Create DKIM for Postfix (and ADSP)

Published on Author righterLeave a comment

Install opendkim

apt-get install opendkim opendkim-tools

Config File /etc/opendkim.conf

Syslog yes
UMask 007
SOCKET inet:12345@localhost
PidFile /var/run/opendkim/
OversignHeaders From
TrustAnchorFile /usr/share/dns/root.key
UserID opendkim
SigningTable refile:/etc/opendkim/signing.table
KeyTable /etc/opendkim/key.table
SignatureAlgorithm rsa-sha256

Keys erstellen

cd /etc/opendkim
opendkim-genkey -d -b 1048 -r -s 201702
mv 201702* keys
chown opendkim:opendkim *
chmod -R go-rwx .

Insert Key in keytable -> /etc/opendkim/key.table


Restart and test

service opendkim restart

/etc/opendkim# opendkim-testkey -d -s 201702 -vvv
opendkim-testkey: using default configfile /etc/opendkim.conf
opendkim-testkey: checking key ''
opendkim-testkey: key not secure # means no real problem
opendkim-testkey: key OK # this should be ok

Put the record in DNS:

cat /etc/opendkim/keys/201702.txt
201702._domainkey IN TXT ( "v=DKIM1; k=rsa; s=email; "p=MIGiMA0GCSqGSIb3DQEBAQUAA4GQADCBjAKBhADAn6sIAiKI3Nn1uQC4V+EM4p1oihMFOF/ZPBAxoqL1WCGSy1KmuZO+UokLx11tTFnodPq93LoPE6ZNebJVB6NegbGn+7naQC3D5xBq55np6R7cXfpVU+CxqL+xXkgmpWgzCk0fhMBb5I9vddtzPqDZM011qKri/QleVEcDExs7njFGwIDAQAB" )
; ----- DKIM key 201702 for

If you want that every Mail from that domain has to have a valid DKIM signature put also the following ADSP DNS Record: IN TXT "dkim=all"


Leave a Reply

Your email address will not be published. Required fields are marked *