Anonymous
×
Create a new article
Write your page title here:
We currently have 27 articles on PhenixOps. Type your article name above or click on one of the titles below and start writing!



PhenixOps
27Articles

OpenDkim: Difference between revisions

No edit summary
No edit summary
Line 6: Line 6:
</code>
</code>
<br>
<br>
A key needs to be generated per domain<br>
<code>
<code>
sudo -u opendkim opendkim-genkey -D /etc/dkimkeys -d noordwijk.nl -s 2020
sudo -u opendkim opendkim-genkey -D /etc/dkimkeys -d noordwijk.nl -s 2020
 
</code>
<pre>
Domain                  noordwijk.nl
Domain                  noordwijk.nl
Selector                2020
Selector                2020
KeyFile                /etc/dkimkeys/2020.private
KeyFile                /etc/dkimkeys/2020.private
Socket                  inet:8891@localhost
Socket                  inet:8891@localhost
</code>
</pre>
<code>
 
<br>
Make a backup of the original config<br>
Make a backup of the original config  
<br>
<code>
<code>
cp -rp /etc/postfix/main.cf /etc/postfix/main.cf_bak
cp -rp /etc/postfix/main.cf /etc/postfix/main.cf_bak
</code>
</code><br>
<br>
 
Add the new config parts
Add the new config parts<br>
<code>
<code>
vi /etc/postfix/main.cf
vi /etc/postfix/main.cf
</code>
<pre>
smtpd_milters = inet:localhost:8891
smtpd_milters = inet:localhost:8891
non_smtpd_milters = $smtpd_milters
non_smtpd_milters = $smtpd_milters
</code>
</pre><br>


Restart services to activate<br>
<code>
<code>
systemctl restart opendkim
systemctl restart opendkim
</code>
<code>
systemctl restart postfix
systemctl restart postfix
</code>
</code><br>


Following text record needs to go into the DNS Zonefile
Following text record needs to go into the DNS Zonefile
<code>user@host:~# cat /etc/dkimkeys/2020.txt</code><br>
<pre>
2020._domainkey IN      TXT    ( "v=DKIM1; k=rsa; "p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCqcS4IGfYnGeToHq7lziTCithEA5esxonnQjtp8hbVSGNDXeAAXQvdzg34QkpS/GCtsRa28XmnTw451dUDei/IE3CUrVet4SaYurERKzpwoBHyAMGCQgqgUzhGXpAOcL50XHXTtjZ9h1rdwyfTlg9YNosXrEXyF7Rt5YJOa/n3UQIDAQAB" )  ; ----- DKIM key 2020 for noordwijk.nl
</pre>
<br>
Put the keys in the keytabble
<cpre>
vi /etc/dkimkeys/keytable
2020._domainkey.noordwijk.nl noordwijk.nl:2020:/etc/dkimkeys/2020.private
2022._domainkey.lostlemon.nl lostlemon.nl:2022:/etc/dkimkeys/2022.private
</pre>
<br>


<code>user@host:~# cat /etc/dkimkeys/2020.txt</code>
Create the signingtable <br>
vi /etc/dkimkeys/signingtable<br>
<pre>
*@lostlemon.nl 2022._domainkey.lostlemon.nl
*@test03lostlemon.nl 2022._domainkey.lostlemon.nl
*@noordwijk.nl 2020._domainkey.noordwijk.nl
</pre>
<br>


Decide which hosts are allwoed, localhost has to be included!<br>
<code>
<code>
vi /etc/dkimkeys/trustedhosts
127.0.0.1/8
85.90.72.92/27
172.16.1.1/24
</code>
<br>
Have OpenDkim allowing domains<br>


2020._domainkey IN      TXT    ( "v=DKIM1; k=rsa; "p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCqcS4IGfYnGeToHq7lziTCithEA5esxonnQjtp8hbVSGNDXeAAXQvdzg34QkpS/GCtsRa28XmnTw451dUDei/IE3CUrVet4SaYurERKzpwoBHyAMGCQgqgUzhGXpAOcL50XHXTtjZ9h1rdwyfTlg9YNosXrEXyF7Rt5YJOa/n3UQIDAQAB" )  ; ----- DKIM key 2020 for noordwijk.nl
<code>
KeyTable file:/etc/dkimkeys/keytable
SigningTable refile:/etc/dkimkeys/signingtable
InternalHosts refile:/etc/dkimkeys/trustedhosts
</code>
</code>
<br>

Revision as of 13:18, 16 April 2020

To setup open dkim a couple of steps have to be made to install and configure the service and get it running. The example domain is noordwijk.nl, change it to yours.

mkdir /etc/dkimkeys chown opendkim.opendkim /etc/dkimkeys

A key needs to be generated per domain
sudo -u opendkim opendkim-genkey -D /etc/dkimkeys -d noordwijk.nl -s 2020

Domain                  noordwijk.nl
Selector                2020
KeyFile                 /etc/dkimkeys/2020.private
Socket                  inet:8891@localhost

Make a backup of the original config
cp -rp /etc/postfix/main.cf /etc/postfix/main.cf_bak

Add the new config parts
vi /etc/postfix/main.cf

smtpd_milters = inet:localhost:8891
non_smtpd_milters = $smtpd_milters


Restart services to activate
systemctl restart opendkim systemctl restart postfix

Following text record needs to go into the DNS Zonefile user@host:~# cat /etc/dkimkeys/2020.txt

2020._domainkey IN      TXT     ( "v=DKIM1; k=rsa; "p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCqcS4IGfYnGeToHq7lziTCithEA5esxonnQjtp8hbVSGNDXeAAXQvdzg34QkpS/GCtsRa28XmnTw451dUDei/IE3CUrVet4SaYurERKzpwoBHyAMGCQgqgUzhGXpAOcL50XHXTtjZ9h1rdwyfTlg9YNosXrEXyF7Rt5YJOa/n3UQIDAQAB" )  ; ----- DKIM key 2020 for noordwijk.nl


Put the keys in the keytabble <cpre> vi /etc/dkimkeys/keytable 2020._domainkey.noordwijk.nl noordwijk.nl:2020:/etc/dkimkeys/2020.private 2022._domainkey.lostlemon.nl lostlemon.nl:2022:/etc/dkimkeys/2022.private


Create the signingtable
vi /etc/dkimkeys/signingtable

*@lostlemon.nl 2022._domainkey.lostlemon.nl
*@test03lostlemon.nl 2022._domainkey.lostlemon.nl
*@noordwijk.nl 2020._domainkey.noordwijk.nl


Decide which hosts are allwoed, localhost has to be included!
vi /etc/dkimkeys/trustedhosts 127.0.0.1/8 85.90.72.92/27 172.16.1.1/24


Have OpenDkim allowing domains

KeyTable file:/etc/dkimkeys/keytable SigningTable refile:/etc/dkimkeys/signingtable InternalHosts refile:/etc/dkimkeys/trustedhosts