Create DKIM for Postfix (and ADSP)

Published on Author righterLeave a comment

Install opendkim

apt-get install opendkim opendkim-tools

Config File /etc/opendkim.conf

Syslog yes
UMask 007
SOCKET inet:12345@localhost
PidFile /var/run/opendkim/opendkim.pid
OversignHeaders From
TrustAnchorFile /usr/share/dns/root.key
UserID opendkim
SigningTable refile:/etc/opendkim/signing.table
KeyTable /etc/opendkim/key.table
SignatureAlgorithm rsa-sha256

Keys erstellen

cd /etc/opendkim
opendkim-genkey -d righter.ch -b 1048 -r -s 201702
mv 201702* keys
chown opendkim:opendkim *
chmod -R go-rwx .

Insert Key in keytable -> /etc/opendkim/key.table

righter righter.ch:201702:/etc/opendkim/keys/201702.private

Restart and test

service opendkim restart

/etc/opendkim# opendkim-testkey -d righter.ch -s 201702 -vvv
opendkim-testkey: using default configfile /etc/opendkim.conf
opendkim-testkey: checking key '201702._domainkey.righter.ch'
opendkim-testkey: key not secure # means no real problem
opendkim-testkey: key OK # this should be ok

Put the record in DNS:

cat /etc/opendkim/keys/201702.txt
201702._domainkey IN TXT ( "v=DKIM1; k=rsa; s=email; "p=MIGiMA0GCSqGSIb3DQEBAQUAA4GQADCBjAKBhADAn6sIAiKI3Nn1uQC4V+EM4p1oihMFOF/ZPBAxoqL1WCGSy1KmuZO+UokLx11tTFnodPq93LoPE6ZNebJVB6NegbGn+7naQC3D5xBq55np6R7cXfpVU+CxqL+xXkgmpWgzCk0fhMBb5I9vddtzPqDZM011qKri/QleVEcDExs7njFGwIDAQAB" )
; ----- DKIM key 201702 for righter.ch

If you want that every Mail from that domain has to have a valid DKIM signature put also the following ADSP DNS Record:

_adsp._domainkey.righter.ch. IN TXT "dkim=all"

Checks
* http://dkimvalidator.com/
* https://www.mail-tester.com/
* http://isnotspam.com/

Leave a Reply

Your email address will not be published. Required fields are marked *