Difference between revisions of "OpenDKIM"

From ArchWiki
Jump to: navigation, search
(Created page with "Category:Internet Applications (English) = What is it? = It is digital email signing/verification technology, which included into RFCs and already supported by many mail ser...")
 
(Installation)
Line 18: Line 18:
 
Install opendkim: pacman -S opendkim
 
Install opendkim: pacman -S opendkim
  
You may add user for opendkim or user existing (for example: postfix)  
+
You may add user for opendkim or use existing one (for example: postfix)
  
 
= Generic configuration =
 
= Generic configuration =

Revision as of 21:29, 14 October 2011


What is it?

It is digital email signing/verification technology, which included into RFCs and already supported by many mail servers. (For example yahoo, google, etc).

How it works?

Sender signs email with private key.

Receiver gets signed email, request public key from DNS and verify it.

So you can check who actualy sent this email.

For more info see RFC 4871

Installation

Install opendkim: pacman -S opendkim

You may add user for opendkim or use existing one (for example: postfix)

Generic configuration

  • Generate key:
openssl genrsa -out private.key 1024
openssl rsa -in private.key -pubout -out public.key
  • Create /etc/opendkim/opendkim.conf (see example in the same directory)

Minimal config:

 Domain                  YOUR-DOMAIN1.com, YOUR-DOMAIN2.com
 KeyFile                 /path/to/private.key
 Selector                server1
 Socket                  inet:8891@localhost
 UserID                  postfix
  • Add DNS record with your selector (see Selector in config, you may choose random name) and key:
server1._domainkey IN TXT "k=rsa; p=MHwwDQYJK ... OprwIDAQAB; t=y"
  • Run it with /etc/rc.d/opendkim start or add it to DAEMONS in /etc/rc.conf


Postfix integration

Just add

 non_smtpd_milters=inet:127.0.0.1:8891

and/or

 smtpd_milters=inet:127.0.0.1:8891

into main.cf or smtpd options in master.cf

master.cf example:

smtp      inet  n       -       n       -       -       smtpd
    -o smtpd_client_connection_count_limit=10
    -o smtpd_milters=inet:127.0.0.1:8891

submission inet n       -       n       -       -       smtpd
  -o smtpd_enforce_tls=no
  -o smtpd_sasl_auth_enable=yes
  -o smtpd_client_restrictions=permit_sasl_authenticated,reject
  -o smtpd_sasl_path=smtpd
  -o cyrus_sasl_config_path=/etc/sasl2
  -o smtpd_milters=inet:127.0.0.1:8891