DKIM For Debian + Postfix

Here’s Quick Tutorial for how to setup dkim (AKA Domain Keys ) on Debian + Postfix.

1.) Install dkim-filter

apt-get install dkim-filter

2.) Create a key for each domain verified

mkdir -p /etc/dkim/keys/abc.com
cd /etc/dkim/keys/abc.com
dkim-genkey -r -d abc.com

Replace abc.com with the domain that this mail server should authenticate using DKIM

3. Add a line for each domain to dkim-keys.conf file (vim /etc/dkim-keys.conf)

*@abc.com:abc.com:/etc/dkim/keys/abc.com/default.private

Replace abc.com with the domain that this mail server should authenticate using DKIM

4. Add a TXT record to the DNS for the domain being authenticated using DKIM. The record is automatically created and stored in /etc/dkim/keys/abc.com/default.txt. You just need to add it to the DNS server. (cat /etc/dkim/keys/abc.com/default.txt)

Here’s a sample output:

default._domainkey IN TXT "v=DKIM1; g=*; k=rsa; p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQC8IQNYlS+8jyrbAxNsghsPrWYgOQQWI0Ab4e9MToZYLTBGI41V3Zet5Awrt19nMIUlTpuE+/YVnjP/pu3fgeYkoe6NUzp+oEcWAioQXBmx0njigac7iJ/I0naTP1xTrDacnwsTp/F+lMwGgjiHpaJA7iBmL0AfYMXlTBo5pFog2QIDAQAB" ; ----- DKIM default for abc.com

Repeat steps 2, 3 and 4 for every domain that this server should authenticate using DKIM.

5. Uncomment line 37 to make DKIM filter use the dkim-keys.conf file to look up domains available (vim /etc/dkim-filter.conf)

KeyList /etc/dkim-keys.conf

6. Add a inet socket that Postfix can communicate with (vim /etc/default/dkim-filter)

SOCKET="inet:[email protected]"

7. Restart DKIM filter

/etc/init.d/dkim-filter restart

8. Configure Postfix to query DKIM filter using the socket created earlier. Add these lines to main.cf (vim /etc/postfix/main.cf)

milter_default_action = accept
milter_protocol = 2
smtpd_milters = inet:localhost:8891
non_smtpd_milters = inet:localhost:8891

9. Reload Postfix config

postfix reload

Courtesy: http://www.debiantutorials.net/setup-domainkeys-identified-mail-dkim-in-postfix/

Posted in: