Configure OpenDKIM with Postfix

May 21, 2021   Linux Tips & Tutorials

OpenDKIM is method to digitally sign & verify emails on the mail servers using public & private keys. It implements the DKIM (DomainKeys Identified Mail) standard for signing and verifying email messages on a per-domain basis. DomainKeys are implemented to reduce the chances of outgoing mails to be marked as SPAM.

In this tutorial we will demonstrate how to install & configure DomainKeys with postfix (MTA) on CentOS7.

Step1: Install OpenDKIM Package using yum

$ sudo yum install -y opendkim

Step2: Run below Command to create keys

Execute the below command to create public & private keys under folder “/etc/opendkim/keys

$ opendkim-default-keygen

After giving the above command, go to > /etc/opendkim/keys, here you will see two keys i.e. default.private & default.txt.

default.private is the private key for the domain.

default.txt is public key that we will publish in DNS record (TXT) in the domain.

Step3: Edit the Below Files :

  • /etc/opendkim.conf —- Config file of opendkim.
  • /etc/opendkim/KeyTable —- As name suggest it defines the path of private key for the domain.
  • /etc/opendkim/SigningTable — This file tells OpenDKIM how to apply the keys.
  • /etc/opendkim/TrustedHosts — This file defines which hosts are allowed to use keys.

Edit the file “/etc/opendkim.conf” & set the below parameters.

$ sudo vim /etc/opendkim.conf 

Mode    v
Socket  inet:8891@localhost
Domain  example.com
KeyFile /etc/opendkim/keys/default.private
KeyTable       /etc/opendkim/KeyTable
SigningTable    refile:/etc/opendkim/SigningTable
ExternalIgnoreList      refile:/etc/opendkim/TrustedHosts
InternalHosts   refile:/etc/opendkim/TrustedHosts

Edit the KeyTable file and replace the example.com with your domain name.

$ sudo vim /etc/opendkim/KeyTable

default._domainkey.example.com example.com:default:/etc/opendkim/keys/default.private

Now, Edit the SigningTable file and define who will sign the outgoing mails.

$ sudo vim /etc/opendkim/SigningTable 

*@example.com default._domainkey.example.com

NOTE: * in above parameter means all the users on domain are allowed to sign the emails.

Next, Edit the TrustedHosts file , add Server’s FQDN and domain name below localhost ip (127.0.0.1)

$ sudo vim /etc/opendkim/TrustedHosts 

127.0.0.1
::1
mail.example.com
example.com

Step4: Edit Postfix Config File (/etc/postfix/main.cf)

Add the following lines at end of /etc/postfix/main.cf file.

$ vim /etc/postfix/main.cf

smtpd_milters = inet:127.0.0.1:8891
non_smtpd_milters = $smtpd_milters
milter_default_action = accept

Step5: Start OpenDKIM & restart postfix Service

$ systemctl start opendkim 
$ systemctl restart postfix

Leave a Reply

Your email address will not be published. Required fields are marked *