Installing OpenDKIM on Linux and connectcing to Postfix for multiple domains

apt-get install opendkim
emerge -av opendkim  USE="berkdb gnutls -ldap -lua -opendbx -poll sasl ssl -static-libs -unbound"
yum install opendkim

Configuring OpenDKIM

OpenDKIM is super simple to get configured. The entire configuration is stored in files in /etc/opendkim, starting with opendkim.conf

LogWhy           Yes
Syslog           yes
SyslogSuccess    yes
Socket           inet:8891@localhost
ReportAddress    root@domain.tld
SendReports      yes
UserID           milter
PidFile          /var/run/opendkim/

Mode             s
Canonicalizatio  relaxed/simple
Statistics       /var/lib/opendkim/stats.dat

Domain			domain.tld
KeyFile			/etc/opendkim/domain.tld.key
Selector		mail

ExternalIgnoreList file:/etc/opendkim/TrustedHostList.txt
InternalHosts      file:/etc/opendkim/TrustedHostList.txt

# KeyFile /etc/opendkim/KeyFile.txt

Generate Keys

opendkim-genkey --selector=mail --verbose

This will produce two files named mail.private and mail.txt. Rename them to something more meaningfull.

mv mail.private
mv mail.txt

Update the DNS

Once you have the keys from the above command you'll need to update the DNS. The value of the TXT record should be this, the host part is using $selector._domainkey. The Key Data will be a very long string of Base64 encoded bits.

mail._domainkey TXT v=DKIM1; k=rsa; p=[Key Data Here]

Once this is entered, you'l want to want to wait a bit for the DNS system to catch up.

Trusted Hosts

Create a file of hosts that DKIM should trust, one per line and comments are allowed. Here are example contents for our domain.

# External Hosts that OpenDKIM will Trust

Multiple Domains

KeyFile: /etc/opendkim/KeyFile.txt
# $sender-pattern:$signing-domain:$keypath

Update Signing Table


Connecting Postfix

Update to point to the OpenDKIM service.

# Add the DKIM milter
milter_default_action = accept
milter_protocol = 2
smtpd_milters = inet:localhost:8891
non_smtpd_milters = inet:localhost:8891

See Also