![Martin Plicka [EN]](/static/images/misc/logo.svg "Martin Plicka [EN]"){kind=logo}
This is a log of my setup for OpenDKIM on Debian Wheezy. Some steps (like setting the proper access rights) might be omitted.
1. Install OpenDKIM
aptitude install opendkim opendkim-tools
On some distros, content of openkim-tools is included in the first package.
2. Generate domain key
cd /etc/postfix
opendkim-genkey -s mail -d mplicka.cz
mv mail.private opendkim_mail.private
mv mail.txt opendkim_mail.txt
Publish the TXT record. Use the information in /etc/postfix/opendkim_mail.txt
For selector “mail”, the DNS record path will be:
mail._domainkey.mplicka.cz.
Complete DNS record (in the mail.txt file) will look like:
mail._domainkey IN TXT "v=DKIM1; k=rsa; p=There_will_be_your_public_key_base64_encoded"
3. Set up the opendkim daemon.
I used a unix socket for communication. On Debian, Postfix is chrooted, so create the socket inside the chroot.
Create the directory for the socket and allow postfix to access it:
mkdir /var/spool/postfix/opendkim
chown opendkim:opendkim /var/spool/postfix/opendkim
adduser postfix opendkim #add postfix user to opendkim group (to gain access to the socket)
Modify /etc/default/opendkim:
SOCKET="local:/var/spool/postfix/opendkim/opendkim.sock"
Modify /etc/opendkim.conf:
Syslog yes # Log to syslog
UMask 002 # Allow opendkim group members to access the socket
Domain mplicka.cz
KeyFile /etc/postfix/opendkim_mail.private
Selector mail
AutoRestart Yes
AutoRestartRate 10/1h
Canonicalization relaxed/relaxed #canonize headers before signing
Mode s #sign mode only
SubDomains yes #allow to sign emails from sub-domains
Restart the opendkim daemon and check the log
4. Set the postfix
Modify /etc/postfix/main.cf:
milter_default_action = accept
milter_protocol = 2
smtpd_milters = unix:opendkim/opendkim.sock
non_smtpd_milters = unix:opendkim/opendkim.sock
If two last lines already exist (e.g for Amavis), just append the new milter settings to the existing ones
Restart postfix and enjoy.
Comments