Configuring a mail server it is important not to hit the junk folder. Configuring dkim will  give you an extra point an will be validated. Every mail will be signed with a certificate to prove the authenticity of the mail server. I prefer working with Centos since it is a rock  solid distro.  Notes: I presume that you have already a postfix installed that works ok. This tutorial is for centos 6, for other centos version it will be a different way.

Install some libraries needed:
yum install sendmail-devel openssl-devel
Go to the following directory and download opendkim
cd /usr/local/src
wget http://sourceforge.net/projects/opendkim/files/opendkim-2.4.2.tar.gz

Extract and configure the package:
tar zxvf opendkim-2.4.2.tar.gz
cd opendkim-2.4.2
./configure --sysconfdir=/etc --prefix=/usr/local --localstatedir=/var
make
make install

Create a new user called opendkim
useradd -r -U -s /sbin/nologin opendkim
Need to create working directories
mkdir -p /etc/opendkim/keys
chown -R opendkim:opendkim /etc/opendkim
chmod -R go-wrx /etc/opendkim/keys

Copy the startup script to /etc/init.d/ directory :
cp /usr/local/src/opendkim-2.4.2/contrib/init/redhat/opendkim /etc/init.d/
Sett the correct file permission to the file

chmod 755 /etc/init.d/opendkim

Next need to generate the key to sign the outgoing email:

mkdir /etc/opendkim/keys/example.com
/usr/local/bin/opendkim-genkey -D /etc/opendkim/keys/example.com/ -d example.com -s default
chown -R opendkim:opendkim /etc/opendkim/keys/example.com
mv /etc/opendkim/keys/example.com/default.private /etc/opendkim/keys/example.com/default

After this step need to create / edit the following files:

nano /etc/opendkim.conf

##
## opendkim.conf -- configuration file for OpenDKIM filter
##
AutoRestart Yes
AutoRestartRate 10/1h
Canonicalization relaxed/simple
ExternalIgnoreList refile:/etc/opendkim/TrustedHosts
InternalHosts refile:/etc/opendkim/TrustedHosts
KeyTable refile:/etc/opendkim/KeyTable
LogWhy Yes
Mode sv
PidFile /var/run/opendkim/opendkim.pid
SignatureAlgorithm rsa-sha256
SigningTable refile:/etc/opendkim/SigningTable
Socket inet:8891@localhost
Syslog Yes
SyslogSuccess Yes
TemporaryDirectory /var/tmp
UMask 022
UserID opendkim:opendkim

The second file

nano /etc/opendkim/KeyTable
default._domainkey.example.com example.com:default:/etc/opendkim/keys/example.com/default

the third file

nano /etc/opendkim/SigningTable
*@example.com default._domainkey.example.com

fourth
nano /etc/opendkim/TrustedHosts
127.0.0.1
hostname1.example1.com
example1.com
hostname1.example2.com
example2.com

After setup correctly the files need to edit the posfix configuration in order to sign the outgoing emails:

nano /etc/postfix/main.cf
smtpd_milters = inet:127.0.0.1:8891
non_smtpd_milters = $smtpd_milters
milter_default_action = accept
milter_protocol = 2

After setup type the following command to rehash your shell

hash -r
Stop sendmail on start up in order to not execute on the start up

chkconfig --del sendmail

Start opendkim service

service opendkim start

You should see a message:

Starting OpenDKIM Milter: [ OK ]

Restart postfix:

/etc/init.d/postfix restart

If everything it is ok run the following command to make it available on server startup

chkconfig --level 2345 opendkim on

In order to see if is it working or not run the following command to see more details:

tail -f /var/log/maillog

At this file you will see the details of the failure or the success of this configuration and then you can troubleshoot. If everything is ok you need to add the key generated to the dns record:

cat /etc/opendkim/keys/example.com/default.txt

The file output should be like this:

default._domainkey IN TXT "v=DKIM1; g=*; k=rsa; p=7k45u5i2T1AlEBeurUbdKh7Nypq4lLMXC2FHhezK33BuYR+
3L7jxVj7FATylhwIDAQABMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDHY7Zl+n3SUldTYRUEU1BErHkKN0Ya52gazp1
R7FA7vN5RddPxW/sO9JVRLiWg6iAE4hxBp42YKfxOwEnxPADbBuiELKZ2ddxo2aDFAb9U/lp4" ;
----- DKIM default for example.com

Allow some hours the dns to divulge the changes globally. If you run again the command
tail -f /var/log/maillog
you should see something like this:

opendkim[4397]: OpenDKIM Filter: mi_stop=1
opendkim[4397]: OpenDKIM Filter v2.4.2 terminating with status 0, errno = 0
opendkim[27444]: OpenDKIM Filter v2.4.2 starting (args: -x /etc/opendkim.conf)

Also
opendkim[22254]: 53D0314803B: DKIM-Signature header added
If you need to test how you configured send a test email at www.mail-tester.com, you will see the dkim result. Please be carefull with the spaces on the dns record, can be a little problematic.

A faster solution if you need to skip all of this is setting up the server via Vesta

Can be a faster solution.

Enjoy and happy mailing

Leave a Reply

Your email address will not be published. Required fields are marked *