How To Install and Configure DKIM with Postfix on Ubuntu Xenial 16.04 LTS

Used this tutorial: https://www.digitalocean.com/community/tutorials/how-to-install-and-configure-dkim-with-postfix-on-debian-wheezy

It has a bug so this is with the correction for me. In this tutorial replace numbeo.com with your domain and use your personal gmail email address.

Install dkim:

sudo apt-get update
sudo apt-get dist-upgrade

Install OpenDKIM and it’s dependencies:

sudo apt-get install opendkim opendkim-tools

Let’s start with the main configuration file:

sudo joe /etc/opendkim.conf

It should have this content:

root@condor1796 /etc # cat opendkim.conf
OversignHeaders		From
TrustAnchorFile /usr/share/dns/root.key

AutoRestart Yes
AutoRestartRate 10/1h
UMask 002
Syslog yes
SyslogSuccess Yes
LogWhy Yes

Canonicalization relaxed/simple

ExternalIgnoreList refile:/etc/opendkim/TrustedHosts
InternalHosts refile:/etc/opendkim/TrustedHosts
KeyTable /etc/opendkim/KeyTable
SigningTable refile:/etc/opendkim/SigningTable

Mode sv
PidFile /var/run/opendkim/opendkim.pid
SignatureAlgorithm rsa-sha256

UserID opendkim:opendkim

Socket inet:12301@localhost

Connect the milter to Postfix:
sudo nano /etc/default/opendkim

Add the following line, edit the port number only if a custom one is used:
SOCKET="inet:12301@localhost"

Configure postfix to use this milter and limit the number of transactions per domain:
sudo nano /etc/postfix/main.cf

add this content:

milter_protocol = 2
milter_default_action = accept
smtpd_milters = inet:localhost:12301
non_smtpd_milters = inet:localhost:12301
smtp_destination_concurrency_limit = 2
smtp_destination_rate_delay = 1s
smtp_extra_recipient_limit = 10
default_destination_concurrency_limit=2
default_destination_rate_delay=1s

Create a directory structure that will hold the trusted hosts, key tables, signing tables and crypto keys:

sudo mkdir /etc/opendkim 
sudo mkdir /etc/opendkim/keys

Specify trusted hosts:

sudo nano /etc/opendkim/TrustedHosts
*.numbeo.com
127.0.0.1
localhost
209.126.119.66

Create a key table:

sudo nano /etc/opendkim/KeyTable

A key table contains each selector/domain pair and the path to their private key.

mail._domainkey.numbeo.com numbeo.com:mail:/etc/opendkim/keys/numbeo.com/mail.private

Create a signing table:

sudo nano /etc/opendkim/SigningTable

This file is used for declaring the domains/email addresses and their selectors.

*@numbeo.com mail._domainkey.numbeo.com

Generate the public and private keys

Change to the keys directory:

cd /etc/opendkim/keys

Create a separate folder for the domain to hold the keys:

sudo mkdir numbeo.com
cd numbeo.com

Generate the keys:

sudo opendkim-genkey -s mail -d numbeo.com

-s specifies the selector and -d the domain, this command will create two files, mail.private is our private key and mail.txt contains the public key.

Change the owner of the private key to opendkim:

sudo chown opendkim:opendkim mail.private
 Use mail.txt file to add TXT DNS record for mail._domainkey numbeo.com

It should look like this:

root@condor1796 /etc #  dig mail._domainkey.numbeo.com TXT
;; ANSWER SECTION:
mail._domainkey.numbeo.com. 5660 IN	TXT	"v=DKIM1; k=rsa; p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDPqBmXSBbSXdmDIOqriDqI7/HJz1AqJNjK+Jqd0EQHEmXS5BHBtfr28ur4+m/7JjooE98DB29mbZBtua8dpwKtA5HetCDxdb5mMIjUDRo2wiSYCQ2wxLFwzATGHLa/N9LhDNQJCmZFoEWBFVhOFyrl8jOEuSCVpEPyXtKdYSZcHwIDAQAB"

Restart Postfix and OpenDKIM:

sudo service postfix restart
sudo service opendkim restart

Check now if this Opendkim config is working:

root@condor1796 /etc # sudo -u opendkim opendkim-testkey -vvvv 
opendkim-testkey: using default configfile /etc/opendkim.conf
opendkim-testkey: record 0 for 'mail._domainkey.numbeo.com' retrieved
opendkim-testkey: checking key 'mail._domainkey.numbeo.com'
opendkim-testkey: key mail._domainkey.numbeo.com: OK
opendkim-testkey: key mail._domainkey.numbeo.com not secure
opendkim-testkey: 1 key checked; 1 pass, 0 fail

If opendkim config is working check it’s integration with postfix by sending a mail to gmail:

mail -s "test subject" mladen.adamovic@gmail.com < /etc/opendkim.conf

That’s it, you shall now see in the email source as received on gmail:

dkim=pass

 

2 thoughts on “How To Install and Configure DKIM with Postfix on Ubuntu Xenial 16.04 LTS

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s