Setup DomainKeys Identified Mail (DKIM) in Postfix
DomainKeys Identified Mail (DKIM) is a method for email authentication that allows an organization to take responsibility for a message it has sent in a way that can be validated by a recipient. The technique is based on public-key cryptography: Responsibility is claimed by the signer by adding a digital signature to a message's header, the DKIM-Signature header field. The verifier recovers the signer's public key using the DNS, and then verifies that the signed parts have not been altered.
1. Install DKIM filter
apt-get install dkim-filter
2. Create a key for each domain verified
mkdir -p /etc/dkim/keys/domain1.com
cd /etc/dkim/keys/domain1.com
dkim-genkey -r -d domain1.com
Replace domain1.com with the domain that this mail server should authenticate using DKIM
3. Add a line for each domain to dkim-keys.conf file (pico /etc/dkim-keys.conf)
*@domain1.com:domain1.com:/etc/dkim/keys/domain1.com/default.private
Replace domain1.com with the domain that this mail server should authenticate using DKIM
4. Add a TXT record to the DNS for the domain being authenticated using DKIM. The record is automatically created and stored in /etc/dkim/keys/domain1.com/default.txt. You just need to add it to the DNS server. (cat /etc/dkim/keys/domain1.com/default.txt)
Here's a sample output:
default._domainkey IN TXT "v=DKIM1; g=*; k=rsa; p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQC8IQNYlS+8jyrbAxNsghsPrWYgOQQWI0Ab4e9MToZYLTBGI41V3Zet5Awrt19nMIUlTpuE+/YVnjP/pu3fgeYkoe6NUzp+oEcWAioQXBmx0njigac7iJ/I0naTP1xTrDacnwsTp/F+lMwGgjiHpaJA7iBmL0AfYMXlTBo5pFog2QIDAQAB" ; ----- DKIM default for domain1.com
Repeat steps 2, 3 and 4 for every domain that this server should authenticate using DKIM.
5. Uncomment line 37 to make DKIM filter use the dkim-keys.conf file to look up domains available (pico /etc/dkim-filter.conf)
KeyList /etc/dkim-keys.conf
6. Add a inet socket that Postfix can communicate with (pico /etc/default/dkim-filter)
SOCKET="inet:8891@localhost"
7. Restart DKIM filter
/etc/init.d/dkim-filter restart
8. Configure Postfix to query DKIM filter using the socket created earlier. Add these lines to main.cf (pico /etc/postfix/main.cf)
milter_default_action = accept
milter_protocol = 2
smtpd_milters = inet:localhost:8891
non_smtpd_milters = inet:localhost:8891
9. Reload Postfix config
postfix reload
Follow Us!
Share
Popular Tutorials
- Add a second hard disk
- Installing ionCube
- How to install Roundcube on squeeze
- How to upgrade to PHP 5.3 on Debian Lenny
- Installing vsftpd using text file for virtual users
- Port forwarding with iptables
- How to re-stream RTSP stream with Wowza Media Server
- Setup DomainKeys Identified Mail (DKIM) in Postfix
Donate
Support Debian Tutorials with a donation. Any amount appreciated.
Categories
- Backup (3)
- Control Panel (2)
- DNS (5)
- FTP (5)
- General (7)
- Kernel (2)
- Mail (21)
- Media (1)
- Monitoring (13)
- MySQL (16)
- Networking (5)
- PostgreSQL (1)
- Release (101)
- Security (18)
- Ubuntu (8)
- Jaunty Jackalope (8)
- Karmic Koala (8)
- Video (2)
- Virtualization (7)
- Web (29)
- X (1)
August 13th, 2010 - 07:48
Awesome tutorial.
November 1st, 2010 - 03:07
In step 2 at end you should rename default.private to default. So the key refers correctly to default._domainkey.domain.com instead of default.private._domainkey.domain.com when the DKIM test is performed
December 1st, 2010 - 22:50
Does it work for ZIMBRA too.
I tried but it failed to start.
I am running postfix from zimbra installation.
Please let me know if i’m doing anything wrong.
My error log is given below.
Restarting DKIM Filter: No /usr/sbin/dkim-filter found running; none killed.
dkim-filter: /etc/dkim/keys/americanmutualloans.com/default.: open(): No such file or directory
dkim-filter: /etc/dkim-filter.conf: key load from /etc/dkim-kets/conf failed
Starting for DKIM verification only
dkim-filter: /etc/dkim/keys/americanmutualloans.com/default.:open(): No such file or directory
dkim-filter: /etc/dkim-filter.conf: ket load from /etc/dkim-keys.conf failed.
I followed Cruz instructions to not use default.private.
ANy help is highly appreciated .
Thanks
December 2nd, 2010 - 13:38
In my previous comment it was indeed
dkim-filter: /etc/dkim-filter.conf: key load from /etc/dkim-keys/conf failed.
Just a typographical error while writing here…
Any help please come to my rescue.
Thanks……..
April 11th, 2011 - 02:47
Uncomment Line 37? Of what file? Is something missing there?
June 8th, 2011 - 10:14
@Sean: Probably in “/etc/dkim-filter.conf” since that’s what the text says
September 9th, 2011 - 03:55
thanks for the help buddy, good luck
December 17th, 2011 - 10:16
actually with debian squeeze the txt record should be:
default.private._domainkey.example.com. 3 IN TXT “v=DKIM1; g=*; k=rsa; p=…”
December 17th, 2011 - 10:17
Also a good way to check everything is working:
http://www.brandonchecketts.com/emailtest.php
March 12th, 2012 - 14:52
Thanks for a great tutorial, however for me it required some additional googling before getting everything to work. In this blog post is how I got it to work (credit to you in the end):
http://blog.tjitjing.com/index.php/2012/03/guide-to-install-opendkim-for-multiple-domains-with-postfix-and-debian.html
May 11th, 2012 - 19:28
Thanks for that tuto. I had a problem with my first domain in the dkim-keys.conf file and guess what, the file was an UTF-8 type with a BOM instead of plain Asci…
Jeeez, I almost have no more hair !