Configuring a mail server it is important not to hit the junk folder. Configuring dkim will  give you an extra point an will be validated. Every mail will be signed with a certificate to prove the authenticity of the mail server. I prefer working with Centos since it is a rock  solid distro.  Notes: I presume that you have already a postfix installed that works ok. This tutorial is for centos 6, for other centos version it will be a different way.

Install some libraries needed:
[code] yum install sendmail-devel openssl-devel[/code]
Go to the following directory and download opendkim
[code] cd /usr/local/src
wget http://sourceforge.net/projects/opendkim/files/opendkim-2.4.2.tar.gz [/code]
Extract and configure the package:
[code] tar zxvf opendkim-2.4.2.tar.gz
cd opendkim-2.4.2
./configure –sysconfdir=/etc –prefix=/usr/local –localstatedir=/var
make
make install [/code]
Create a new user called opendkim
[code] useradd -r -U -s /sbin/nologin opendkim [/code]
Need to create working directories
[code] mkdir -p /etc/opendkim/keys
chown -R opendkim:opendkim /etc/opendkim
chmod -R go-wrx /etc/opendkim/keys [/code]
Copy the startup script to /etc/init.d/ directory :
[code] cp /usr/local/src/opendkim-2.4.2/contrib/init/redhat/opendkim /etc/init.d/[/code]
Sett the correct file permission to the file

[code]chmod 755 /etc/init.d/opendkim[/code]

Next need to generate the key to sign the outgoing email:

[code]mkdir /etc/opendkim/keys/example.com
/usr/local/bin/opendkim-genkey -D /etc/opendkim/keys/example.com/ -d example.com -s default
chown -R opendkim:opendkim /etc/opendkim/keys/example.com
mv /etc/opendkim/keys/example.com/default.private /etc/opendkim/keys/example.com/default [/code]

After this step need to create / edit the following files:

[code]nano /etc/opendkim.conf[/code]

[code]##
## opendkim.conf — configuration file for OpenDKIM filter
##
AutoRestart Yes
AutoRestartRate 10/1h
Canonicalization relaxed/simple
ExternalIgnoreList refile:/etc/opendkim/TrustedHosts
InternalHosts refile:/etc/opendkim/TrustedHosts
KeyTable refile:/etc/opendkim/KeyTable
LogWhy Yes
Mode sv
PidFile /var/run/opendkim/opendkim.pid
SignatureAlgorithm rsa-sha256
SigningTable refile:/etc/opendkim/SigningTable
Socket inet:8891@localhost
Syslog Yes
SyslogSuccess Yes
TemporaryDirectory /var/tmp
UMask 022
UserID opendkim:opendkim [/code]

The second file

[code] nano /etc/opendkim/KeyTable
default._domainkey.example.com example.com:default:/etc/opendkim/keys/example.com/default [/code]

the third file

[code] nano /etc/opendkim/SigningTable
*@example.com default._domainkey.example.com [/code]

fourth
[code] nano /etc/opendkim/TrustedHosts
127.0.0.1
hostname1.example1.com
example1.com
hostname1.example2.com
example2.com [/code]

After setup correctly the files need to edit the posfix configuration in order to sign the outgoing emails:

[code] nano /etc/postfix/main.cf
smtpd_milters = inet:127.0.0.1:8891
non_smtpd_milters = $smtpd_milters
milter_default_action = accept
milter_protocol = 2 [/code]

After setup type the following command to rehash your shell

[code] hash -r [/code]
Stop sendmail on start up in order to not execute on the start up

[code]chkconfig –del sendmail [/code]

Start opendkim service

[code]service opendkim start[/code]

You should see a message:

[code]Starting OpenDKIM Milter: [ OK ] [/code]

Restart postfix:

[code]/etc/init.d/postfix restart[/code]

If everything it is ok run the following command to make it available on server startup

[code]chkconfig –level 2345 opendkim on[/code]

In order to see if is it working or not run the following command to see more details:

[code]tail -f /var/log/maillog[/code]

At this file you will see the details of the failure or the success of this configuration and then you can troubleshoot. If everything is ok you need to add the key generated to the dns record:

[code]cat /etc/opendkim/keys/example.com/default.txt [/code]

The file output should be like this:

[code]default._domainkey IN TXT “v=DKIM1; g=*; k=rsa; p=7k45u5i2T1AlEBeurUbdKh7Nypq4lLMXC2FHhezK33BuYR+
3L7jxVj7FATylhwIDAQABMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDHY7Zl+n3SUldTYRUEU1BErHkKN0Ya52gazp1
R7FA7vN5RddPxW/sO9JVRLiWg6iAE4hxBp42YKfxOwEnxPADbBuiELKZ2ddxo2aDFAb9U/lp4” ;
—– DKIM default for example.com [/code]

Allow some hours the dns to divulge the changes globally. If you run again the command
[code] tail -f /var/log/maillog[/code]
you should see something like this:

[code] opendkim[4397]: OpenDKIM Filter: mi_stop=1
opendkim[4397]: OpenDKIM Filter v2.4.2 terminating with status 0, errno = 0
opendkim[27444]: OpenDKIM Filter v2.4.2 starting (args: -x /etc/opendkim.conf) [/code]

Also
[code]opendkim[22254]: 53D0314803B: DKIM-Signature header added [/code]
If you need to test how you configured send a test email at www.mail-tester.com, you will see the dkim result. Please be carefull with the spaces on the dns record, can be a little problematic.

A faster solution if you need to skip all of this is setting up the server via Vesta

Can be a faster solution.

Enjoy and happy mailing

Leave a Reply

Your email address will not be published.