brammp/SnipitRepo
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity
Files
d76edd80bf9ef683e8bbdaab5945322585d246eb
SnipitRepo/Linux/SetupDkimPostfix.md
Bram Prieshof 4f7b8491d8 Adde snippits
2023-05-21 17:35:15 +02:00

93 lines
3.0 KiB
Markdown
Raw Blame History

# Setup postfix to add DKIM Signature to mails send by system
## Prerequisites
* Postfix (configured using Web-V2 if possible)
## Setup
```
apt install opendkim opendkim-tools -y
adduser postfix opendkim
sudo --user opendkim mkdir /etc/opendkim/keys/<DOMAINNAME>
sudo --user opendkim opendkim-genkey -r -D /etc/opendkim/keys/<DOMAINNAME> -d <DOMAINNAME> -s vps
chown opendkim:opendkim /etc/opendkim/keys -R
mkdir /var/spool/postfix/opendkim
sudo chown opendkim:postfix /var/spool/postfix/opendkim
```
## Configuration
### File: /etc/default/opendkim REPLACE
Replace existing `RUNDIR` with the following
```
RUNDIR=/var/spool/postfix/var/run/opendkim
```
### File:/etc/opendkim.conf
Add the following to the file
```
Canonicalization relaxed/simple
KeyTable refile:/etc/opendkim/KeyTable
SigningTable refile:/etc/opendkim/SigningTable
ExternalIgnoreList refile:/etc/opendkim/TrustedHosts
InternalHosts refile:/etc/opendkim/TrustedHosts
```
### File: /etc/opendkim/TrustedHosts
Add the following to the file
```
127.0.0.1
::1
localhost
<EXT SERVER IP>
<HOSTNAME>
<DOMAINNAME>
```
### File: /etc/opendkim/KeyTable
Add the following to the file
```
vps._domainkey.<DOMAINNAME> <DOMAINNAME>:vps:/etc/opendkim/keys/<DOMAINNAME>/vps.private
```
### File: /etc/opendkim/SigningTable
Add the following to the file
```
*@<DOMAINNAME> vps._domainkey.<DOMAINNAME>
```
### File: /etc/postfix
Add the following to the file
```
milter_default_action = accept
milter_protocol = 2
smtpd_milters = unix:/var/run/opendkim/opendkim.sock
non_smtpd_milters = unix:/var/run/opendkim/opendkim.sock
```
## Reload and restart services
```
bash /lib/opendkim/opendkim.service.generate
systemctl daemon-reload
systemctl restart opendkim postfix
```
## DNS
### SPF on host name
###SPF on Domain
### Key on Domain
Get public key `cat /etc/opendkim/keys/<DOMAINNAME>/vps.txt`
Output example:
```
#Record Name Record Type
# V V
vps._domainkey IN TXT ( "v=DKIM1; h=sha256; k=rsa; s=email; "
"p=MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsyn5ZLBpT2/eRe0pCbhlpo5XtmfQ0wUFkbEY19Su4+oMdyOfYUcKgH3TA/dB537jfXf68xlpa7dyTkjtHHFun5OWUmwbuxqdlACzxajpeHDJa8VASb4Nu7fcOC2fxn2TpFN75Bai0YsGrz7UFHwGY43jkRKlQFf24fDwqPUQ+6hGd/nnbBOmiOCTOFFMcy5MS01yvWvbOczg6P"
"w6CliBEW8qdp/ChRhxjwGEJeSZuDoXt5PWMv5vvGONfRsSqPzEQJwH8bBrtmgDRlN4yM2DpW5FlggSLFwsRr2qdWR+lGosQC2a2rrvZ7QTmt6X5FsM/ZEdGsGxrwqzQpK552BpgwIDAQAB" ) ; ----- DKIM key vps for Test.com
```
Warning: the key is spit in two parts, combine these in to one (as shown below)
Create a dns record as vps._domainkey with folling content
Example:
```
v=DKIM1;h=sha256;k=rsa;s=email;p=MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsyn5ZLBpT2/eRe0pCbhlpo5XtmfQ0wUFkbEY19Su4+oMdyOfYUcKgH3TA/dB537jfXf68xlpa7dyTkjtHHFun5OWUmwbuxqdlACzxajpeHDJa8VASb4Nu7fcOC2fxn2TpFN75Bai0YsGrz7UFHwGY43jkRKlQFf24fDwqPUQ+6hGd/nnbBOmiOCTOFFMcy5MS01yvWvbOczg6Pw6CliBEW8qdp/ChRhxjwGEJeSZuDoXt5PWMv5vvGONfRsSqPzEQJwH8bBrtmgDRlN4yM2DpW5FlggSLFwsRr2qdWR+lGosQC2a2rrvZ7QTmt6X5FsM/ZEdGsGxrwqzQpK552BpgwIDAQAB;
```
Reference in New Issue View Git Blame Copy Permalink