How to Setup DomainKeys (DKIM) with Postfix on EFA 4
Posted: 25 Jan 2020 22:33
DKIM (DomainKeys Identified Mail) is a method of signing electronic emails using public-private key. DKIM is used by receiving mail server for identifying email, that they are sent by authorized mail servers. It also minimizes the possibility of getting emails SPAM.
This tutorial will provide you a quick and easy way to set up DomainKeys with your POSTFIX running on EFA V 4.XX
How DKIM Works ?
When we configured DKIM on sending servers. First, we generated a public/private key pair for signing outgoing messages. The public key is configured as TXT record on a domains name server, and the private key is configured in the outbound email server. When an email is sent by an authorized user of the email server, the server uses the stored private key to generate a digital signature of the message, which is inserted in the message as a header, and the email is sent as normal.
Step 1 – Install DKIM-milter
install opendkim
Step 2 – Generate Key Pair
Now create DKIM key pair using dkim-genkey command line utility provided by dkim-milter package. For this tutorial we are using domain name “example.com”, Change this name with your actual names.
Above command will generate two files default.private and default.txt. You can created multiple DKIM keys for different-2 domains and configure with your postfix server.
Now set the proper permissions on Keys directory.
note: this is very important otherwise your efa would error out " permission denied: to load the private key
Step 3 – Configure OpenDKIM
Edit the Opendkim configuration file and Add/Update following entries in file. i like nano
Then edit the domain keys lists setting file /etc/opendkim/KeyTable and add following entry.
After that edit /etc/opendkim/SigningTable file and update following entry.
And edit /etc/opendkim/TrustedHosts file and update following entry.
10.10.20.3 is the efa internal ip
Step 4 – Configure Postfix
Now edit POSTFIX configuration file /etc/postfix/main.cf and add following values at the end of file
start opendkim and restart postfix
Step 5 – Configure DNS Entry
After configuring private key in postfix server. there will be another file generated by opendkim-genkey. Edit your DNS zone file and add this as TXT record found in default.txt. In my case this is like below.
To verify that DKIM is working properly. Let’s send a test email through command line
In the received email in our mailbox, open the source of the email and search for "DKIM-Signature". You will find something like below
or try mail tester which is quick.
if you have any questions let us know.
This tutorial will provide you a quick and easy way to set up DomainKeys with your POSTFIX running on EFA V 4.XX
How DKIM Works ?
When we configured DKIM on sending servers. First, we generated a public/private key pair for signing outgoing messages. The public key is configured as TXT record on a domains name server, and the private key is configured in the outbound email server. When an email is sent by an authorized user of the email server, the server uses the stored private key to generate a digital signature of the message, which is inserted in the message as a header, and the email is sent as normal.
Step 1 – Install DKIM-milter
install opendkim
Code: Select all
yum install postfix opendkim
Now create DKIM key pair using dkim-genkey command line utility provided by dkim-milter package. For this tutorial we are using domain name “example.com”, Change this name with your actual names.
Code: Select all
MYDOMAIN=example.com
mkdir -p /etc/opendkim/keys/$MYDOMAIN
cd /etc/opendkim/keys/$MYDOMAIN
opendkim-genkey -r -d $MYDOMAIN
Now set the proper permissions on Keys directory.
note: this is very important otherwise your efa would error out " permission denied: to load the private key
Code: Select all
chown -R opendkim:opendkim /etc/opendkim
chmod go-rw /etc/opendkim/keys
Edit the Opendkim configuration file and Add/Update following entries in file. i like nano
Code: Select all
nano /etc/opendkim.conf
Code: Select all
Mode sv
Socket inet:8891@localhost
Domain example.com
#KeyFile /etc/opendkim/keys/default.private ### comment this line
KeyTable /etc/opendkim/KeyTable
SigningTable refile:/etc/opendkim/SigningTable
ExternalIgnoreList refile:/etc/opendkim/TrustedHosts
InternalHosts refile:/etc/opendkim/TrustedHosts
Code: Select all
nano /etc/opendkim/KeyTable
Code: Select all
default._domainkey.example.com example.com:default:/etc/opendkim/keys/example.com/default.private
Code: Select all
nano /etc/opendkim/SigningTable
Code: Select all
*@example.com default._domainkey.example.com
10.10.20.3 is the efa internal ip
Code: Select all
nano /etc/opendkim/TrustedHosts
Code: Select all
10.10.20.3
mail.example.com
example.com
Now edit POSTFIX configuration file /etc/postfix/main.cf and add following values at the end of file
Code: Select all
nano /etc/postfix/main.cf
Code: Select all
masquerade_domains = $mydomain
smtpd_milters = inet:localhost:8891, inet:localhost:8893, inet:127.0.0.1:33333
non_smtpd_milters = inet:localhost:8891, inet:localhost:8893
milter_default_action = accept
qmqpd_authorized_clients = 127.0.0.1 [::1]
message_size_limit = 133169152
mailbox_size_limit = 133169152
qmqpd_authorized_clients = 127.0.0.1 [::1]
enable_long_queue_ids = yes
error_notice_recipient = root
sender_canonical_maps = hash:/etc/postfix/sender_canonical
recipient_canonical_maps = hash:/etc/postfix/recipient_canonical
Code: Select all
systemctl start opendkim ; systemctl enable opendkim ; systemctl restart postfix
After configuring private key in postfix server. there will be another file
Code: Select all
cat /etc/opendkim/keys/example.com/default.txt/
Code: Select all
default._domainkey IN TXT ( "v=DKIM1; k=rsa; s=email; "
"p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCdTtEqM8FqndiFYOderzljMMMqBdEp+wJKP+VUbhc9GigmK34ZjrSqqdKjIEWr2q9DvSVp1H1bZs4t050m0HZxJqknDz2yoDJ6W4mCaSCHesRde5V44V/L65Gqm/rvBz1d6CCp8A2515eveWrIAocOD6pKJ4tnXHz3uwV2ZtgQiQIDAQAB" ) ; ----- DKIM key default for example.com
Code: Select all
Step 6 – Verify DKIM
Code: Select all
mail -vs "Test DKIM" jamerson@gmail.com < /dev/null
Code: Select all
DKIM-Signature: v=1; a=rsa-sha256; c=simple/simple; d=example.com;
s=default.private; t=1402388963;
bh=fdkeB/A0FkbVP2k4J4pNPoe23AvqBm9+b0C3OY87Cw8=;
h=Date:From:Message-Id:To:Subject;
b=M6g0eHe3LNqURha9d73bFWlPfOERXsXxrYtN2qrSQ6/0WXtOxwkEjfoNTHPzoEOlD
i6uLLwV+3/JTs7mFmrkvlA5ZR693sM5gkVgVJmuOsylXSwd3XNfEcGSqFRRIrLhHtbC
mAXMNxJtih9OuVNi96TrFNyUJeHMRvvbo34BzqWY=
if you have any questions let us know.