Home Miscellaneous Postfix + DKIM Setup
Miscellaneous

Postfix + DKIM Setup

by SupportPRO Admin
written by SupportPRO Admin

Installation

1. Get the rpmforge repo and install it.

# wget http://pkgs.repoforge.org/rpmforge-release/rpmforge-release-0.5.2-2.el6.rf.x86_64.rpm

# rpm -ivh rpmforge-release-0.5.2-2.el6.rf.x86_64.rpm

# yum install opendkim postfix

2. Stop Sendmail and remove from the auto start.

# /etc/init.d/sendmail stop
# chkconfig remove sendmail

3. Add postfix and opendkim to the autostart pool

# chkconfig postfix on
# chkconfig opendkim on

4. Configure postfix.

# vi /etc/postfix/main.cf

Configuration Options

Change the following or comment out the existing and add accordingly.

myhostname = server.yourdomainname.com ( your server hostname )
mydomain = yourdomainname.com
myorigin = $mydomain
inet_interfaces = all
mydestination = $myhostname, localhost.$mydomain, localhost, $mydomain
home_mailbox = Maildir/

Add the following for DKIM in postfix main.cf

smtpd_milters = inet:localhost:8891
non_smtpd_milters = $smtpd_milters
milter_default_action = accept
milter_protocol = 2

5. Configure Opendkim

Configuration files of OpenDKIM

1. /etc/opendkim.conf OpenDKIMs main configuration file
2. /etc/opendkim/KeyTable a list of keys available for signing
3. /etc/opendkim/SigningTable a list of domains and accounts allowed to sign
4. /etc/init.d/opendkim Service startup file.

# vi /etc/opendkim.conf

Configuration Options:

PidFile /var/run/opendkim/opendkim.pid
Mode sv
Canonicalization relaxed/simple
Syslog yes
SyslogSuccess yes
LogWhy yes
UserID opendkim:opendkim
Socket inet:8891@localhost
Umask 002
Selector default
KeyTable refile:/etc/opendkim/KeyTable
SigningTable refile:/etc/opendkim/SigningTable
ExternalIgnoreList refile:/etc/opendkim/TrustedHosts
InternalHosts refile:/etc/opendkim/TrustedHosts

# cd /etc/opendkim

We will create the public and private keys now.

# cd keys
# mkdir yourdomainname.com; cd yourdomainname.com
# opendkim-genkey -d yourdomainname.com -s default

here -d denotes your domain and -s is for a selector.

# chown opendkim.opendkim ../yourdomainname.com -R

# cd ..
# vi KeyTable

default._domainkey.yourdomainname.com yourdomainname.com:default:/etc/opendkim/keys/yourdomainname.com/default.private

# vi SigningTable

*@yourdomainname.com default._domainkey.yourdomainname.com

# vi TrustedHosts

127.0.0.1
localhost
server.yourdomainname.com
yourdomainname.com

Note: ensure that localhost is mentioned in the TrustedHosts file.

Now we are ready to test this. Start opendkim first and then postfix.

# /etc/init.d/opendkim start
# /etc/init.d/postfix start

Ensure that OpenDKIM logs have written on a mail log file. This is the only file where you can see any issue with the opendkim errors.

# tail -f /var/log/maillog

Sep 20 09:43:50 server opendkim[8535]: OpenDKIM Filter v2.5.2 starting (args: -x /etc/opendkim.conf -P /var/run/opendkim/opendkim.pid)

Add the DNS records to your domain name. You can get the public dns record from the following file. This is TXT record.

# cat /etc/opendkim/keys/mydomain.com/default.txt

ensure to add a “k” ahead of ;=rsa; by default it will be without k, after the mentioned changes the dns record will have ;k=rsa;

default._domainkey IN TXT “v=DKIM1;k=rsa; p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDJmb2F+hGx+/1Y4dadbsTzg/thhJVsZHT5chFhaoZH6SMALX6J9IIIPSW3NRsap/mUQQ5GVG9IHIBfpAsIJr8CILOVcqAWQbG5XTn9Sk1p76abg3tyR01rhSTG2CljLmkNAPqOSrE5uUEXRq1T+eGhS1EVHFWmQ5lF8ZAyoyEHewIDAQAB” ; —– DKIM default for yourdomainname.com

Important : Dont forget to set SPF record that may boost the email delivery.

Send out a test email and verify.

# echo ” This is a test mail ” | mail -s “OpenDKIM test mail” mygmail@gmail.com

If everything goes well you see a messages DKIM-Signature header added in the mail log.

# tail -f /var/log/messages

Sep 20 09:47:33 server opendkim[8535]: 33040108639: DKIM-Signature header added (s=default, d=yourdomainname.com)
Sep 20 09:47:33 server postfix/qmgr[2390]: 33040108639: from=<user@yourdomainname.com>, size=3016, nrcpt=1 (queue active)
Sep 20 09:47:33 server sendmail[8671]: q8KDlXa9008671: to=serverhelp247@gmail.com, ctladdr=user@yourdomainname.com (503/503), delay=00:00:00, xdelay=00:00:00, mailer=relay, pri=32554, relay=[127.0.0.1] [127.0.0.1], dsn=2.0.0, stat=Sent (Ok: queued as 33040108639)
Sep 20 09:47:33 server postfix/smtpd[8636]: disconnect from GF-P-server.navisite.com[127.0.0.1]
Sep 20 09:47:34 server postfix/smtp[8642]: 33040108639: to=<serverhelp247@gmail.com>, relay=mailin-04.mx.aol.com[205.188.146.194]:25, delay=1.3, delays=0.1/0/0.24/0.95, dsn=2.0.0, status=sent (250 2.0.0 Ok: queued as 05217380000B9)
Sep 20 09:47:34 server postfix/qmgr[2390]: 33040108639: remove

Check the email header for confirmation : you should see dkim= pass

If you require help, contact SupportPRO Server Admin

Server not running properly? Get A FREE Server Checkup By Expert Server Admins - $125 Value

How to Resolve AWS SSM Agent Not Showing...

How to Enable HTTP/3 and QUIC for Faster...

Practical migration roadmap from VMware to AWS 

5 Common Cloud Management Challenges and How to...

How to Troubleshoot “{name} is Not an IMAP4...

AWS Cost Optimization: Proven Strategies to Lower Your...

Application Server and Web Server: The Difference

SmarterMail Troubleshooting: Fixing Delayed, Failed, and Undelivered Emails.

Step-by-step Guide to upgrade Disk Space in Xen...

Resolving the “Import Process Timed Out” Error in...

Leave a Comment

CONTACT US

Sales and Support

Phone: 1-(847) 607-6123
Fax: 1-(847)-620-0626
Sales: sales@supportpro.com
Support: clients@supportpro.com
Skype ID: sales_supportpro

Postal Address

1020 Milwaukee Ave, #245,
Deerfield, IL-60015
USA

©2022  SupportPRO.com. All Rights Reserved

X-twitter Facebook Linkedin Rss