opendkim

What is OpenDKIM?
It is a digital email signing/verification technology, which is already supported by some common mail providers. In general, DKIM means digitally signing all messages on the mail-server to verify the message was actually sent from the domain in question and was not spam

UPDATE THE SYSTEM

Before going any further, make sure you’re in a screen session and your system is fully up-to-date by running:

ENABLE EPEL REPOSITORY

OpenDKIM is available in the EPEL repository, so we need to enable it on the system before we can install OpenDKIM

INSTALL OPENDKIM

Install the package using yum:

CONFIGURE OPENDKIM

Next thing to do is to configure OpenDKIM. Its main configuration file is located in /etc/opendkim.conf, so before making any changes create a backup and add/edit the following:

SET-UP PUBLIC/PRIVATE KEYS

Generate set of keys for your mydomain.com domain name:

add mydomain.com to OpenDKIM’s key table by adding the following record in /etc/opendkim/KeyTable

next, edit /etc/opendkim/SigningTable and add the following record to OpenDKIM’s signing table:

and add your domain and your hostname as trusted hosts in /etc/opendkim/TrustedHosts:

assuming the domain in question is ‘mydomain.com’ and server’s hostname is set to ‘host.mydomain.com’

finally, edit your mydomain.com DNS zone and add the TXT record from /etc/opendkim/keys/mydomain.com/default.txt

it is also a good idea to add an SPF record if you haven’t already

you can verify your dkim TXT record is valid using dig for example:

CONFIGURE POSTFIX

In order to integrate OpenDKIM with Postfix we need to add the following few lines in /etc/postfix/main.cf:

(RE)START SERVICES

Add OpenDKIM to your system’s start-up and start opendkim and restart postfix using the following commands:

TEST THE SET-UP

To test the set-up simply send an email to check-auth@verifier.port25.com and you should receive back an email containing something like this:


Implementing OpenDKIM to the mailserver set-up with virtual users and domains using Postfix and Dovecotadds another nice feature which makes your emails digitally signed.

But still, there are other features missing like using dovecot sieve rules to filter emails on server-side, scanning emails for viruses etc.. In the next few related articles, we will be adding additional features to the set-up so stay tuned.

Update: Part 6 – How to set-up server-side email filtering with Dovecot Sieve and Roundcube on a CentOS 6 VPS

10. März 2016 2936 webadmin  Mailserver, OS X Server  
Total 0 Votes:
0

Tell us how can we improve this post?

+ = Verify Human or Spambot ?

Add A Knowledge Base Question !

+ = Verify Human or Spambot ?

Add A Knowledge Base Question !

+ = Verify Human or Spambot ?