Page 1 of 1

[howto] Installing and using opendkim with EFA 4

Posted: 21 Jan 2019 03:12
by jamerson
With Shawin been busy getting the V4 OPENDKIM up and configured. finally we got it configured

1 Download and install OpenDKIM

Code: Select all

yum install openssl-devel opendkim
2 create a folder on the opendkim

Code: Select all

mkdir -p /etc/opendkim/keys/efa.org/
3 browse to

Code: Select all

cd /etc/opendkim/keys/efa.org/
4 run the below to generate the private and txt key

Code: Select all

opendkim-genkey -s efa
5 open the below with nano or vi

Code: Select all

/etc/opendkim.conf

6 first line to check:

Code: Select all

Mode sv
if it is just v change to sv

7 than look for word Socket inet= if it does exisit than its looks good
now find the below and out line them remove the # in front of each line .

Code: Select all

SendReports     yes   

ReportAddress "efa.org Postmaster <postmaster@efa.org>"
SoftwareHeader  yes
 Canonicalization        relaxed/simple
 KeyTable        /etc/opendkim/KeyTable
SigningTable    refile:/etc/opendkim/SigningTable
xternalIgnoreList      refile:/etc/opendkim/TrustedHosts
InternalHosts   refile:/etc/opendkim/TrustedHosts

save the file now

8 next, edit /etc/opendkim/KeyTable

so open the the file /etc/opendkim/KeyTable with nano or vi

Code: Select all

 add this line to the end:
 efa._domainkey.efa.org efa.org:efa:/etc/opendkim/keys/efa.org/efa.private
save file

9 now edit /etc/opendkim/SigningTable

again open the file /etc/opendkim/SigningTable with nano or vi

add this at the end of the file

Code: Select all

*@efa.org efa._domainkey.efa.org
Save the file we are almost done :)

10 edit /etc/opendkim/TrustedHosts
so open the file /etc/opendkim/TrustedHosts with vi or nano
and add this to the end

Code: Select all

mail.efa.org
192.168.4.5/32
mail.efa.org is your mx record
192.168.4.5/32 is your exchange ip / or internal mail server


11 edit /etc/postfix/main.cf

again open the file edit /etc/postfix/main.cf with nano or vi
go to very end of the file find the line starts with smtpd_milters = inet:127.0.0.1:8891 inet:127.0.0.1:33333 and empty everything below it. and past the below

Code: Select all

smtpd_milters = inet:127.0.0.1:8891 inet:127.0.0.1:33333
message_size_limit = 133169152
qmqpd_authorized_clients = 127.0.0.1 [::1]
enable_long_queue_ids = yes

non_smtpd_milters = inet:127.0.0.1:8891
milter_default_action = tempfail
milter_protocol = 2
error_notice_recipient = root@$myhostname
save the file

restart the postfix

Code: Select all

sudo systemctl restart postfix



11 Adding DNS Records
Strangely enough, this is the part that gave me the most trouble as I wasn't putting in the text records correctly.

open the private key

Code: Select all

cat /etc/opendkim/keys/<YOURDOMAIN>/default.txt
assuming a value of

Code: Select all

default._domainkey IN TXT "v=DKIM1; g=*; k=rsa; p=7k45u5i2T1AlEBeurUbdKh7Nypq4lLMXC2FHhezK33BuYR+3L7jxVj7FATylhwIDAQABMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDHY7Zl+n3SUldTYRUEU1BErHkKN0Ya52gazp1R7FA7vN5RddPxW/sO9JVRLiWg6iAE4hxBp42YKfxOwEnxPADbBuiELKZ2ddxo2aDFAb9U/lp4" ; ----- DKIM default for example.com
your DNS TXT record name is

Code: Select all

default._domainkey
your DNS record type is TXT
your DNS record value is
v

Code: Select all

=DKIM1; g=*; k=rsa; p=7k45u5i2T1AlEBeurUbdKh7Nypq4lLMXC2FHhezK33BuYR+3L7jxVj7FATylhwIDAQABMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDHY7Zl+n3SUldTYRUEU1BErHkKN0Ya52gazp1R7FA7vN5RddPxW/sO9JVRLiWg6iAE4hxBp42YKfxOwEnxPADbBuiELKZ2ddxo2aDFAb9U/lp4
Don't keep the comment from the generated default.txt file. There is a limit on DNS records using UDP, and if the record is too big, the nameserver will have to make a TCP connection to get it all (slower)


i have a issue

Code: Select all

Jan 29 00:55:05 relay opendkim[6300]: can't load key from /etc/opendkim/keys/domain.com/domain.private: Permission denied
so if you have this issue just run the next command to add the permission to your private key

Code: Select all

sudo chown opendkim /etc/opendkim/keys/domain.com/domain.private

now your opendkim is configured and sign outgoing emails.

if you have any questions let us knows.

Re: [howto] Installing and using opendkim with EFA 4

Posted: 21 Jan 2019 06:30
by Alleyviper
Hi Jamerson,

Deployed opendkim with your instructions, but have just one thing to say

Code: Select all

sudo cd /etc/opendkim/keys/domain.tld/

Code: Select all

[user@mx2 ~]$ ls
domain.private  domain.txt
Is this ok?

Best regards

Re: [howto] Installing and using opendkim with EFA 4

Posted: 21 Jan 2019 13:57
by jamerson
Alleyviper wrote:
21 Jan 2019 06:30
Hi Jamerson,

Deployed opendkim with your instructions, but have just one thing to say

Code: Select all

sudo cd /etc/opendkim/keys/domain.tld/

Code: Select all

[user@mx2 ~]$ ls
domain.private  domain.txt
Is this ok?

Best regards
Yes this ok.
You should have two files domain.txt and domain.private.
Domain.txt is the info you will need for your dns txt record.

Re: [howto] Installing and using opendkim with EFA 4

Posted: 02 Mar 2019 10:15
by henk
Hi Jamerson,

Did you manage to solve the Selinux issues as mentioned in viewtopic.php?t=3403?

Re: [howto] Installing and using opendkim with EFA 4

Posted: 18 Mar 2019 08:28
by Alleyviper
For Outbound Dkim signing check my solution on EFA 3.0.2.6

https://forum.efa-project.org/viewtop ... 5#p13835