of your domains, which is a bit insecure ( or lazy ) :D
In Wheezy you also need to install the package opendkim-tools to have the command opendkim-genkey.
I also recommend you change the 2nd command from
$ mkdir /etc/opendkim/keys/your-domain.com
to
$ mkdir -p /etc/opendkim/keys/your-domain.com
because de dir /etc/opendkim (at least not in wheezy)
Thank you very much for your blog post!