a collection of problems and solutions for random combinations of technology

Sep 24, 2009

setting up DKIM

DKIM (DomainKeys Identified Mail) is a method for email authentication that allows an organization to take responsibility for a message in a way that can be validated by a recipient. Read more about it at the wikipedia entry

ingredients used: FreeBSD 7.x, Postfix 2.6.2, dkim-milter 2.8.3, Bind 9.6.1
prerequisites: a working Postfix and Bind installation
instructions for windows here

  1. install dkim $ cd /usr/ports/mail/dkim-milter
    $ make install clean
    $ echo "milterdkim_enable='YES'" >> /etc/rc.conf
    $ echo "milterdkim_uid='postfix'" >> /etc/rc.conf # use the same uid as the postfix service

  2. setup keys $ mkdir -p /var/db/dkim/domains/example.com
    $ cd /var/db/dkim
    $ dkim-genkey # this creates a key and domain record file
    $ mv default.private domains/example.com/my_awesome_selector
    $ cat default.txt >> /etc/named/your_example.com_zone_file
    $ echo "*@example.com:example.com:/var/db/dkim/domains/example.com/my_awesome_selector" >> keylist
    repeat these steps for additional domains
    see the man page dkim-filter.conf(5) for more info on the keylist content format

  3. edit /usr/local/etc/mail/dkim-filter.conf
    I used mostly default settings with the following exceptions DNSTimeout 5 # this should be lower than postfix's timeout
    Domain example.com # this may not be necessary given the use of a keylist file
    KeyList /var/db/dkim/keylist
    On-Default accept # shit happens, don't freak out on DNS lookups, etc...
    Socket local:/var/run/milterdkim/sock
    Syslog yes # the default syslog facility is 'mail'

  4. configure postfix
    add the following lines to main.cf milter_default_action = accept
    milter_protocol = 3
    smtpd_milters = unix:/var/milter-greylist/milter-greylist.sock unix:/var/run/milterdkim/sock
    non_smtpd_milters = unix:/var/run/milterdkim/sock

  5. re/start services /etc/rc.d/named reload
    /usr/local/etc/rc.d/milter-dkim start
    /usr/local/etc/rc.d/postfix reload
make sure it works! you can send a test mail to check-auth@verifier.port25.com and you will receive a report including DKIM info.

No comments:

Post a Comment