DomainKeys Identified Mail (DKIM)

From MattWiki
Jump to: navigation, search

DomainKeys Identified Mail (DKIM) lets an organization take responsibility for a message while it is in transit. The organization is a handler of the message, either as its originator or as an intermediary. Their reputation is the basis for evaluating whether to trust the message for delivery. Technically DKIM provides a method for validating a domain name identity that is associated with a message through cryptographic authentication.

  • RFC 4871

Installing DKIM-Milter with Postfix

Building Sendmail's libmailter From Source

First we need to download Sendmail so we can build against it's libraries.

cd /var/src
wget ftp://ftp.sendmail.org/pub/sendmail/sendmail.8.14.3.tar.gz
tar -xzf sendmail.8.14.3.tar.gz
cd sendmail-8.14.3/libmilter/

Now lets compile the libmailter

make
echo $?

And install it

make install
echo $?

Building DKIM-Milter From Source

ln -s /usr/share/man /usr/man
cd /var/src
wget http://downloads.sourceforge.net/project/dkim-milter/DKIM%20Milter/2.8.3/dkim-milter-2.8.3.tar.gz
tar -xzf dkim-milter-2.8.3.tar.gz
cd dkim-milter-2.8.3

We can now compile

make
echo $?

Installing DKIM-Milter

make install
echo $?
cd dkim-filter/
cp -f dkim-genkey.sh /usr/local/bin/dkim-genkey.sh

If this is the first time you are installing DKIM-Milter run the following:

mkdir /etc/postfix/dkim-milter
chown postfix:postfix /etc/postfix/dkim-milter

You also need to install an init script, mine is explained below.

wget http://wiki.mattrude.com/images/4/43/Dkim-milter.sh
mv Dkim-milter.sh /etc/init.d/dkim-milter
chmod 755 /etc/init.d/dkim-milter
chkconfig dkim-milter on
service dkim-milter start

Building the DKIM Keys

To build a key, one for each domain. From the source directory from above, go into the dkim-filter folder:

cd dkim-filter/

And Run dkim-genkey.sh to create the key as below.

dkim-genkey.sh -d example1.com
mv default.private /etc/dkim-milter/example1.com_default.key.pem
mv default.txt /etc/dkim-milter/example1.com.txt

Now add the domain and the key file to the /etc/init.d/dkim-milter. To have multiple domains setup your init file as below:

SIGNING_DOMAIN="example1.com,example2.com,example3.com"
KEYFILE="/etc/dkim-milter/example1.com_default.key.pem"
KEYFILE="/etc/dkim-milter/example2.com_default.key.pem"
KEYFILE="/etc/dkim-milter/example3.com_default.key.pem"

DNS Zone Setup

Configuring Postfix for use with DKIM-Milter

In your /etc/postfix/master.cf file, add the following (BOLD) entry's.

# ==========================================================================
# service type  private unpriv  chroot  wakeup  maxproc command + args
#               (yes)   (yes)   (yes)   (never) (50)
# ==========================================================================
smtp      inet  n       -       -       -       -       smtpd                
         -o content_filter=spamassassin
         -o smtpd_milters=unix:/var/run/dkim-milter/dkim.sock

DKIM & DomainKey Testers