No edit summary |
No edit summary |
||
Line 6: | Line 6: | ||
</code> | </code> | ||
<br> | <br> | ||
A key needs to be generated per domain<br> | |||
<code> | <code> | ||
sudo -u opendkim opendkim-genkey -D /etc/dkimkeys -d noordwijk.nl -s 2020 | sudo -u opendkim opendkim-genkey -D /etc/dkimkeys -d noordwijk.nl -s 2020 | ||
</code> | |||
<pre> | |||
Domain noordwijk.nl | Domain noordwijk.nl | ||
Selector 2020 | Selector 2020 | ||
KeyFile /etc/dkimkeys/2020.private | KeyFile /etc/dkimkeys/2020.private | ||
Socket inet:8891@localhost | Socket inet:8891@localhost | ||
</ | </pre> | ||
Make a backup of the original config<br> | |||
Make a backup of the original config | |||
<br> | |||
<code> | <code> | ||
cp -rp /etc/postfix/main.cf /etc/postfix/main.cf_bak | cp -rp /etc/postfix/main.cf /etc/postfix/main.cf_bak | ||
</code> | </code><br> | ||
<br> | |||
Add the new config parts | Add the new config parts<br> | ||
<code> | <code> | ||
vi /etc/postfix/main.cf | vi /etc/postfix/main.cf | ||
</code> | |||
<pre> | |||
smtpd_milters = inet:localhost:8891 | smtpd_milters = inet:localhost:8891 | ||
non_smtpd_milters = $smtpd_milters | non_smtpd_milters = $smtpd_milters | ||
</ | </pre><br> | ||
Restart services to activate<br> | |||
<code> | <code> | ||
systemctl restart opendkim | systemctl restart opendkim | ||
</code> | |||
<code> | |||
systemctl restart postfix | systemctl restart postfix | ||
</code> | </code><br> | ||
Following text record needs to go into the DNS Zonefile | Following text record needs to go into the DNS Zonefile | ||
<code>user@host:~# cat /etc/dkimkeys/2020.txt</code><br> | |||
<pre> | |||
2020._domainkey IN TXT ( "v=DKIM1; k=rsa; "p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCqcS4IGfYnGeToHq7lziTCithEA5esxonnQjtp8hbVSGNDXeAAXQvdzg34QkpS/GCtsRa28XmnTw451dUDei/IE3CUrVet4SaYurERKzpwoBHyAMGCQgqgUzhGXpAOcL50XHXTtjZ9h1rdwyfTlg9YNosXrEXyF7Rt5YJOa/n3UQIDAQAB" ) ; ----- DKIM key 2020 for noordwijk.nl | |||
</pre> | |||
<br> | |||
Put the keys in the keytabble | |||
<cpre> | |||
vi /etc/dkimkeys/keytable | |||
2020._domainkey.noordwijk.nl noordwijk.nl:2020:/etc/dkimkeys/2020.private | |||
2022._domainkey.lostlemon.nl lostlemon.nl:2022:/etc/dkimkeys/2022.private | |||
</pre> | |||
<br> | |||
< | Create the signingtable <br> | ||
vi /etc/dkimkeys/signingtable<br> | |||
<pre> | |||
*@lostlemon.nl 2022._domainkey.lostlemon.nl | |||
*@test03lostlemon.nl 2022._domainkey.lostlemon.nl | |||
*@noordwijk.nl 2020._domainkey.noordwijk.nl | |||
</pre> | |||
<br> | |||
Decide which hosts are allwoed, localhost has to be included!<br> | |||
<code> | <code> | ||
vi /etc/dkimkeys/trustedhosts | |||
127.0.0.1/8 | |||
85.90.72.92/27 | |||
172.16.1.1/24 | |||
</code> | |||
<br> | |||
Have OpenDkim allowing domains<br> | |||
<code> | |||
KeyTable file:/etc/dkimkeys/keytable | |||
SigningTable refile:/etc/dkimkeys/signingtable | |||
InternalHosts refile:/etc/dkimkeys/trustedhosts | |||
</code> | </code> | ||
<br> |
Revision as of 13:18, 16 April 2020
To setup open dkim a couple of steps have to be made to install and configure the service and get it running. The example domain is noordwijk.nl, change it to yours.
mkdir /etc/dkimkeys
chown opendkim.opendkim /etc/dkimkeys
A key needs to be generated per domain
sudo -u opendkim opendkim-genkey -D /etc/dkimkeys -d noordwijk.nl -s 2020
Domain noordwijk.nl Selector 2020 KeyFile /etc/dkimkeys/2020.private Socket inet:8891@localhost
Make a backup of the original config
cp -rp /etc/postfix/main.cf /etc/postfix/main.cf_bak
Add the new config parts
vi /etc/postfix/main.cf
smtpd_milters = inet:localhost:8891 non_smtpd_milters = $smtpd_milters
Restart services to activate
systemctl restart opendkim
systemctl restart postfix
Following text record needs to go into the DNS Zonefile
user@host:~# cat /etc/dkimkeys/2020.txt
2020._domainkey IN TXT ( "v=DKIM1; k=rsa; "p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCqcS4IGfYnGeToHq7lziTCithEA5esxonnQjtp8hbVSGNDXeAAXQvdzg34QkpS/GCtsRa28XmnTw451dUDei/IE3CUrVet4SaYurERKzpwoBHyAMGCQgqgUzhGXpAOcL50XHXTtjZ9h1rdwyfTlg9YNosXrEXyF7Rt5YJOa/n3UQIDAQAB" ) ; ----- DKIM key 2020 for noordwijk.nl
Put the keys in the keytabble
<cpre>
vi /etc/dkimkeys/keytable
2020._domainkey.noordwijk.nl noordwijk.nl:2020:/etc/dkimkeys/2020.private
2022._domainkey.lostlemon.nl lostlemon.nl:2022:/etc/dkimkeys/2022.private
Create the signingtable
vi /etc/dkimkeys/signingtable
*@lostlemon.nl 2022._domainkey.lostlemon.nl *@test03lostlemon.nl 2022._domainkey.lostlemon.nl *@noordwijk.nl 2020._domainkey.noordwijk.nl
Decide which hosts are allwoed, localhost has to be included!
vi /etc/dkimkeys/trustedhosts
127.0.0.1/8
85.90.72.92/27
172.16.1.1/24
Have OpenDkim allowing domains
KeyTable file:/etc/dkimkeys/keytable
SigningTable refile:/etc/dkimkeys/signingtable
InternalHosts refile:/etc/dkimkeys/trustedhosts