# Setup postfix to add DKIM Signature to mails send by system

## Prerequisites
* Postfix (configured using Web-V2 if possible)

## Setup
```
apt install opendkim opendkim-tools -y
adduser postfix opendkim
sudo --user opendkim mkdir /etc/opendkim/keys/<DOMAINNAME>
sudo --user opendkim opendkim-genkey -r -D /etc/opendkim/keys/<DOMAINNAME> -d <DOMAINNAME> -s vps
chown opendkim:opendkim /etc/opendkim/keys -R
mkdir /var/spool/postfix/opendkim
sudo chown opendkim:postfix /var/spool/postfix/opendkim
```

## Configuration
### File: /etc/default/opendkim REPLACE
Replace existing `RUNDIR` with the following
```
RUNDIR=/var/spool/postfix/var/run/opendkim
```
### File:/etc/opendkim.conf 
Add the following to the file
```
Canonicalization        relaxed/simple
KeyTable                refile:/etc/opendkim/KeyTable
SigningTable            refile:/etc/opendkim/SigningTable
ExternalIgnoreList      refile:/etc/opendkim/TrustedHosts
InternalHosts           refile:/etc/opendkim/TrustedHosts
```

### File: /etc/opendkim/TrustedHosts
Add the following to the file
```
127.0.0.1
::1
localhost
<EXT SERVER IP>
<HOSTNAME>
<DOMAINNAME>
```

### File: /etc/opendkim/KeyTable
Add the following to the file
```
vps._domainkey.<DOMAINNAME> <DOMAINNAME>:vps:/etc/opendkim/keys/<DOMAINNAME>/vps.private
```

### File: /etc/opendkim/SigningTable
Add the following to the file
```
*@<DOMAINNAME> vps._domainkey.<DOMAINNAME>
```

### File: /etc/postfix
Add the following to the file
```
milter_default_action = accept
milter_protocol = 2
smtpd_milters = unix:/var/run/opendkim/opendkim.sock
non_smtpd_milters = unix:/var/run/opendkim/opendkim.sock
```

## Reload and restart services
```
bash /lib/opendkim/opendkim.service.generate
systemctl daemon-reload
systemctl restart opendkim postfix
```

## DNS
### SPF on host name
###SPF on Domain
### Key on Domain
Get public key `cat /etc/opendkim/keys/<DOMAINNAME>/vps.txt`  
Output example:  

```
#Record Name     Record Type  
#   V                  V
vps._domainkey	IN	TXT	( "v=DKIM1; h=sha256; k=rsa; s=email; "
	  "p=MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsyn5ZLBpT2/eRe0pCbhlpo5XtmfQ0wUFkbEY19Su4+oMdyOfYUcKgH3TA/dB537jfXf68xlpa7dyTkjtHHFun5OWUmwbuxqdlACzxajpeHDJa8VASb4Nu7fcOC2fxn2TpFN75Bai0YsGrz7UFHwGY43jkRKlQFf24fDwqPUQ+6hGd/nnbBOmiOCTOFFMcy5MS01yvWvbOczg6P"
	  "w6CliBEW8qdp/ChRhxjwGEJeSZuDoXt5PWMv5vvGONfRsSqPzEQJwH8bBrtmgDRlN4yM2DpW5FlggSLFwsRr2qdWR+lGosQC2a2rrvZ7QTmt6X5FsM/ZEdGsGxrwqzQpK552BpgwIDAQAB" )  ; ----- DKIM key vps for Test.com
```
Warning: the key is spit in two parts, combine these in to one (as shown below)

Create a dns record as vps._domainkey with folling content  
Example:
```
v=DKIM1;h=sha256;k=rsa;s=email;p=MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsyn5ZLBpT2/eRe0pCbhlpo5XtmfQ0wUFkbEY19Su4+oMdyOfYUcKgH3TA/dB537jfXf68xlpa7dyTkjtHHFun5OWUmwbuxqdlACzxajpeHDJa8VASb4Nu7fcOC2fxn2TpFN75Bai0YsGrz7UFHwGY43jkRKlQFf24fDwqPUQ+6hGd/nnbBOmiOCTOFFMcy5MS01yvWvbOczg6Pw6CliBEW8qdp/ChRhxjwGEJeSZuDoXt5PWMv5vvGONfRsSqPzEQJwH8bBrtmgDRlN4yM2DpW5FlggSLFwsRr2qdWR+lGosQC2a2rrvZ7QTmt6X5FsM/ZEdGsGxrwqzQpK552BpgwIDAQAB;
```