OpenDKIM Postfix & Centos 5.5

2010 May 28
by Simon

Genertating keys for DKIM signing

You will need to generate a pair of keys for each domain you want to sign mail for, a public and a private key. OpenDKIM has a script included that will help do this. Where the keys are kept is up to you but here we create a directory inside /etc/mail/dkim/keys…

# mkdir /etc/mail/dkim/keys/example.com
# opendkim-genkey.sh -D /etc/mail/dkim/keys/example.com/ -d example.com -s default
# chown -R opendkim-milt:opendkim-milt /etc/mail/dkim/example.com
# mv /etc/mail/dkim/keys/example.com/default.private /etc/mail/dkim/keys/example.com/default

‘-s’ is the selector, you might want to work out a naming scheme based on the date etc.

OpenDKIM configuration

For the purpose if this guide we need to edit one config file and create two ‘table’ files that the OpenDKIM milter will use to know what to do with mail passing through.

I will not go in to any detail about the config files as all the information is in the man pages, here is a working example that fits with this guide but do read the installed example file.

/etc/opendkim.conf
##
## opendkim.conf -- configuration file for OpenDKIM filter
##
## $Id: opendkim.conf.sample,v 1.5 2010/03/05 03:32:12 mmarkley Exp $
##
ADSPDiscard             Yes
ADSPNoSuchDomain        Yes
AutoRestart             Yes
AutoRestartRate         10/1h
Canonicalization        relaxed/relaxed
KeyTable                refile:/etc/mail/dkim/keyTable
LogWhy                  Yes
On-Default              reject
On-BadSignature         reject
On-DNSError             tempfail
On-InternalError        accept
On-NoSignature          accept
On-Security             discard
PidFile                 /var/run/opendkim/dkim-milter.pid
SignatureAlgorithm      rsa-sha256
SigningTable            refile:/etc/mail/dkim/signingTable
Socket                  inet:20209@localhost
Syslog                  Yes
SyslogSuccess           Yes
TemporaryDirectory      /var/tmp
UMask                   022
UserID                  opendkim-milt:opendkim-milt
X-Header                Yes

The following files are regular expression file datasets, the format they take is explained in the OpenDKIM man but it can really help to see an example.

/etc/mail/dkim/keyTable
default._domainkey.example.com example.com:default:/etc/mail/dkim/keys/example.com/default
/etc/mail/dkim/signingTable
*@example.com default._domainkey.example.com

Pages: 1 2 3 4

from → Guides

No comments yet

Leave a Reply

Note: You can use basic XHTML in your comments. Your email address will never be published.

Subscribe to this comment feed via RSS