How to Setup DKIM (DomainKeys) with Postfix on Ubuntu & Debian
Abstract: /etc/mail/dkim-keys/example.com/dt.privateStep 4 – Configure DNS Entry After configuring private key in postfix server. there will be another file def
DKIM (DomainKeys Identified Mail) is a method of signing electronic emails using public-private key pair. DKIM is used by receiving mail server for identifying email, that they are sent by authorized mail servers. It also minimizes the possibility of getting emails SPAM.
This tutorial will provide you a quick and easy way to setup DKIM (DomainKeys) with your POSTFIX running on Debian based systems.
Step 1 – Install opendkim PackageFirst we need to install opendkim and opendkim-tools packages using following command.
sudo apt-get install opendkim opendkim-toolsStep 2 – Generate Key Pair
Now create DKIM key pair using opendkim-genkey command line utility. For this tutorial we are using domain name 「example.com」, Change this name with your actual domain name.
MYDOMAIN=example.com mkdir -p /etc/mail/dkim-keys/$MYDOMAIN cd /etc/mail/dkim-keys/$MYDOMAIN opendkim-genkey -t -s mail -d $MYDOMAIN
Above command will generate two files default.private and default.txt. You can created multiple DKIM keys for different-2 domains and configure with your postfix server.
Step 3 – Configure DKIM and POSTFIXFirst edit the domain keys lists setting file /etc/mail/dkim.key and add following entry.
*@example.com:example.com:/etc/mail/dkim-keys/example.com/dt.private
Edit DKIM configuration file /etc/opendkim.conf and update below values in configuration file.
Domain example.com KeyFile /etc/mail/dkim.key Selector mail Socket inet:[email protected]
Now edit POSTFIX configuration file /etc/postfix/main.cf and add following values at the end of file
milter_default_action = accept milter_protocol = 2 smtpd_milters = inet:localhost:8892 non_smtpd_milters = inet:localhost:8892Step 4 – Configure DNS Entry
After configuring private key in postfix server. there will be another file default.txt generated by opendkim-genkey. Edit your DNS zone file and add this as TXT record found in default.txt.
mail._domainkey.example.com IN TXT "v=DKIM1; k=rsa; p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQC65tv6LhAbbrqcwgyBaC x50scjedj357we9SJdff6VHOKDYgU/kvuV2rQiedHjtJDPuFJIwoNqh8pbIWxcZ8J2FhVhXU1QWdBmOQ/w61jfsyVAMrX/SrcJAd/1 XHYcS4o3uIOV7jICVOJLiYW5wjYLvWpPoraQzQE1Npjlsx2T5QIDAQAB" ; ----- DKIM key default for example.comStep 5 – Restart Service
After making all above configuration’s restart dkim and postfix services
sudo service opendkim restart sudo service postfix restartStep 6 – Verify DKIM
And you have all done. Let’s verify that DKIM is working properly. Let’s send a test email through command line
mail -vs "Test DKIM" [email protected] < /dev/null
In received email in our mailbox, open the source of email and search for "DKIM-Signature". You will find some thing like below
DKIM-Signature: v=1; a=rsa-sha256; c=simple/simple; d=example.com; s=default.private; t=1402388963; bh=fdkeB/A0FkbVP2k4J4pNPoe23AvqBm9+b0C3OY87Cw8=; h=Date:From:Message-Id:To:Subject; b=M6g0eHe3LNqURha9d73bFWlPfOERXsXxrYtN2qrSQ6/0WXtOxwkEjfoNTHPzoEOlD i6uLLwV+3/JTs7mFmrkvlA5ZR693sM5gkVgVJmuOsylXSwd3XNfEcGSqFRRIrLhHtbC mAXMNxJtih9OuVNi96TrFNyUJeHMRvvbo34BzqWY=