How to Setup DomainKeys(DKIM) on Linux?

How to Setup DomainKeys(DKIM) on Linux?

DKIM (DomainKeys Identified Mail) is a method of signing electronic emails using public-private key pair. DKIM is used by receiving mail server for identifying email, that they are sent by authorized mail servers. It also minimizes the possibility of getting emails SPAM.
 

How to Setup DomainKeys (DKIM) on ISPconfig?

 
Before using ISPconfig to generate DomainKeys, make sure opendkim is installed.
 

1. Login ISPconfig

Click Email>Domain>DomainKeys Identified Mail (DKIM).

 

2. Generate DomainKeys

 
 
 

How to Setup DomainKeys (DKIM) with Postfix on CentOS/Ubuntu/Debian?

Related link:
 
The following operations will take example.com as an example.

Ubuntu/Debian

1. Install opendkim Package

Install opendkim and opendkim-tools packages using following command.
 
sudo apt-get install opendkim opendkim-tools
 

2. Generate Key Pair

Create DKIM key pair using opendkim-genkey command line utility.
 
MYDOMAIN=example.com
mkdir -p /etc/mail/dkim-keys/$MYDOMAIN
cd /etc/mail/dkim-keys/$MYDOMAIN
opendkim-genkey -t -s mail -d $MYDOMAIN
 
The above command will generate two files default.private and default.txt. You can create multiple DKIM keys for different-2 domains and configure them with your postfix server.
 

3. Configure DKIM and POSTFIX

A. Edit the domain keys lists setting file /etc/mail/dkim.key and add the following entry.
 
*@example.com:example.com:/etc/mail/dkim-keys/example.com/dt.private
 
B. Edit DKIM configuration file /etc/opendkim.conf and update below values in configuration file.
 
Domain             example.com
KeyFile            /etc/mail/dkim.key
Selector           mail
Socket    inet:8892@localhost
 
Socket: the milter will listen on the socket specified here, Posfix will send messages to opendkim for signing and verification through this socket; 8892@localhost defines a TCP socket that listens on localhost.
 
Note: Port 8892 should be consistent with the value in the configuration file "/etc/postfix/main.cf", which can be changed as needed; If you need to change the key size (1024/2048), you can do so through the configuration file "/etc/opendkim.conf".
 
C. Edit POSTFIX configuration file /etc/postfix/main.cf and add following values at the end of file.
 
milter_default_action = accept
milter_protocol = 2
smtpd_milters = inet:localhost:8892
non_smtpd_milters = inet:localhost:8892
 

4.Configure DNS Entry

 After configuring private key in the postfix server. There will be another file default.txt generated by opendkim-genkey. Edit your DNS zone file and add this as TXT record found in /etc/opendkim/keys/example.com/default.txt/.
 

5.Restart Service

After making all the above configuration’s restart dkim and postfix services.
 
sudo service opendkim restart
sudo service postfix restart
 

6. Verify DKIM

A. Verify that DKIM is working properly and send a test email from the command line.
 
mail -vs "Test DKIM" test_email@gmail.com < /dev/null
 
B. Search for "Dkim-Signature" in emails we receive in our mailboxes, and you'll find something like the following:
 
DKIM-Signature: v=1; a=rsa-sha256; c=simple/simple; d=example.com;
s=default.private; t=1402388963;
bh=fdkeB/A0FkbVP2k4J4pNPoe23AvqBm9+b0C3OY87Cw8=;
h=Date:From:Message-Id:To:Subject;
b=M6g0eHe3LNqURha9d73bFWlPfOERXsXxrYtN2qrSQ6/0WXtOxwkEjfoNTHPzoEOlD
 i6uLLwV+3/JTs7mFmrkvlA5ZR693sM5gkVgVJmuOsylXSwd3XNfEcGSqFRRIrLhHtbC
 mAXMNxJtih9OuVNi96TrFNyUJeHMRvvbo34BzqWY=
 

CentOS

1. Install DKIM-milter

yum install opendkim
 

2. Generate Key Pair

A. Create DKIM key pair using dkim-genkey command line utility provided by dkim-milter package.
 
MYDOMAIN=example.com
mkdir -p /etc/opendkim/keys/$MYDOMAIN
cd /etc/opendkim/keys/$MYDOMAIN
opendkim-genkey -r -d $MYDOMAIN
 
B. Set the proper permissions on the Keys directory.
 
chown -R opendkim:opendkim /etc/opendkim
chmod go-rw /etc/opendkim/keys
 

3.Configure OpenDKIM

A. Edit the Opendkim configuration file and Add/Update the following entries in the file.
 
Mode     sv
Socket   inet:8891@localhost
Domain   example.com
KeyTable        /etc/opendkim/KeyTable
SigningTable   refile:/etc/opendkim/SigningTable
ExternalIgnoreList      refile:/etc/opendkim/TrustedHosts
InternalHosts   refile:/etc/opendkim/TrustedHosts
 
Note: Port 8891 should be consistent with the value in the configuration file "/etc/postfix/main.cf", which can be changed as needed; If you need to change the key size (1024/2048), you can do so through the configuration file "/etc/opendkim.conf".
 
B. Edit the domain keys lists setting file /etc/opendkim/KeyTable and add the following entry.
 
default._domainkey.example.com
example.com:default:/etc/opendkim/keys/example.com/default.private
 
C. Edit /etc/opendkim/SigningTable file and update following entry.
 
*@example.com default._domainkey.example.com
 
D. Edit /etc/opendkim/TrustedHosts file and update following entry.
 
mail.example.com
example.com
 

4. Configure Postfix

A. Edit POSTFIX configuration file /etc/postfix/main.cf and add following values at the end of file.
 
smtpd_milters = inet:127.0.0.1:8891
non_smtpd_milters = $smtpd_milters
milter_default_action = accept
 
B. Finally start DKIM service using the following command.
 
service opendkim start
 

5.Configure DNS Entry

Edit your DNS zone file and add this as TXT record found in /etc/opendkim/keys/example.com/default.txt/.
 

6.Restart Service

After making all the above configuration’s restart dkim and postfix services
 
sudo service opendkim restart
sudo service postfix restart
 

7.Verify DKIM

A. Verify that DKIM is working properly and send a test email from the command line.
 
mail -vs "Test DKIM" test_email@gmail.com < /dev/null
 
B. Search for "Dkim-Signature" in emails we receive in our mailboxes, and you'll find something like the following:
 
DKIM-Signature: v=1; a=rsa-sha256; c=simple/simple; d=example.com;
s=default.private; t=1402388963;
bh=fdkeB/A0FkbVP2k4J4pNPoe23AvqBm9+b0C3OY87Cw8=;
h=Date:From:Message-Id:To:Subject;
b=M6g0eHe3LNqURha9d73bFWlPfOERXsXxrYtN2qrSQ6/0WXtOxwkEjfoNTHPzoEOlD
 i6uLLwV+3/JTs7mFmrkvlA5ZR693sM5gkVgVJmuOsylXSwd3XNfEcGSqFRRIrLhHtbC
 mAXMNxJtih9OuVNi96TrFNyUJeHMRvvbo34BzqWY=

Add Feedback