DomainKeys Identified Mail (DKIM)
DomainKeys Identified Mail (DKIM) lets an organization take responsibility for a message while it is in transit. The organization is a handler of the message, either as its originator or as an intermediary. Their reputation is the basis for evaluating whether to trust the message for delivery. Technically DKIM provides a method for validating a domain name identity that is associated with a message through cryptographic authentication.
- RFC 4871
Installing DKIM-Milter with Postfix[edit | edit source]
Building Sendmail's libmailter From Source[edit | edit source]
First we need to download Sendmail so we can build against it's libraries.
cd /var/src wget ftp://ftp.sendmail.org/pub/sendmail/sendmail.8.14.3.tar.gz tar -xzf sendmail.8.14.3.tar.gz cd sendmail-8.14.3/libmilter/
Now lets compile the libmailter
make echo $?
And install it
make install echo $?
Building DKIM-Milter From Source[edit | edit source]
ln -s /usr/share/man /usr/man cd /var/src wget http://downloads.sourceforge.net/project/dkim-milter/DKIM%20Milter/2.8.3/dkim-milter-2.8.3.tar.gz tar -xzf dkim-milter-2.8.3.tar.gz cd dkim-milter-2.8.3
We can now compile
make echo $?
Installing DKIM-Milter[edit | edit source]
make install echo $?
cd dkim-filter/ cp -f dkim-genkey.sh /usr/local/bin/dkim-genkey.sh
If this is the first time you are installing DKIM-Milter run the following:
mkdir /etc/postfix/dkim-milter chown postfix:postfix /etc/postfix/dkim-milter
You also need to install an init script, mine is explained below.
wget http://wiki.mattrude.com/images/4/43/Dkim-milter.sh mv Dkim-milter.sh /etc/init.d/dkim-milter chmod 755 /etc/init.d/dkim-milter chkconfig dkim-milter on service dkim-milter start
Building the DKIM Keys[edit | edit source]
To build a key, one for each domain. From the source directory from above, go into the dkim-filter folder:
cd dkim-filter/
And Run dkim-genkey.sh to create the key as below.
dkim-genkey.sh -d example1.com mv default.private /etc/dkim-milter/example1.com_default.key.pem mv default.txt /etc/dkim-milter/example1.com.txt
Now add the domain and the key file to the /etc/init.d/dkim-milter. To have multiple domains setup your init file as below:
SIGNING_DOMAIN="example1.com,example2.com,example3.com" KEYFILE="/etc/dkim-milter/example1.com_default.key.pem" KEYFILE="/etc/dkim-milter/example2.com_default.key.pem" KEYFILE="/etc/dkim-milter/example3.com_default.key.pem"
DNS Zone Setup[edit | edit source]
Configuring Postfix for use with DKIM-Milter[edit | edit source]
In your /etc/postfix/master.cf file, add the following (BOLD) entry's.
# ==========================================================================
# service type private unpriv chroot wakeup maxproc command + args
# (yes) (yes) (yes) (never) (50)
# ==========================================================================
smtp inet n - - - - smtpd
-o content_filter=spamassassin
-o smtpd_milters=unix:/var/run/dkim-milter/dkim.sock
DKIM & DomainKey Testers[edit | edit source]
- [email protected] - Tests DKIM, DomainKey, SenderID, & SPF
- [email protected] - Tests DKIM and DomainKey
- [email protected] - Tests DKIM only
- [email protected] - Tests DomainKey only
- [email protected]
- [email protected]