DKIM (DomainKeys Identified Mail) is a method for email authentication that allows an organization to take responsibility for a message in a way that can be validated by a recipient. Read more about it at the wikipedia entry
ingredients used: FreeBSD 7.x, Postfix 2.6.2, dkim-milter 2.8.3, Bind 9.6.1
prerequisites: a working Postfix and Bind installation
instructions for windows here
- install dkim
$ cd /usr/ports/mail/dkim-milter
$ make install clean
$ echo "milterdkim_enable='YES'" >> /etc/rc.conf
$ echo "milterdkim_uid='postfix'" >> /etc/rc.conf # use the same uid as the postfix service
- setup keys
$ mkdir -p /var/db/dkim/domains/example.comrepeat these steps for additional domains
$ cd /var/db/dkim
$ dkim-genkey # this creates a key and domain record file
$ mv default.private domains/example.com/my_awesome_selector
$ cat default.txt >> /etc/named/your_example.com_zone_file
$ echo "*@example.com:example.com:/var/db/dkim/domains/example.com/my_awesome_selector" >> keylist
see the man page dkim-filter.conf(5) for more info on the keylist content format - edit /usr/local/etc/mail/dkim-filter.conf
I used mostly default settings with the following exceptionsDNSTimeout 5 # this should be lower than postfix's timeout
Domain example.com # this may not be necessary given the use of a keylist file
KeyList /var/db/dkim/keylist
On-Default accept # shit happens, don't freak out on DNS lookups, etc...
Socket local:/var/run/milterdkim/sock
Syslog yes # the default syslog facility is 'mail' - configure postfix
add the following lines to main.cfmilter_default_action = accept
milter_protocol = 3
smtpd_milters = unix:/var/milter-greylist/milter-greylist.sock unix:/var/run/milterdkim/sock
non_smtpd_milters = unix:/var/run/milterdkim/sock
- re/start services
/etc/rc.d/named reload
/usr/local/etc/rc.d/milter-dkim start
/usr/local/etc/rc.d/postfix reload
0 comments:
Post a Comment