Difference between revisions of "DKIM How To"
| Line 7: | Line 7: | ||
systemctl restart opendkim | systemctl restart opendkim | ||
| − | Generate keys two ways: | + | '''Generate keys two ways:''' |
opendkim-genkey -t -s mail -d domain.com -v | opendkim-genkey -t -s mail -d domain.com -v | ||
opendkim-genkey -b 2048 -h rsa-sha256 -r -s mail -d domain.com -v | opendkim-genkey -b 2048 -h rsa-sha256 -r -s mail -d domain.com -v | ||
| − | Add mail.txt to DNS: | + | '''Add mail.txt to DNS:''' |
cat mail.txt >> /etc/bind/zone-enabled/domain.com.zone | cat mail.txt >> /etc/bind/zone-enabled/domain.com.zone | ||
| − | Test Keys: | + | '''Test Keys:''' |
opendkim-testkey -d domain.com -s mail -vvv | opendkim-testkey -d domain.com -s mail -vvv | ||
dig mail._domainkey.domain.com TXT | dig mail._domainkey.domain.com TXT | ||
| − | Need permissions: | + | '''Need permissions:''' |
chown -R opendkim:opendkim /etc/opendkim/ | chown -R opendkim:opendkim /etc/opendkim/ | ||
chmod go-rwx /etc/opendkim/* | chmod go-rwx /etc/opendkim/* | ||
chmod 700 -R /etc/opendkim/keys/ | chmod 700 -R /etc/opendkim/keys/ | ||
| − | Debugging: | + | '''Debugging:''' |
grep -r milter /var/log/syslog | grep -r milter /var/log/syslog | ||
grep -i dkim /var/log/mail.log | grep -i dkim /var/log/mail.log | ||
| − | Notes: | + | '''Notes:''' |
| − | |||
*If it keys do not pass on reboot, do the following: | *If it keys do not pass on reboot, do the following: | ||
systemctl restart opendkim | systemctl restart opendkim | ||
| Line 37: | Line 36: | ||
*If something fails, tail log files and check systemcrt status. Also confirm permissions. | *If something fails, tail log files and check systemcrt status. Also confirm permissions. | ||
| − | Documentation: | + | '''Documentation:''' |
*[http://www.postfix.org/MILTER_README.html Milter Guide] | *[http://www.postfix.org/MILTER_README.html Milter Guide] | ||
*[http://www.postfix.org/MILTER_README.html#workarounds Postfix Workarounds] | *[http://www.postfix.org/MILTER_README.html#workarounds Postfix Workarounds] | ||
Revision as of 06:07, 9 May 2018
DKIM add new key:
- create keys and put them into /etc/opendkim/keys/domains.com/keys
- add domain to trusted.hosts
- add domain to signing.table
- add domain to key.table
systemctl restart opendkim
Generate keys two ways:
opendkim-genkey -t -s mail -d domain.com -v opendkim-genkey -b 2048 -h rsa-sha256 -r -s mail -d domain.com -v
Add mail.txt to DNS:
cat mail.txt >> /etc/bind/zone-enabled/domain.com.zone
Test Keys:
opendkim-testkey -d domain.com -s mail -vvv dig mail._domainkey.domain.com TXT
Need permissions:
chown -R opendkim:opendkim /etc/opendkim/ chmod go-rwx /etc/opendkim/* chmod 700 -R /etc/opendkim/keys/
Debugging:
grep -r milter /var/log/syslog grep -i dkim /var/log/mail.log
Notes:
- If it keys do not pass on reboot, do the following:
systemctl restart opendkim systemctl restart postfix
- Webmail must use ports 993 and 443 or else the DKIM keys are signed twice.
- NS1 and NS2 zone files must match 100% perfect or else there are issues
- If something fails, tail log files and check systemcrt status. Also confirm permissions.
Documentation:
Tools:
