3.0 KiB
3.0 KiB
Setup postfix to add DKIM Signature to mails send by system
Prerequisites
- Postfix (configured using Web-V2 if possible)
Setup
apt install opendkim opendkim-tools -y
adduser postfix opendkim
sudo --user opendkim mkdir /etc/opendkim/keys/<DOMAINNAME>
sudo --user opendkim opendkim-genkey -r -D /etc/opendkim/keys/<DOMAINNAME> -d <DOMAINNAME> -s vps
chown opendkim:opendkim /etc/opendkim/keys -R
mkdir /var/spool/postfix/opendkim
sudo chown opendkim:postfix /var/spool/postfix/opendkim
Configuration
File: /etc/default/opendkim REPLACE
Replace existing RUNDIR with the following
RUNDIR=/var/spool/postfix/var/run/opendkim
File:/etc/opendkim.conf
Add the following to the file
Canonicalization relaxed/simple
KeyTable refile:/etc/opendkim/KeyTable
SigningTable refile:/etc/opendkim/SigningTable
ExternalIgnoreList refile:/etc/opendkim/TrustedHosts
InternalHosts refile:/etc/opendkim/TrustedHosts
File: /etc/opendkim/TrustedHosts
Add the following to the file
127.0.0.1
::1
localhost
<EXT SERVER IP>
<HOSTNAME>
<DOMAINNAME>
File: /etc/opendkim/KeyTable
Add the following to the file
vps._domainkey.<DOMAINNAME> <DOMAINNAME>:vps:/etc/opendkim/keys/<DOMAINNAME>/vps.private
File: /etc/opendkim/SigningTable
Add the following to the file
*@<DOMAINNAME> vps._domainkey.<DOMAINNAME>
File: /etc/postfix
Add the following to the file
milter_default_action = accept
milter_protocol = 2
smtpd_milters = unix:/var/run/opendkim/opendkim.sock
non_smtpd_milters = unix:/var/run/opendkim/opendkim.sock
Reload and restart services
bash /lib/opendkim/opendkim.service.generate
systemctl daemon-reload
systemctl restart opendkim postfix
DNS
SPF on host name
###SPF on Domain
Key on Domain
Get public key cat /etc/opendkim/keys/<DOMAINNAME>/vps.txt
Output example:
#Record Name Record Type
# V V
vps._domainkey IN TXT ( "v=DKIM1; h=sha256; k=rsa; s=email; "
"p=MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsyn5ZLBpT2/eRe0pCbhlpo5XtmfQ0wUFkbEY19Su4+oMdyOfYUcKgH3TA/dB537jfXf68xlpa7dyTkjtHHFun5OWUmwbuxqdlACzxajpeHDJa8VASb4Nu7fcOC2fxn2TpFN75Bai0YsGrz7UFHwGY43jkRKlQFf24fDwqPUQ+6hGd/nnbBOmiOCTOFFMcy5MS01yvWvbOczg6P"
"w6CliBEW8qdp/ChRhxjwGEJeSZuDoXt5PWMv5vvGONfRsSqPzEQJwH8bBrtmgDRlN4yM2DpW5FlggSLFwsRr2qdWR+lGosQC2a2rrvZ7QTmt6X5FsM/ZEdGsGxrwqzQpK552BpgwIDAQAB" ) ; ----- DKIM key vps for Test.com
Warning: the key is spit in two parts, combine these in to one (as shown below)
Create a dns record as vps._domainkey with folling content
Example:
v=DKIM1;h=sha256;k=rsa;s=email;p=MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsyn5ZLBpT2/eRe0pCbhlpo5XtmfQ0wUFkbEY19Su4+oMdyOfYUcKgH3TA/dB537jfXf68xlpa7dyTkjtHHFun5OWUmwbuxqdlACzxajpeHDJa8VASb4Nu7fcOC2fxn2TpFN75Bai0YsGrz7UFHwGY43jkRKlQFf24fDwqPUQ+6hGd/nnbBOmiOCTOFFMcy5MS01yvWvbOczg6Pw6CliBEW8qdp/ChRhxjwGEJeSZuDoXt5PWMv5vvGONfRsSqPzEQJwH8bBrtmgDRlN4yM2DpW5FlggSLFwsRr2qdWR+lGosQC2a2rrvZ7QTmt6X5FsM/ZEdGsGxrwqzQpK552BpgwIDAQAB;