OpenDKIM

August 17, 2018 (Last Modified: August 18, 2018) Mailserver

Installation

pacman -S opendkim mkdir /etc/postfix/dkim chown root:opendkim /etc/postfix/dkim -R

Create config

/etc/opendkim/opendkim.conf

AutoRestart             Yes
AutoRestartRate         10/1h
UMask                   002
Syslog                  yes
SyslogSuccess           Yes
LogWhy                  Yes
SendReports    		yes
SoftwareHeader    	yes
Selector    		mail

Canonicalization        relaxed/simple

ExternalIgnoreList      refile:/etc/postfix/dkim/TrustedHosts
InternalHosts           refile:/etc/postfix/dkim/TrustedHosts
KeyTable                refile:/etc/postfix/dkim/KeyTable
SigningTable            refile:/etc/postfix/dkim/SigningTable

Mode                    sv
SignatureAlgorithm      rsa-sha256

UserID                  opendkim:opendkim

Socket                  inet:12301@localhost

OversignHeaders		From

Add Dkim to Postfix

/etc/postfix/main.cf

# DKIM
milter_default_action 			= accept
non_smtpd_milters 			= inet:localhost:12301
smtpd_milters 				= inet:localhost:12301

Create directory for socket

mkdir /var/run/opendkim chown opendkim:opendkim /var/run/opendkim

Create Dkim key

opendkim-genkey -r -s mail -b 2048 -d <domain>

Create Dkim config

/etc/postfix/dkim/TrustedHosts

127.0.0.1
::1
<mail-server-domain>
<server-ip>/32

/etc/postfix/dkim/KeyTable

mail._domainkey.<domain> <domain>;:mail:/etc/postfix/dkim/keys/mail.private

/etc/postifx/dkim/SigningTable

*@<domain> mail._domainkey.<domain>;

Generate keys

in /etc/postfix/dkim/keys/

opendkim-genkey -t -s mail -d <domain>

Add Dkim to Nameserver

/etc/postfix/dkim/key/<domain>.txt Something like this mail._domainkey IN TXT ( “v=DKIM1; k=rsa; t=y;” “p=<your_key>” ) ; —– DKIM key mail for domain

Check DKIM

host -t TXT mail._domainkey.<domain>