a collection of problems and solutions for random combinations of technology

Sep 24, 2009

setting up DKIM

DKIM (DomainKeys Identified Mail) is a method for email authentication that allows an organization to take responsibility for a message in a way that can be validated by a recipient. Read more about it at the wikipedia entry

ingredients used: FreeBSD 7.x, Postfix 2.6.2, dkim-milter 2.8.3, Bind 9.6.1
prerequisites: a working Postfix and Bind installation
instructions for windows here

  1. install dkim $ cd /usr/ports/mail/dkim-milter
    $ make install clean
    $ echo "milterdkim_enable='YES'" >> /etc/rc.conf
    $ echo "milterdkim_uid='postfix'" >> /etc/rc.conf # use the same uid as the postfix service

  2. setup keys $ mkdir -p /var/db/dkim/domains/example.com
    $ cd /var/db/dkim
    $ dkim-genkey # this creates a key and domain record file
    $ mv default.private domains/example.com/my_awesome_selector
    $ cat default.txt >> /etc/named/your_example.com_zone_file
    $ echo "*@example.com:example.com:/var/db/dkim/domains/example.com/my_awesome_selector" >> keylist
    repeat these steps for additional domains
    see the man page dkim-filter.conf(5) for more info on the keylist content format

  3. edit /usr/local/etc/mail/dkim-filter.conf
    I used mostly default settings with the following exceptions DNSTimeout 5 # this should be lower than postfix's timeout
    Domain example.com # this may not be necessary given the use of a keylist file
    KeyList /var/db/dkim/keylist
    On-Default accept # shit happens, don't freak out on DNS lookups, etc...
    Socket local:/var/run/milterdkim/sock
    Syslog yes # the default syslog facility is 'mail'

  4. configure postfix
    add the following lines to main.cf milter_default_action = accept
    milter_protocol = 3
    smtpd_milters = unix:/var/milter-greylist/milter-greylist.sock unix:/var/run/milterdkim/sock
    non_smtpd_milters = unix:/var/run/milterdkim/sock

  5. re/start services /etc/rc.d/named reload
    /usr/local/etc/rc.d/milter-dkim start
    /usr/local/etc/rc.d/postfix reload
make sure it works! you can send a test mail to check-auth@verifier.port25.com and you will receive a report including DKIM info.

1 comment:

  1. And a playing habit is not only about an individual shedding their paycheck and financial savings, mentioned Fong. When playing is made more accessible, more folks will take part. And with more folks taking part, it follows that more folks will develop playing addictions. College Football Predictions – get free NCAA casino.edu.kg Football picks for every CFB sport, including the National Championship.