Ubuntu articles

Setting up OpenDKIM (Ubuntu 12.4)

Install packages

First install the required packages


sudo apt-get install opendkim opendkim-tools

Generate domain keys

Generate keys for each domain to be signed:


cd ~
mkdir opendkim
cd opendkim

Run this for each domain that needs a key:


opendkim-genkey -s domain.tld -d domain.tld

That generates domain.tld.private and domain.tld.txt

After creating keys for all domains, move the private keys to a private dir:


sudo mkdir -p /etc/opendkim/keys
sudo mv ~/opendkim/*.private /etc/opendkim/keys
sudo chown opendkim:opendkim /etc/opendkim/keys/*

Establish correspondence between domains and keys

Create /etc/opendkim/KeyTable and add an entry per domain. Example:


default._domainkey.domain1.ltd domain1.ltd:default:/etc/opendkim/keys/domain1.ltd.private
default._domainkey.domain2.ltd domain2.ltd:default:/etc/opendkim/keys/domain2.ltd.private

Do more or less the same but in /etc/opendkim/SigningTable:


domain1.tld default._domainkey.domain1.tld
domain2.tld default._domainkey.domain2.tld

Setup OpenDKIM

Edit /etc/opendkim.conf, and add


KeyTable /etc/opendkim/KeyTable
SigningTable /etc/opendkim/SigningTable

Edit /etc/default/opendkim, uncomment the following line:


SOCKET="inet:12345@localhost" # listen on loopback on port 12345

Check it works and there aren't syntax errors, etc:


sudo service opendkim start

In your DNS manager, and for each domain, add a TXT record with the contents between quotes of the .txt key file. The name of the TXT record should be something like domain.tld._domainkey, and the values are what is between quotes in the .txt key file

For example, if the contents of domain1.tld.txt are the following:


domain1.tld._domainkey IN TXT "v=DKIM1; k=rsa; p=kah239h034ivbnd9f7y23indog...sdf9yw90fuyisdf" ; --- DKIM key domain1.tld for domain1.tld

the value of its TXT record should be

v=DKIM1; k=rsa; p=kah239h034ivbnd9f7y23indog...sdf9yw90fuyisdf

Setup Postfix

In /etc/postfix/main.cf add:


milter_default_action = accept
milter_protocol = 2
smtpd_milters = inet:localhost:12345
non_smtpd_milters = inet:localhost:12345

And to start using DKIM with Postfix


sudo service postfix reload

Happy signing!