1) Get the rpmforge repo and install it.
# wget http://pkgs.repoforge.org/rpmforge-release/rpmforge-release-0.5.2-2.el6.rf.x86_64.rpm
# rpm -ivh rpmforge-release-0.5.2-2.el6.rf.x86_64.rpm
# yum install opendkim postfix
2) stop sendmail and remove from auto start.
# /etc/init.d/sendmail stop# chkconfig remove sendmail
3) add postfix and opendkim to the autostart pool
# chkconfig postfix on# chkconfig opendkim on
4) configure postfix.
# vi /etc/postfix/main.cf
configuration options: change the following or comment out the existing and add accordingly.
myhostname = server.yourdomainname.com ( your server hostname )mydomain = yourdomainname.commyorigin = $mydomaininet_interfaces = allmydestination = $myhostname, localhost.$mydomain, localhost, $mydomainhome_mailbox = Maildir/
Add the following for DKIM in postfix main.cf
smtpd_milters = inet:localhost:8891non_smtpd_milters = $smtpd_miltersmilter_default_action = acceptmilter_protocol = 2
5) configure Opendkim
Configuration files of OpenDKIM
1. /etc/opendkim.conf – OpenDKIM’s main configuration file
2. /etc/opendkim/KeyTable – a list of keys available for signing
3. /etc/opendkim/SigningTable – a list of domains and accounts allowed to sign
4. /etc/init.d/opendkim — Service start up file.
# vi /etc/opendkim.conf
Configuration options:
PidFile /var/run/opendkim/opendkim.pidMode svCanonicalization relaxed/simpleSyslog yesSyslogSuccess yesLogWhy yesUserID opendkim:opendkimSocket inet:8891@localhostUmask 002Selector defaultKeyTable refile:/etc/opendkim/KeyTableSigningTable refile:/etc/opendkim/SigningTableExternalIgnoreList refile:/etc/opendkim/TrustedHostsInternalHosts refile:/etc/opendkim/TrustedHosts
# cd /etc/opendkim
We will create the public and private keys now.
# cd keys# mkdir yourdomainname.com; cd yourdomainname.com# opendkim-genkey -d yourdomainname.com -s default
here -d denotes your domain and -s is for selector.
# chown opendkim.opendkim ../yourdomainname.com -R
# cd ..# vi KeyTable
default._domainkey.yourdomainname.com yourdomainname.com:default:/etc/opendkim/keys/yourdomainname.com/default.private
# vi SigningTable
*@yourdomainname.com default._domainkey.yourdomainname.com
# vi TrustedHosts
127.0.0.1localhostserver.yourdomainname.comyourdomainname.com
Note: ensure that localhost is mentioned in TrustedHosts file.
Now we are ready to test this. Start opendkim first and then postfix.
# /etc/init.d/opendkim start# /etc/init.d/postfix start
Ensure that OpenDKIM logs has written on mail log file. This is the only file where you ca see any issue with the opendkim errors.
# tail -f /var/log/maillog
Sep 20 09:43:50 server opendkim[8535]: OpenDKIM Filter v2.5.2 starting (args: -x /etc/opendkim.conf -P /var/run/opendkim/opendkim.pid)
Add the DNS records to your domain name. You can get the public dns record from the following file. This is TXT record.
# cat /etc/opendkim/keys/mydomain.com/default.txt
ensure to add a "k" ahead of ;=rsa; by default it will be without k, after the mentioned changes the dns record will have ;k=rsa;
default._domainkey IN TXT "v=DKIM1;k=rsa; p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDJmb2F+hGx+/1Y4dadbsTzg/thhJVsZHT5chFhaoZH6SMALX6J9IIIPSW3NRsap/mUQQ5GVG9IHIBfpAsIJr8CILOVcqAWQbG5XTn9Sk1p76abg3tyR01rhSTG2CljLmkNAPqOSrE5uUEXRq1T+eGhS1EVHFWmQ5lF8ZAyoyEHewIDAQAB" ; ----- DKIM default for yourdomainname.com
Important : Don’t forget to set SPF record that may boost the email delivery.
Send out a test email and verify.
# echo " This is a test mail " | mail -s "OpenDKIM test mail" mygmail@gmail.com
If everything goes well you see a messages “DKIM-Singnature header added” in mail log.
# tail -f /var/log/messages
Sep 20 09:47:33 server opendkim[8535]: 33040108639: DKIM-Signature header added (s=default, d=yourdomainname.com)Sep 20 09:47:33 server postfix/qmgr[2390]: 33040108639: from=, size=3016, nrcpt=1 (queue active) Sep 20 09:47:33 server sendmail[8671]: q8KDlXa9008671: to=mygmail@gmail.com, ctladdr=user@yourdomainname.com (503/503), delay=00:00:00, xdelay=00:00:00, mailer=relay, pri=32554, relay=[127.0.0.1] [127.0.0.1], dsn=2.0.0, stat=Sent (Ok: queued as 33040108639)Sep 20 09:47:33 server postfix/smtpd[8636]: disconnect from GF-P-server.yourserver.com[127.0.0.1]Sep 20 09:47:34 server postfix/smtp[8642]: 33040108639: to=, relay=mailin-04.mx.aol.com[205.188.146.194]:25, delay=1.3, delays=0.1/0/0.24/0.95, dsn=2.0.0, status=sent (250 2.0.0 Ok: queued as 05217380000B9) Sep 20 09:47:34 server postfix/qmgr[2390]: 33040108639: remove
Check the email header for confirmation : you should see dkim= pass
Hope this helps :)
