Setting up OpenDKIM (Ubuntu 12.4)
Install packages
First install the required packages
sudo apt-get install opendkim opendkim-tools
Generate domain keys
Generate keys for each domain to be signed:
cd ~
mkdir opendkim
cd opendkim
Run this for each domain that needs a key:
opendkim-genkey -s domain.tld -d domain.tld
That generates domain.tld.private and domain.tld.txt
After creating keys for all domains, move the private keys to a private dir:
sudo mkdir -p /etc/opendkim/keys
sudo mv ~/opendkim/*.private /etc/opendkim/keys
sudo chown opendkim:opendkim /etc/opendkim/keys/*
Establish correspondence between domains and keys
Create /etc/opendkim/KeyTable and add an entry per domain. Example:
default._domainkey.domain1.ltd domain1.ltd:default:/etc/opendkim/keys/domain1.ltd.private
default._domainkey.domain2.ltd domain2.ltd:default:/etc/opendkim/keys/domain2.ltd.private
Do more or less the same but in /etc/opendkim/SigningTable:
domain1.tld default._domainkey.domain1.tld
domain2.tld default._domainkey.domain2.tld
Setup OpenDKIM
Edit /etc/opendkim.conf, and add
KeyTable /etc/opendkim/KeyTable
SigningTable /etc/opendkim/SigningTable
Edit /etc/default/opendkim, uncomment the following line:
SOCKET="inet:12345@localhost" # listen on loopback on port 12345
Check it works and there aren't syntax errors, etc:
sudo service opendkim start
In your DNS manager, and for each domain, add a TXT record with the contents between quotes of the .txt key file. The name of the TXT record should be something like domain.tld._domainkey, and the values are what is between quotes in the .txt key file
For example, if the contents of domain1.tld.txt are the following:
domain1.tld._domainkey IN TXT "v=DKIM1; k=rsa; p=kah239h034ivbnd9f7y23indog...sdf9yw90fuyisdf" ; --- DKIM key domain1.tld for domain1.tld
the value of its TXT record should be
v=DKIM1; k=rsa; p=kah239h034ivbnd9f7y23indog...sdf9yw90fuyisdf
Setup Postfix
In /etc/postfix/main.cf add:
milter_default_action = accept
milter_protocol = 2
smtpd_milters = inet:localhost:12345
non_smtpd_milters = inet:localhost:12345
And to start using DKIM with Postfix
sudo service postfix reload
Happy signing!