edoceo

How To: Installing and Configuring OpenDKIM for multiple domains with Postfix on Linux

Installing OpenDKIM on Linux and connectcing to Postfix for multiple domains

apt-get install opendkim
emerge -av opendkim  USE="berkdb gnutls -ldap -lua -opendbx -poll sasl ssl -static-libs -unbound"
yum install opendkim

Configuring OpenDKIM

OpenDKIM is super simple to get configured. The entire configuration is stored in files in /etc/opendkim, starting with opendkim.conf

LogWhy           Yes
Syslog           yes
SyslogSuccess    yes
Socket           inet:8891@localhost
ReportAddress    root@domain.tld
SendReports      yes
UserID           milter
PidFile          /var/run/opendkim/opendkim.pid

Mode             s
Canonicalizatio  relaxed/simple
Statistics       /var/lib/opendkim/stats.dat

Domain			domain.tld
KeyFile			/etc/opendkim/domain.tld.key
Selector		mail

ExternalIgnoreList file:/etc/opendkim/TrustedHostList.txt
InternalHosts      file:/etc/opendkim/TrustedHostList.txt

# KeyFile /etc/opendkim/KeyFile.txt

Generate Keys

opendkim-genkey --domain=example.com --selector=mail --verbose

This will produce two files named mail.private and mail.txt. Rename them to something more meaningfull.

mv mail.private example.com.key
mv mail.txt example.com.dns

Update the DNS

Once you have the keys from the above command you'll need to update the DNS. The value of the TXT record should be this, the host part is using $selector._domainkey. The Key Data will be a very long string of Base64 encoded bits.

mail._domainkey TXT v=DKIM1; k=rsa; p=[Key Data Here]

Once this is entered, you'l want to want to wait a bit for the DNS system to catch up.

Trusted Hosts

Create a file of hosts that DKIM should trust, one per line and comments are allowed. Here are example contents for our domain.

#
# External Hosts that OpenDKIM will Trust

edoceo.com
gcdn.org
he.edoceo.com
s001.edoceo.com

Multiple Domains

KeyFile: /etc/opendkim/KeyFile.txt
# $sender-pattern:$signing-domain:$keypath
*@domainA.com:domainA.com:/etc/opendkim/domainA.com.key
*@domainB.com:domainB.com:/etc/opendkim/domainB.com.key
*@domainC.com:domainC.com:/etc/opendkim/domainC.com.key

Update Signing Table

*@domainA.com mail._domainkey.domainA.com
*@domainB.com mail._domainkey.domainB.com

Connecting Postfix

Update main.cf to point to the OpenDKIM service.

#
# Add the DKIM milter
milter_default_action = accept
milter_protocol = 2
smtpd_milters = inet:localhost:8891
non_smtpd_milters = inet:localhost:8891

See Also

Loading Comments from Disqus...