Postfix configuration
Lines that need to be added to Postfix’s main.cf:
smtpd_milters = inet:localhost:20209 non_smtpd_milters = inet:localhost:20209 milter_protocol = 2 milter_default_action = accept
Starting OpenDKIM
You can now start OpenDKIM!
# service opendkim start
Then you will probably want to make sure it starts on boot also…
# chkconfig --level 2345 opendkim on
DKIM DNS entries
All being well your mail should be signed as it leaves and mail coming in should be checked. The last step is to announce that you sign your mail and publicise the public part of the key.
Simply ‘cat’ the public part of the key and add everything up to and including the last quotes as a ‘txt’ entry to your zone file. If you are using some kind of web interface to edit your zone file you might need to remove the quotes altogether.
# cat default.txt default._domainkey IN TXT "v=DKIM1; g=*; k=rsa; p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDHY7Zl+n3SUldTYRUEU1BErHkKN0Ya52gazp1R7FA7vN5RddPxW/sO9JVRLiWg6iAE4hxBp42YKfxOwEnxPADbBuiELKZ2ddxo2aDFAb9U/lp47k45u5i2T1AlEBeurUbdKh7Nypq4lLMXC2FHhezK33BuYR+3L7jxVj7FATylhwIDAQAB" ; ----- DKIM default for example.co
DKIM TXT tag quick reference
A semi-colon separated list of tags. Multiple tag values separated by a colon.
v = (DKIM version: 'v=DKIM1') g = (granularity, defines a match for the left hand side of the '@') h = (hash algorithm: 'sha1' 'sha256') k = (key type: 'rsa') n = (notes) p = (public key) s = (service type: 'email') t = (flags: 'y' 's')
Finally add a DKIM ADSP record which should look something like this:
_adsp._domainkey.example.com IN TXT "dkim=unknown"
Sendmail’s DKIM tools linked at the start of this guide can help you create an ADSP record.
This Calmblue guide by Simon Bell is licensed under a Creative Commons Attribution-Share Alike 2.0 UK: England & Wales License
Hi Simon,
Thanks a lot for the great post this made it very easy to setup, the only thing confusing me at present and thats the
_adsp._domainkey.example.com IN TXT “dkim=unknown”
I’ve sent test emails to autorespond+dkim[at]dk.elandsys.com, and it comes back with
DKIM Signature validation: DKIM-Signature could not be verified DKIM Author Domain Signing Practices: no DNS record for _adsp._domainkey.accepted.co.uk
Do you have any idea on how to fix this, or what I might be missing?
Thanks
Hi Kevin, glad you found the post useful
It’s going to be hard for me to help you with out more info. Can I recommend you join the OpenDKIM mailing list. I’m there plus others who are even more qualified to help.
Try mailing check-auth at verifier.port25 dot com too, then mail all relevant info to the mailing list
My Simon, This was a simple mistake my end, I had not setup the adsp entry in the DNS correctly.
Cheers for following up, happy signing.
I used this to get DKIM up and going for our Marketing MTAs. Amazing work. I would say one thing that might answer someones random question. If you are signing lots of mail across a few MTAs do not use a DB for OpenDkim it will slow you down. WAY WAY down. Great work here tho.
Cheerio
Thanks for the tip
Hello! I’m not sure if anyone is still monitoring this blog post but I have a question. I followed this to the letter but when I attempt to start the service I get the following error:
Starting DKIM milter: /etc/init.d/opendkim: line 24: daemon: command not found
Am I missing a dependency? What’s the problem here?
Thanks,
-Justin
Hi, it’s been a long time since I built OpenDKIM from source and I’m guessing that your software versions are quite a bit newer than when I wrote this guide. There are packages available now and using them might make your life easier.
There’s an article on installing OpenDKIM on CentOS using RPMs that might be helpful.
Feel free to let me know how you get on.