Anonymous
×
Create a new article
Write your page title here:
We currently have 27 articles on PhenixOps. Type your article name above or click on one of the titles below and start writing!



PhenixOps
PhenixOps
27Articles

OpenDkim: Difference between revisions

No edit summary
No edit summary
 
(11 intermediate revisions by the same user not shown)
Line 1: Line 1:
To setup open dkim a couple of steps have to be made to install and configure the service and get it running. The example domain is noordwijk.nl, change it to yours.<br>
To setup open dkim a couple of steps have to be made to install and configure the service and get it running. The example domain is noordwijk.nl, change it to yours.<br>


First, get the package installed, using debian as OS here. <br>
<code>
sudo apt-get install opendkim
</code>
<br>
Create some dirs and set ownership <br>
<code>
<code>
mkdir /etc/dkimkeys
mkdir /etc/dkimkeys
Line 31: Line 38:
non_smtpd_milters = $smtpd_milters
non_smtpd_milters = $smtpd_milters
</pre><br>
</pre><br>
Restart services to activate<br>
Restart services to activate<br>
<code>
<code>
Line 40: Line 46:
</code><br>
</code><br>


Following text record needs to go into the DNS Zonefile
Following text record needs to go into the DNS Zonefile<br>
<code>user@host:~# cat /etc/dkimkeys/2020.txt</code><br>
<code>user@host:~# cat /etc/dkimkeys/2020.txt</code><br>
<pre>
<pre>
2020._domainkey IN      TXT    ( "v=DKIM1; k=rsa; "p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCqcS4IGfYnGeToHq7lziTCithEA5esxonnQjtp8hbVSGNDXeAAXQvdzg34QkpS/GCtsRa28XmnTw451dUDei/IE3CUrVet4SaYurERKzpwoBHyAMGCQgqgUzhGXpAOcL50XHXTtjZ9h1rdwyfTlg9YNosXrEXyF7Rt5YJOa/n3UQIDAQAB" )  ; ----- DKIM key 2020 for noordwijk.nl
2020._domainkey IN      TXT    ( "v=DKIM1; k=rsa; "p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCqcS4IGfYnGeToHq7lziTCithEA5esxonnQjtp8hbVSGNDXeAAXQvdzg34QkpS/GCtsRa28XmnTw451dUDei/IE3CUrVet4SaYurERKzpwoBHyAMGCQgqgUzhGXpAOcL50XHXTtjZ9h1rdwyfTlg9YNosXrEXyF7Rt5YJOa/n3UQIDAQAB" )  ; ----- DKIM key 2020 for noordwijk.nl
</pre>
</pre><br>
<br>
 
Put the keys in the keytabble
Put the keys in the keytable<br>
<cpre>
<code>
vi /etc/dkimkeys/keytable
vi /etc/dkimkeys/keytable
</code><br>
<pre>
2020._domainkey.noordwijk.nl noordwijk.nl:2020:/etc/dkimkeys/2020.private
2020._domainkey.noordwijk.nl noordwijk.nl:2020:/etc/dkimkeys/2020.private
2022._domainkey.lostlemon.nl lostlemon.nl:2022:/etc/dkimkeys/2022.private
2022._domainkey.lostlemon.nl lostlemon.nl:2022:/etc/dkimkeys/2022.private
</pre>
</pre><br>
<br>


Create the signingtable <br>
Create the signingtable<br>
vi /etc/dkimkeys/signingtable<br>
<code>
vi /etc/dkimkeys/signingtable
</code><br>
<pre>
<pre>
*@lostlemon.nl 2022._domainkey.lostlemon.nl
*@lostlemon.nl 2022._domainkey.lostlemon.nl
Line 63: Line 72:
<br>
<br>


