Install opendkim ( epel repoor other sources )
Either find/add those options to the original config file, or even better, make a copy of the original file and replace /etc/opendkim.conf with the following:
AutoRestart Yes # Need to investigate this option !!! AutoRestartRate 10/1h LogWhy Yes Syslog Yes SyslogSuccess Yes Mode sv Canonicalization relaxed/simple ExternalIgnoreList refile:/etc/opendkim/TrustedHosts InternalHosts refile:/etc/opendkim/TrustedHosts KeyTable refile:/etc/opendkim/KeyTable SigningTable refile:/etc/opendkim/SigningTable Selector mail SignatureAlgorithm rsa-sha256 Socket inet:8891@localhost PidFile /var/run/opendkim/opendkim.pid UMask 022 UserID opendkim:opendkim TemporaryDirectory /var/tmp
Now we have to setup the public and private keys (replace yourdomain in the text with the apropriate domain name):
mkdir /etc/opendkim/keys/yourdomain opendkim-genkey -D /etc/opendkim/keys/yourdomain/ -d yourdomain -s mail chown -R opendkim: /etc/opendkim/keys/yourdomain mv /etc/opendkim/keys/yourdomain/mail.private /etc/opendkim/keys/yourdomain/mail
Now we have to add it to the OpenDKIM keytable. Edit /etc/opendkim/KeyTable and add:
Next step, adding the domain to the signing table. Edit /etc/opendkim/SigningTable, and insert:
And the last move with DKIM, edit /etc/opendkim/TrustedHosts and add your LAN there.
Now we have to tell Postfix that we want to use OpenDKIM miltering. Edit /etc/postfix/main.cf and insert at the end of the file:
smtpd_milters = , inet:127.0.0.1:12768, inet:127.0.0.1:8891 non_smtpd_milters = $smtpd_milters milter_default_action = accept milter_protocol = 6
The port 12768 is used by amavisd-new in this case !!!
Now we can try to start OpenDKIM and reload postfix:
service opendkim start chkconfig opendkim on service postfix reload
If everything worked well, You can send a test mail and see in the source and it contains a DKIM signature, tail /var/log/maillog -f and see the OpenDKIM entries like DKIM-Signature field added (s=mail, d=yourdomain)
Now you should add the dkim signature to your domain file (probably at your ISP). The exact signature as it should look was generated by the opendkim certificate generator, and it is located in /etc/opendkim/keys/yourdomain/mail.txt
TXT record – mail._domainkey
v=DKIM1; k=rsa; p=MIGfM………….
So, all you need is to insert it in the DNS zone file or send it to Your ISP if the DNS is hosted and after a while it will start to work. If you want to check if the DKIM signature is properly inserted in your DNS zone, you can do dig +short mail._domainkey.yourdomain TXT
and it should give You and answer with the hashed key.