Installing and configuring DKIM on CentOS

Install opendkim

[[email protected]]# yum -y install opendkim
[[email protected]localhost]# mkdir -p /etc/opendkim/keys
[[email protected]]# chown -R opendkim:opendkim /etc/opendkim
[[email protected]]# chmod -R go-wrx /etc/opendkim/keys

We bring the opendkim configuration file to the form:

[[email protected]]# cat /etc/opendkim.conf
AutoRestart Yes
AutoRestartRate 10/1h
PidFile /var/run/opendkim/opendkim.pid
Mode sv
Syslog yes
SyslogSuccess yes
#LogWhy yes
UserID opendkim:opendkim
Socket inet:[email protected]
Umask 022
Canonicalization relaxed/relaxed
Selector default
Background yes
MinimumKeyBits 1024
KeyFile /etc/opendkim/keys/example.ru/default
KeyTable /etc/opendkim/KeyTable
SigningTable refile:/etc/opendkim/SigningTable
ExternalIgnoreList refile:/etc/opendkim/TrustedHosts
InternalHosts refile:/etc/opendkim/TrustedHosts

Overloading postfix and opendkim

[[email protected]]# hash -r
[[email protected]]# service opendkim restart
[[email protected]]# service postfix restart

Set up a mail domain, for example example.ru:

Create a directory, generate a key using the utility opendkim-genkey

[[email protected]]# mkdir /etc/opendkim/keys/example.ru
[[email protected]]# opendkim-genkey -D /etc/opendkim/keys/example.ru/ -d example.ru -s default

Change the owner to the generated key and rename it

[[email protected]]# chown -R opendkim:opendkim /etc/opendkim/keys/example.ru
[[email protected]]# mv /etc/opendkim/keys/example.ru/default.private /etc/opendkim/keys/example.ru/default

Add a rule for our domain to a file with a list of keys available for signing (/ etc / opendkim / KeyTable)

[[email protected]]# echo -e "default._domainkey.example.ru example.ru:default:/etc/opendkim/keys/example.ru/default" >> /etc/opendkim/KeyTable

Add a rule for our domain to a file with a list of domains and accounts available for signing (/ etc / opendkim / SingleTable)

[[email protected]]# echo -e "*@example.ru default._domainkey.example.ru" >> /etc/opendkim/SigningTable

Add our domains to a file with a list of trusted domains when signing or checking (/ etc / opendkim / TrustedHosts)

[[email protected]]# echo -e "example.rumx.example.ru" >> /etc/opendkim/TrustedHosts

Overloading postfix and opendkim

[[email protected]]# hash -r
[[email protected]]# service opendkim restart
[[email protected]]# service postfix restart

When generating a certificate, the utility opendkim-genkey created a file with data that needs to be registered in our DNS

[[email protected]]# cat /etc/opendkim/keys/example.ru/default.txt
default._domainkey IN TXT v=DKIM1; k=rsa; p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQC3kbEHhBnq478wOR6AtcG8VND9ObsxdnBvKc4tRaEGaTdDz9xuK/YXxQUJ4TuOSetnUo4lbnyod8sGddUYJYDB84PZAQVQsRYW5hlaOOrjisEE+ph85gXvZnLQ+l6KLrTWHh4GlWx4UexclK9eQ+wXc/9kl9Yow6+9/gmDe/eRnQIDAQAB;
Sidebar