Decide which hosts are allwoed, localhost has to be included!<br>
Decide which hosts are allowed, localhost has to be included!<br>
<code>
<code>
vi /etc/dkimkeys/trustedhosts
vi /etc/dkimkeys/trustedhosts
</code><br>
<pre>
127.0.0.1/8
127.0.0.1/8
85.90.72.92/27
85.90.72.92/27
172.16.1.1/24
172.16.1.1/24
</code>
</pre><br>


<br>
Have OpenDkim allowing domains<br>
Have OpenDkim allowing domains<br>
<code>
<code>
vi /etc/opendkim/opendkim.conf
</code><br>
<pre>
KeyTable file:/etc/dkimkeys/keytable
KeyTable file:/etc/dkimkeys/keytable
SigningTable refile:/etc/dkimkeys/signingtable  
SigningTable refile:/etc/dkimkeys/signingtable  
InternalHosts refile:/etc/dkimkeys/trustedhosts
InternalHosts refile:/etc/dkimkeys/trustedhosts
</code>
</pre><br>
<br>
 
[[E-Mail]] <br>
[[SystemAdministration]] <br>
 
[[Category:E-Mail]] <br>
[[Category:SystemAdministration]] <br>

Latest revision as of 13:49, 6 May 2020

To setup open dkim a couple of steps have to be made to install and configure the service and get it running. The example domain is noordwijk.nl, change it to yours.

First, get the package installed, using debian as OS here.
sudo apt-get install opendkim

Create some dirs and set ownership
mkdir /etc/dkimkeys chown opendkim.opendkim /etc/dkimkeys

A key needs to be generated per domain
sudo -u opendkim opendkim-genkey -D /etc/dkimkeys -d noordwijk.nl -s 2020 

Domain                  noordwijk.nl
Selector                2020
KeyFile                 /etc/dkimkeys/2020.private
Socket                  inet:8891@localhost

Make a backup of the original config
cp -rp /etc/postfix/main.cf /etc/postfix/main.cf_bak

Add the new config parts
vi /etc/postfix/main.cf 

smtpd_milters = inet:localhost:8891
non_smtpd_milters = $smtpd_milters


Restart services to activate
systemctl restart opendkim systemctl restart postfix

Following text record needs to go into the DNS Zonefile
user@host:~# cat /etc/dkimkeys/2020.txt

2020._domainkey IN      TXT     ( "v=DKIM1; k=rsa; "p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCqcS4IGfYnGeToHq7lziTCithEA5esxonnQjtp8hbVSGNDXeAAXQvdzg34QkpS/GCtsRa28XmnTw451dUDei/IE3CUrVet4SaYurERKzpwoBHyAMGCQgqgUzhGXpAOcL50XHXTtjZ9h1rdwyfTlg9YNosXrEXyF7Rt5YJOa/n3UQIDAQAB" )  ; ----- DKIM key 2020 for noordwijk.nl


Put the keys in the keytable
vi /etc/dkimkeys/keytable 

2020._domainkey.noordwijk.nl noordwijk.nl:2020:/etc/dkimkeys/2020.private
2022._domainkey.lostlemon.nl lostlemon.nl:2022:/etc/dkimkeys/2022.private


Create the signingtable
vi /etc/dkimkeys/signingtable 

*@lostlemon.nl 2022._domainkey.lostlemon.nl
*@test03lostlemon.nl 2022._domainkey.lostlemon.nl
*@noordwijk.nl 2020._domainkey.noordwijk.nl


Decide which hosts are allowed, localhost has to be included!
vi /etc/dkimkeys/trustedhosts 

127.0.0.1/8
85.90.72.92/27
172.16.1.1/24


Have OpenDkim allowing domains
vi /etc/opendkim/opendkim.conf 

KeyTable file:/etc/dkimkeys/keytable
SigningTable refile:/etc/dkimkeys/signingtable 
InternalHosts refile:/etc/dkimkeys/trustedhosts


E-Mail
SystemAdministration


Retrieved from "https://www.phenixops.net/index.php?title=OpenDkim&oldid=304"