DomainKeys Identified Mail (DKIM)

From MattWiki
(Redirected from DKIM)

DomainKeys Identified Mail (DKIM) lets an organization take responsibility for a message while it is in transit. The organization is a handler of the message, either as its originator or as an intermediary. Their reputation is the basis for evaluating whether to trust the message for delivery. Technically DKIM provides a method for validating a domain name identity that is associated with a message through cryptographic authentication.

Installing DKIM-Milter with Postfix[edit | edit source]

Building Sendmail's libmailter From Source[edit | edit source]

First we need to download Sendmail so we can build against it's libraries.

cd /var/src
tar -xzf sendmail.8.14.3.tar.gz
cd sendmail-8.14.3/libmilter/

Now lets compile the libmailter

echo $?

And install it

make install
echo $?

Building DKIM-Milter From Source[edit | edit source]

ln -s /usr/share/man /usr/man
cd /var/src
tar -xzf dkim-milter-2.8.3.tar.gz
cd dkim-milter-2.8.3

We can now compile

echo $?

Installing DKIM-Milter[edit | edit source]

make install
echo $?
cd dkim-filter/
cp -f /usr/local/bin/

If this is the first time you are installing DKIM-Milter run the following:

mkdir /etc/postfix/dkim-milter
chown postfix:postfix /etc/postfix/dkim-milter

You also need to install an init script, mine is explained below.

mv /etc/init.d/dkim-milter
chmod 755 /etc/init.d/dkim-milter
chkconfig dkim-milter on
service dkim-milter start

Building the DKIM Keys[edit | edit source]

To build a key, one for each domain. From the source directory from above, go into the dkim-filter folder:

cd dkim-filter/

And Run to create the key as below. -d
mv default.private /etc/dkim-milter/example1.com_default.key.pem
mv default.txt /etc/dkim-milter/

Now add the domain and the key file to the /etc/init.d/dkim-milter. To have multiple domains setup your init file as below:


DNS Zone Setup[edit | edit source]

Configuring Postfix for use with DKIM-Milter[edit | edit source]

In your /etc/postfix/ file, add the following (BOLD) entry's.

# ==========================================================================
# service type  private unpriv  chroot  wakeup  maxproc command + args
#               (yes)   (yes)   (yes)   (never) (50)
# ==========================================================================
smtp      inet  n       -       -       -       -       smtpd                
         -o content_filter=spamassassin
         -o smtpd_milters=unix:/var/run/dkim-milter/dkim.sock

DKIM & DomainKey Testers[edit | edit source]