[howto] Installing and using opendkim with EFA 4

Bugs in eFa 4
Post Reply
jamerson
Posts: 164
Joined: 19 Aug 2017 18:57
Location: kaaskop

[howto] Installing and using opendkim with EFA 4

Post by jamerson »

With Shawin been busy getting the V4 OPENDKIM up and configured. finally we got it configured

1 Download and install OpenDKIM

Code: Select all

yum install openssl-devel opendkim
2 create a folder on the opendkim

Code: Select all

mkdir -p /etc/opendkim/keys/efa.org/
3 browse to

Code: Select all

cd /etc/opendkim/keys/efa.org/
4 run the below to generate the private and txt key

Code: Select all

opendkim-genkey -s efa
5 open the below with nano or vi

Code: Select all

/etc/opendkim.conf

6 first line to check:

Code: Select all

Mode sv
if it is just v change to sv

7 than look for word Socket inet= if it does exisit than its looks good
now find the below and out line them remove the # in front of each line .

Code: Select all

SendReports     yes   

ReportAddress "efa.org Postmaster <postmaster@efa.org>"
SoftwareHeader  yes
 Canonicalization        relaxed/simple
 KeyTable        /etc/opendkim/KeyTable
SigningTable    refile:/etc/opendkim/SigningTable
xternalIgnoreList      refile:/etc/opendkim/TrustedHosts
InternalHosts   refile:/etc/opendkim/TrustedHosts

save the file now

8 next, edit /etc/opendkim/KeyTable

so open the the file /etc/opendkim/KeyTable with nano or vi

Code: Select all

 add this line to the end:
 efa._domainkey.efa.org efa.org:efa:/etc/opendkim/keys/efa.org/efa.private
save file

9 now edit /etc/opendkim/SigningTable

again open the file /etc/opendkim/SigningTable with nano or vi

add this at the end of the file

Code: Select all

*@efa.org efa._domainkey.efa.org
Save the file we are almost done :)

10 edit /etc/opendkim/TrustedHosts
so open the file /etc/opendkim/TrustedHosts with vi or nano
and add this to the end

Code: Select all

mail.efa.org
192.168.4.5/32
mail.efa.org is your mx record
192.168.4.5/32 is your exchange ip / or internal mail server


11 edit /etc/postfix/main.cf

again open the file edit /etc/postfix/main.cf with nano or vi
go to very end of the file find the line starts with smtpd_milters = inet:127.0.0.1:8891 inet:127.0.0.1:33333 and empty everything below it. and past the below

Code: Select all

smtpd_milters = inet:127.0.0.1:8891 inet:127.0.0.1:33333
message_size_limit = 133169152
qmqpd_authorized_clients = 127.0.0.1 [::1]
enable_long_queue_ids = yes

non_smtpd_milters = inet:127.0.0.1:8891
milter_default_action = tempfail
milter_protocol = 2
error_notice_recipient = root@$myhostname
save the file

restart the postfix

Code: Select all

sudo systemctl restart postfix



11 Adding DNS Records
Strangely enough, this is the part that gave me the most trouble as I wasn't putting in the text records correctly.

open the private key

Code: Select all

cat /etc/opendkim/keys/<YOURDOMAIN>/default.txt
assuming a value of

Code: Select all

default._domainkey IN TXT "v=DKIM1; g=*; k=rsa; p=7k45u5i2T1AlEBeurUbdKh7Nypq4lLMXC2FHhezK33BuYR+3L7jxVj7FATylhwIDAQABMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDHY7Zl+n3SUldTYRUEU1BErHkKN0Ya52gazp1R7FA7vN5RddPxW/sO9JVRLiWg6iAE4hxBp42YKfxOwEnxPADbBuiELKZ2ddxo2aDFAb9U/lp4" ; ----- DKIM default for example.com
your DNS TXT record name is

Code: Select all

default._domainkey
your DNS record type is TXT
your DNS record value is
v

Code: Select all

=DKIM1; g=*; k=rsa; p=7k45u5i2T1AlEBeurUbdKh7Nypq4lLMXC2FHhezK33BuYR+3L7jxVj7FATylhwIDAQABMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDHY7Zl+n3SUldTYRUEU1BErHkKN0Ya52gazp1R7FA7vN5RddPxW/sO9JVRLiWg6iAE4hxBp42YKfxOwEnxPADbBuiELKZ2ddxo2aDFAb9U/lp4
Don't keep the comment from the generated default.txt file. There is a limit on DNS records using UDP, and if the record is too big, the nameserver will have to make a TCP connection to get it all (slower)


i have a issue

Code: Select all

Jan 29 00:55:05 relay opendkim[6300]: can't load key from /etc/opendkim/keys/domain.com/domain.private: Permission denied
so if you have this issue just run the next command to add the permission to your private key

Code: Select all

sudo chown opendkim /etc/opendkim/keys/domain.com/domain.private

now your opendkim is configured and sign outgoing emails.

if you have any questions let us knows.
Last edited by jamerson on 29 Jan 2019 00:43, edited 1 time in total.
Version eFa 4.0.0 RC1 now available in testing repo. Come join us in advancing eFa!
Alleyviper
Posts: 83
Joined: 16 Oct 2018 05:55
Location: Portugal

Re: [howto] Installing and using opendkim with EFA 4

Post by Alleyviper »

Hi Jamerson,

Deployed opendkim with your instructions, but have just one thing to say

Code: Select all

sudo cd /etc/opendkim/keys/domain.tld/

Code: Select all

[user@mx2 ~]$ ls
domain.private  domain.txt
Is this ok?

Best regards
jamerson
Posts: 164
Joined: 19 Aug 2017 18:57
Location: kaaskop

Re: [howto] Installing and using opendkim with EFA 4

Post by jamerson »

Alleyviper wrote: 21 Jan 2019 06:30 Hi Jamerson,

Deployed opendkim with your instructions, but have just one thing to say

Code: Select all

sudo cd /etc/opendkim/keys/domain.tld/

Code: Select all

[user@mx2 ~]$ ls
domain.private  domain.txt
Is this ok?

Best regards
Yes this ok.
You should have two files domain.txt and domain.private.
Domain.txt is the info you will need for your dns txt record.
Version eFa 4.0.0 RC1 now available in testing repo. Come join us in advancing eFa!
henk
Posts: 517
Joined: 14 Dec 2015 22:16
Location: Netherlands
Contact:

Re: [howto] Installing and using opendkim with EFA 4

Post by henk »

Hi Jamerson,

Did you manage to solve the Selinux issues as mentioned in viewtopic.php?t=3403?
“We are stuck with technology when what we really want is just stuff that works.” -Douglas Adams
Alleyviper
Posts: 83
Joined: 16 Oct 2018 05:55
Location: Portugal

Re: [howto] Installing and using opendkim with EFA 4

Post by Alleyviper »

For Outbound Dkim signing check my solution on EFA 3.0.2.6

https://forum.efa-project.org/viewtop ... 5#p13835
Post Reply