DKIM with Postfix – My Multiple Site Setup
I honestly can’t remember where I originally got my setup from. This is a pretty good tutorial though.
My /etc/opendkim.conf:
AutoRestart Yes
AutoRestartRate 10/1h
Canonicalization relaxed/simple
ExternalIgnoreList refile:/etc/opendkim/TrustedHosts
InternalHosts refile:/etc/opendkim/TrustedHosts
KeyTable refile:/etc/opendkim/KeyTable
LogWhy Yes
Mode sv
PidFile /var/run/opendkim/opendkim.pid
SignatureAlgorithm rsa-sha256
SigningTable refile:/etc/opendkim/SigningTable
Socket inet:8891@localhost
Syslog Yes
SyslogSuccess Yes
TemporaryDirectory /var/tmp
UMask 022
UserID opendkim:opendkim
The /etc/opendkim/ folder doesn’t exist per default, I’ve created it and all its contents.
The KeyTable file looks like this:
default._domainkey.site1.com site1.com:default:/etc/opendkim/keys/site1.com/default
default._domainkey.site2.com site2.com:default:/etc/opendkim/keys/site2.com/default
The /etc/opendkim/keys/site2.com/default file contains the actual key generated with dkim-genkey -s default -d site2.com. Make sure this file is readable by the opendkim user!
Btw dkim-filter can safely be apt-get removed after you’re done generating the keys.
SigningTable has the following format:
*@site1.com default._domainkey.site1.com
*@site2.com default._domainkey.site2.com
TrustedHosts:
127.0.0.1
site1.com
site2.com
In my /etc/postfix/main.cf I’ve added the following:
smtpd_milters = inet:127.0.0.1:8891
milter_default_action = accept
And finally in /var/lib/bind/site1.com.hosts
default._domainkey.site1.com. IN TXT "v=DKIM1; g=*; k=rsa; p=blabla, key goes here"
That’s it, works, when I choose “Show Original” in gmail I see the DKIM section.