DomainKeys Identified Mail (DKIM)
From Wiki.mattrude.com
DomainKeys Identified Mail (DKIM) lets an organization take responsibility for a message while it is in transit. The organization is a handler of the message, either as its originator or as an intermediary. Their reputation is the basis for evaluating whether to trust the message for delivery. Technically DKIM provides a method for validating a domain name identity that is associated with a message through cryptographic authentication.
Contents |
Installing DKIM-Milter with Postfix
Note: This Page was written with Fedora 10 in mind, and may not have been tested on any other versions.
Building Sendmail's libmailter From Source
First we need to download Sendmail so we can build against it's libraries.
cd /var/src wget ftp://ftp.sendmail.org/pub/sendmail/sendmail.8.14.3.tar.gz tar -xzf sendmail.8.14.3.tar.gz cd sendmail-8.14.3/libmilter/
Now lets compile the libmailter
make echo $?
And install it
make install echo $?
Building DKIM-Milter From Source
ln -s /usr/share/man /usr/man cd /var/src wget http://superb-east.dl.sourceforge.net/sourceforge/dkim-milter/dkim-milter-2.8.1.tar.gz tar -xzf dkim-milter-2.8.1.tar.gz cd dkim-milter-2.8.1
We can now compile
make echo $?
Installing DKIM-Milter
make install echo $?
cd dkim-filter/ cp -f dkim-genkey.sh /usr/local/bin/dkim-genkey.sh
If this is the first time you are installing DKIM-Milter run the following:
mkdir /etc/postfix/dkim-milter chown postfix:postfix /etc/postfix/dkim-milter
You also need to install an init script, mine is explained below.
wget http://wiki.mattrude.com/images/4/43/Dkim-milter.sh mv Dkim-milter.sh /etc/init.d/dkim-milter chmod 755 /etc/init.d/dkim-milter chkconfig dkim-milter on service dkim-milter start
Building the DKIM Keys
To build a key, one for each domain. From the source directory from above, go into the dkim-filter folder:
cd dkim-filter/
And Run dkim-genkey.sh to create the key as below.
dkim-genkey.sh -d example1.com mv default.private /etc/dkim-milter/example1.com_default.key.pem mv default.txt /etc/dkim-milter/example1.com.txt
Now add the domain and the key file to the /etc/init.d/dkim-milter. To have multiple domains setup your init file as below:
SIGNING_DOMAIN="example1.com,example2.com,example3.com" KEYFILE="/etc/dkim-milter/example1.com_default.key.pem" KEYFILE="/etc/dkim-milter/example2.com_default.key.pem" KEYFILE="/etc/dkim-milter/example3.com_default.key.pem"
DNS Zone Setup
Configuring Postfix for use with DKIM-Milter
In your /etc/postfix/master.cf file, add the following (BOLD) entry's.
# ==========================================================================
# service type private unpriv chroot wakeup maxproc command + args
# (yes) (yes) (yes) (never) (50)
# ==========================================================================
smtp inet n - - - - smtpd
-o content_filter=spamassassin
-o smtpd_milters=unix:/var/run/dkim-milter/dkim.sock
DKIM & DomainKey Testers
- sa-test@sendmail.net - Tests DKIM, DomainKey, SenderID, & SPF
- check-dk@verifier.port25.com - Tests DKIM and DomainKey
- dkim-test@testing.dkim.org - Tests DKIM only
- dk@crynwr.com - Tests DomainKey only
- dktest@eserv.ru
- pbmserv@gamerz.net
