No edit summary |
No edit summary |
||
(13 intermediate revisions by the same user not shown) | |||
Line 1: | Line 1: | ||
To setup open dkim a couple of steps have to be made to install and configure the service and get it running. The example domain is noordwijk.nl, change it to yours. | To setup open dkim a couple of steps have to be made to install and configure the service and get it running. The example domain is noordwijk.nl, change it to yours.<br> | ||
- | |||
First, get the package installed, using debian as OS here. <br> | |||
<code> | |||
sudo apt-get install opendkim | |||
</code> | |||
<br> | |||
Create some dirs and set ownership <br> | |||
<code> | |||
mkdir /etc/dkimkeys | mkdir /etc/dkimkeys | ||
chown opendkim.opendkim /etc/dkimkeys | chown opendkim.opendkim /etc/dkimkeys | ||
</code> | |||
<br> | |||
A key needs to be generated per domain<br> | |||
<code> | <code> | ||
sudo -u opendkim opendkim-genkey -D /etc/dkimkeys -d noordwijk.nl -s 2020 | sudo -u opendkim opendkim-genkey -D /etc/dkimkeys -d noordwijk.nl -s 2020 | ||
</code> | |||
<pre> | |||
Domain noordwijk.nl | Domain noordwijk.nl | ||
Selector 2020 | Selector 2020 | ||
KeyFile /etc/dkimkeys/2020.private | KeyFile /etc/dkimkeys/2020.private | ||
Socket inet:8891@localhost | Socket inet:8891@localhost | ||
</pre> | |||
Make a backup of the original config<br> | |||
<code> | |||
cp -rp /etc/postfix/main.cf /etc/postfix/main.cf_bak | cp -rp /etc/postfix/main.cf /etc/postfix/main.cf_bak | ||
</code><br> | |||
Add the new config parts<br> | |||
<code> | |||
vi /etc/postfix/main.cf | vi /etc/postfix/main.cf | ||
</code> | |||
<pre> | |||
smtpd_milters = inet:localhost:8891 | smtpd_milters = inet:localhost:8891 | ||
non_smtpd_milters = $smtpd_milters | non_smtpd_milters = $smtpd_milters | ||
</pre><br> | |||
Restart services to activate<br> | |||
<code> | |||
systemctl restart opendkim | systemctl restart opendkim | ||
</code> | </code> | ||
<code> | |||
systemctl restart postfix | |||
</code><br> | |||
Following text record needs to go into the DNS Zonefile<br> | |||
<code>user@host:~# cat /etc/dkimkeys/2020.txt</code><br> | |||
<pre> | |||
2020._domainkey IN TXT ( "v=DKIM1; k=rsa; "p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCqcS4IGfYnGeToHq7lziTCithEA5esxonnQjtp8hbVSGNDXeAAXQvdzg34QkpS/GCtsRa28XmnTw451dUDei/IE3CUrVet4SaYurERKzpwoBHyAMGCQgqgUzhGXpAOcL50XHXTtjZ9h1rdwyfTlg9YNosXrEXyF7Rt5YJOa/n3UQIDAQAB" ) ; ----- DKIM key 2020 for noordwijk.nl | |||
</pre><br> | |||
Put the keys in the keytable<br> | |||
<code> | |||
vi /etc/dkimkeys/keytable | |||
</code><br> | |||
<pre> | |||
2020._domainkey.noordwijk.nl noordwijk.nl:2020:/etc/dkimkeys/2020.private | |||
2022._domainkey.lostlemon.nl lostlemon.nl:2022:/etc/dkimkeys/2022.private | |||
</pre><br> | |||
Create the signingtable<br> | |||
<code> | |||
vi /etc/dkimkeys/signingtable | |||
</code><br> | |||
<pre> | |||
*@lostlemon.nl 2022._domainkey.lostlemon.nl | |||
*@test03lostlemon.nl 2022._domainkey.lostlemon.nl | |||
*@noordwijk.nl 2020._domainkey.noordwijk.nl | |||
</pre> | |||
<br> | |||
<code> | Decide which hosts are allowed, localhost has to be included!<br> | ||
<code> | |||
vi /etc/dkimkeys/trustedhosts | |||
</code><br> | |||
<pre> | |||
127.0.0.1/8 | |||
85.90.72.92/27 | |||
172.16.1.1/24 | |||
</pre><br> | |||
Have OpenDkim allowing domains<br> | |||
<code> | <code> | ||
vi /etc/opendkim/opendkim.conf | |||
</code><br> | |||
<pre> | |||
KeyTable file:/etc/dkimkeys/keytable | |||
SigningTable refile:/etc/dkimkeys/signingtable | |||
InternalHosts refile:/etc/dkimkeys/trustedhosts | |||
</pre><br> | |||
[[E-Mail]] <br> | |||
[[SystemAdministration]] <br> | |||
[[Category:E-Mail]] <br> | |||
< | [[Category:SystemAdministration]] <br> |
Latest revision as of 13:49, 6 May 2020
To setup open dkim a couple of steps have to be made to install and configure the service and get it running. The example domain is noordwijk.nl, change it to yours.
First, get the package installed, using debian as OS here.
sudo apt-get install opendkim
Create some dirs and set ownership
mkdir /etc/dkimkeys
chown opendkim.opendkim /etc/dkimkeys
A key needs to be generated per domain
sudo -u opendkim opendkim-genkey -D /etc/dkimkeys -d noordwijk.nl -s 2020
Domain noordwijk.nl Selector 2020 KeyFile /etc/dkimkeys/2020.private Socket inet:8891@localhost
Make a backup of the original config
cp -rp /etc/postfix/main.cf /etc/postfix/main.cf_bak
Add the new config parts
vi /etc/postfix/main.cf
smtpd_milters = inet:localhost:8891 non_smtpd_milters = $smtpd_milters
Restart services to activate
systemctl restart opendkim
systemctl restart postfix
Following text record needs to go into the DNS Zonefile
user@host:~# cat /etc/dkimkeys/2020.txt
2020._domainkey IN TXT ( "v=DKIM1; k=rsa; "p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCqcS4IGfYnGeToHq7lziTCithEA5esxonnQjtp8hbVSGNDXeAAXQvdzg34QkpS/GCtsRa28XmnTw451dUDei/IE3CUrVet4SaYurERKzpwoBHyAMGCQgqgUzhGXpAOcL50XHXTtjZ9h1rdwyfTlg9YNosXrEXyF7Rt5YJOa/n3UQIDAQAB" ) ; ----- DKIM key 2020 for noordwijk.nl
Put the keys in the keytable
vi /etc/dkimkeys/keytable
2020._domainkey.noordwijk.nl noordwijk.nl:2020:/etc/dkimkeys/2020.private 2022._domainkey.lostlemon.nl lostlemon.nl:2022:/etc/dkimkeys/2022.private
Create the signingtable
vi /etc/dkimkeys/signingtable
*@lostlemon.nl 2022._domainkey.lostlemon.nl *@test03lostlemon.nl 2022._domainkey.lostlemon.nl *@noordwijk.nl 2020._domainkey.noordwijk.nl
Decide which hosts are allowed, localhost has to be included!
vi /etc/dkimkeys/trustedhosts
127.0.0.1/8 85.90.72.92/27 172.16.1.1/24
Have OpenDkim allowing domains
vi /etc/opendkim/opendkim.conf
KeyTable file:/etc/dkimkeys/keytable SigningTable refile:/etc/dkimkeys/signingtable InternalHosts refile:/etc/dkimkeys/trustedhosts