[howto] Installing and using opendkim with EFA 4
Posted: 21 Jan 2019 03:12
With Shawin been busy getting the V4 OPENDKIM up and configured. finally we got it configured
1 Download and install OpenDKIM
2 create a folder on the opendkim
3 browse to
4 run the below to generate the private and txt key
5 open the below with nano or vi
6 first line to check:
if it is just v change to sv
7 than look for word Socket inet= if it does exisit than its looks good
now find the below and out line them remove the # in front of each line .
save the file now
8 next, edit /etc/opendkim/KeyTable
so open the the file /etc/opendkim/KeyTable with nano or vi
save file
9 now edit /etc/opendkim/SigningTable
again open the file /etc/opendkim/SigningTable with nano or vi
add this at the end of the file
Save the file we are almost done
10 edit /etc/opendkim/TrustedHosts
so open the file /etc/opendkim/TrustedHosts with vi or nano
and add this to the end
mail.efa.org is your mx record
192.168.4.5/32 is your exchange ip / or internal mail server
11 edit /etc/postfix/main.cf
again open the file edit /etc/postfix/main.cf with nano or vi
go to very end of the file find the line starts with smtpd_milters = inet:127.0.0.1:8891 inet:127.0.0.1:33333 and empty everything below it. and past the below
save the file
restart the postfix
11 Adding DNS Records
Strangely enough, this is the part that gave me the most trouble as I wasn't putting in the text records correctly.
open the private key
assuming a value of
your DNS TXT record name is
your DNS record type is TXT
your DNS record value is
v
Don't keep the comment from the generated default.txt file. There is a limit on DNS records using UDP, and if the record is too big, the nameserver will have to make a TCP connection to get it all (slower)
i have a issue
so if you have this issue just run the next command to add the permission to your private key
now your opendkim is configured and sign outgoing emails.
if you have any questions let us knows.
1 Download and install OpenDKIM
Code: Select all
yum install openssl-devel opendkim
Code: Select all
mkdir -p /etc/opendkim/keys/efa.org/
Code: Select all
cd /etc/opendkim/keys/efa.org/
Code: Select all
opendkim-genkey -s efa
Code: Select all
/etc/opendkim.conf
6 first line to check:
Code: Select all
Mode sv
7 than look for word Socket inet= if it does exisit than its looks good
now find the below and out line them remove the # in front of each line .
Code: Select all
SendReports yes
ReportAddress "efa.org Postmaster <postmaster@efa.org>"
SoftwareHeader yes
Canonicalization relaxed/simple
KeyTable /etc/opendkim/KeyTable
SigningTable refile:/etc/opendkim/SigningTable
xternalIgnoreList refile:/etc/opendkim/TrustedHosts
InternalHosts refile:/etc/opendkim/TrustedHosts
save the file now
8 next, edit /etc/opendkim/KeyTable
so open the the file /etc/opendkim/KeyTable with nano or vi
Code: Select all
add this line to the end:
efa._domainkey.efa.org efa.org:efa:/etc/opendkim/keys/efa.org/efa.private
9 now edit /etc/opendkim/SigningTable
again open the file /etc/opendkim/SigningTable with nano or vi
add this at the end of the file
Code: Select all
*@efa.org efa._domainkey.efa.org
10 edit /etc/opendkim/TrustedHosts
so open the file /etc/opendkim/TrustedHosts with vi or nano
and add this to the end
Code: Select all
mail.efa.org
192.168.4.5/32
192.168.4.5/32 is your exchange ip / or internal mail server
11 edit /etc/postfix/main.cf
again open the file edit /etc/postfix/main.cf with nano or vi
go to very end of the file find the line starts with smtpd_milters = inet:127.0.0.1:8891 inet:127.0.0.1:33333 and empty everything below it. and past the below
Code: Select all
smtpd_milters = inet:127.0.0.1:8891 inet:127.0.0.1:33333
message_size_limit = 133169152
qmqpd_authorized_clients = 127.0.0.1 [::1]
enable_long_queue_ids = yes
non_smtpd_milters = inet:127.0.0.1:8891
milter_default_action = tempfail
milter_protocol = 2
error_notice_recipient = root@$myhostname
restart the postfix
Code: Select all
sudo systemctl restart postfix
11 Adding DNS Records
Strangely enough, this is the part that gave me the most trouble as I wasn't putting in the text records correctly.
open the private key
Code: Select all
cat /etc/opendkim/keys/<YOURDOMAIN>/default.txt
Code: Select all
default._domainkey IN TXT "v=DKIM1; g=*; k=rsa; p=7k45u5i2T1AlEBeurUbdKh7Nypq4lLMXC2FHhezK33BuYR+3L7jxVj7FATylhwIDAQABMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDHY7Zl+n3SUldTYRUEU1BErHkKN0Ya52gazp1R7FA7vN5RddPxW/sO9JVRLiWg6iAE4hxBp42YKfxOwEnxPADbBuiELKZ2ddxo2aDFAb9U/lp4" ; ----- DKIM default for example.com
Code: Select all
default._domainkey
your DNS record value is
v
Code: Select all
=DKIM1; g=*; k=rsa; p=7k45u5i2T1AlEBeurUbdKh7Nypq4lLMXC2FHhezK33BuYR+3L7jxVj7FATylhwIDAQABMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDHY7Zl+n3SUldTYRUEU1BErHkKN0Ya52gazp1R7FA7vN5RddPxW/sO9JVRLiWg6iAE4hxBp42YKfxOwEnxPADbBuiELKZ2ddxo2aDFAb9U/lp4
i have a issue
Code: Select all
Jan 29 00:55:05 relay opendkim[6300]: can't load key from /etc/opendkim/keys/domain.com/domain.private: Permission denied
Code: Select all
sudo chown opendkim /etc/opendkim/keys/domain.com/domain.private
now your opendkim is configured and sign outgoing emails.
if you have any questions let us knows.