DKIM with Postfix – My Multiple Site Setup

I honestly can’t remember where I originally got my setup from. This is a pretty good tutorial though.

My /etc/opendkim.conf:

AutoRestart             Yes
AutoRestartRate         10/1h
Canonicalization        relaxed/simple
ExternalIgnoreList      refile:/etc/opendkim/TrustedHosts
InternalHosts           refile:/etc/opendkim/TrustedHosts
KeyTable                refile:/etc/opendkim/KeyTable
LogWhy                  Yes
Mode                    sv
PidFile                 /var/run/opendkim/opendkim.pid
SignatureAlgorithm      rsa-sha256
SigningTable            refile:/etc/opendkim/SigningTable
Socket                  inet:8891@localhost
Syslog                  Yes
SyslogSuccess           Yes
TemporaryDirectory      /var/tmp
UMask                   022
UserID                  opendkim:opendkim

The /etc/opendkim/ folder doesn’t exist per default, I’ve created it and all its contents.

The KeyTable file looks like this:

default._domainkey.site1.com site1.com:default:/etc/opendkim/keys/site1.com/default
default._domainkey.site2.com site2.com:default:/etc/opendkim/keys/site2.com/default

The /etc/opendkim/keys/site2.com/default file contains the actual key generated with dkim-genkey -s default -d site2.com. Make sure this file is readable by the opendkim user!

Btw dkim-filter can safely be apt-get removed after you’re done generating the keys.

SigningTable has the following format:

*@site1.com default._domainkey.site1.com
*@site2.com default._domainkey.site2.com

TrustedHosts:

127.0.0.1
site1.com
site2.com

In my /etc/postfix/main.cf I’ve added the following:

smtpd_milters = inet:127.0.0.1:8891
milter_default_action = accept

And finally in /var/lib/bind/site1.com.hosts

default._domainkey.site1.com. IN TXT "v=DKIM1; g=*; k=rsa; p=blabla, key goes here"

That’s it, works, when I choose “Show Original” in gmail I see the DKIM section.

Related Posts

Tags: , , , , ,