setting up DKIM

DKIM (DomainKeys Identified Mail) is a method for email authentication that allows an organization to take responsibility for a message in a way that can be validated by a recipient. Read more about it at the wikipedia entry

ingredients used: FreeBSD 7.x, Postfix 2.6.2, dkim-milter 2.8.3, Bind 9.6.1
prerequisites: a working Postfix and Bind installation
instructions for windows here

1. install dkim $ cd /usr/ports/mail/dkim-milter
$ make install clean
$ echo "milterdkim_enable='YES'" >> /etc/rc.conf
$ echo "milterdkim_uid='postfix'" >> /etc/rc.conf # use the same uid as the postfix service



2. setup keys $ mkdir -p /var/db/dkim/domains/example.com
$ cd /var/db/dkim
$ dkim-genkey # this creates a key and domain record file
$ mv default.private domains/example.com/my_awesome_selector
$ cat default.txt >> /etc/named/your_example.com_zone_file
$ echo "*@example.com:example.com:/var/db/dkim/domains/example.com/my_awesome_selector" >> keylist repeat these steps for additional domains
   see the man page dkim-filter.conf(5) for more info on the keylist content format


3. edit /usr/local/etc/mail/dkim-filter.conf
   I used mostly default settings with the following exceptions DNSTimeout 5 # this should be lower than postfix's timeout
Domain example.com # this may not be necessary given the use of a keylist file
KeyList /var/db/dkim/keylist
On-Default accept # shit happens, don't freak out on DNS lookups, etc...
Socket local:/var/run/milterdkim/sock
Syslog yes # the default syslog facility is 'mail'


4. configure postfix
   add the following lines to main.cf milter_default_action = accept
milter_protocol = 3
smtpd_milters = unix:/var/milter-greylist/milter-greylist.sock unix:/var/run/milterdkim/sock
non_smtpd_milters = unix:/var/run/milterdkim/sock



5. re/start services /etc/rc.d/named reload
/usr/local/etc/rc.d/milter-dkim start
/usr/local/etc/rc.d/postfix reload

make sure it works! you can send a test mail to check-auth@verifier.port25.com and you will receive a report including DKIM info.