Setup OpenDKIM With Postfix On Linux

This guide is going to work off the assumption that you already have a functional email server running with postfix on your server. This guide will show you how to setup OpenDKIM with postfix on a linux server

yum install epel-release
yum install opendkim

 

Now that opendkim is installed, you need to generate the dkim keys that you need to use to sign the emails with. There are multiple ways to do this. You can do it through the command line or you can use this serviceĀ http://dkimcore.org/tools/keys.html.

mkdir /etc/opendkim/keys/example.com
chown -R opendkim:opendkim /etc/opendkim/keys/example.com
touch /etc/opendkim/keys/example.com/default

Open up this directory and open the file called “default”. Paste your private key into this file. For safe keeping you could also create another file called “public.txt” and pop the public key into this file so you can access it in the future if you need it.

Sometimes default permissions dont get correctly set. In the event that this happens run the following. There is no harm just running this query anyway.

chown -R opendkim:opendkim /etc/opendkim
chmod -R go-wrx /etc/opendkim/keys

Open up “/etc/opendkim.conf” and replace everything with the following

AutoRestart Yes
AutoRestartRate 10/1h
Canonicalization relaxed/simple
ExternalIgnoreList refile:/etc/opendkim/TrustedHosts
InternalHosts refile:/etc/opendkim/TrustedHosts
KeyTable refile:/etc/opendkim/KeyTable
LogWhy Yes
Mode sv
PidFile /var/run/opendkim/opendkim.pid
SignatureAlgorithm rsa-sha256
SigningTable refile:/etc/opendkim/SigningTable
Socket inet:[email protected]
Syslog Yes
SyslogSuccess Yes
TemporaryDirectory /var/tmp
UMask 022
UserID opendkim:opendkim

You now need to add a key to the keytable. This file is located in /etc/opendkim/keytable

default._domainkey.example.com example.com:default:/etc/opendkim/keys/example.com/default

You will also need to add a line to the signing table.
If the file doesnt exist, create it. “/etc/opendkim/SigningTable”

*@example.com default._domainkey.example.com

Open or create “/etc/opendkim/TrustedHosts” and add the following.

127.0.0.1
hostname1.example1.com
example1.com
hostname1.example2.com
example2.com

Add the following to your postfix main.cf file. This will instruct postfix to sign the emails with the DKIM key you setup.

smtpd_milters = inet:127.0.0.1:8891
non_smtpd_milters = $smtpd_milters
milter_default_action = accept
milter_protocol = 2

Thats all thats needed. Now run opendkim and restart postfix and you should be good to go.

service opendkim start
service postfix restart

 

1 comment

  1. Hello, thanks for the detailed write up. I just tried this out, but after implementation I get this error SMTP Error: [451] 4.7.0 resource unavailable

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.