aptitude install opendkim opendkim-tools
mkdir /etc/opendkim/ opendkim-genkey -D /etc/opendkim/ -d $(hostname -d) -s $(hostname)
mail.example.com
server, then the last command will create the /etc/opendkim/mail.private
and /etc/opendkim/mail.txt
, with private and public keys, respectively. The public key must be added to the appropriate TXT record of your domain.
postfix
itself postfix
added to the same group so that it can sign letters connecting to the OpenDKIM daemon through its socket:
chgrp opendkim /etc/opendkim/* chmod g+r /etc/opendkim/* gpasswd -a postfix opendkim
/etc/opendkim.conf
/etc/opendkim.conf and add our settings:
tee -a /etc/opendkim.conf <<EOF Canonicalization relaxed/relaxed SyslogSuccess yes KeyTable file:/etc/opendkim/keytable SigningTable file:/etc/opendkim/signingtable X-Header yes # : LogWhy yes # : #ExternalIgnoreList file:/etc/opendkim/trusted # , : #InternalHosts file:/etc/opendkim/internal EOF
/etc/opendkim/keytable
in the /etc/opendkim/keytable
in the format " ::///
". If you created the keys with the command above, then you can register the key according to the FQDN of the server in this file as follows:
echo $(hostname -f | sed s/\\./._domainkey./) $(hostname -d):$(hostname):$(ls /etc/opendkim/*.private) | tee -a /etc/opendkim/keytable
mail.example.com
there will be the following line in the file:
mail._domainkey.example.com example.com:mail:/etc/opendkim/mail.private
/etc/opendkim/signingtable
in the format " -
":
echo $(hostname -d) $(hostname -f | sed s/\\./._domainkey./) | tee -a /etc/opendkim/signingtable
mail.example.com
host, the file will be example.com mail._domainkey.example.com
. If you want to sign all outgoing mail at all, you can specify *
instead of a domain.
ExternalIgnoreList
and InternalHosts
directives contain simply a list of hosts and / or IP addresses each on a new line, the signatures of letters for which will either be ignored or added. If your mail is answered by a single server, then you don’t need to do anything with them.
postconf -e milter_default_action=accept postconf -e milter_protocol=2 postconf -e smtpd_milters=unix:/var/run/opendkim/opendkim.sock postconf -e non_smtpd_milters=unix:/var/run/opendkim/opendkim.sock
echo 'SOCKET="local:/var/spool/postfix/var/run/opendkim/opendkim.sock"' | tee -a /etc/default/opendkim mkdir -p /var/spool/postfix/var/run/opendkim chown opendkim:opendkim /var/spool/postfix/var/run/opendkim
dig txt mail._domainkey.example.com
check-auth@verifier.port25.com
.
_adsp._domainkey IN TXT "dkim=all"
Source: https://habr.com/ru/post/151904/