Difference between revisions of "OpenDKIM"

From ArchWiki
Jump to: navigation, search
(How it works?)
Line 1: Line 1:
[[Category:Internet Applications (English)]]
[[Category:Internet Applications]]
= What is it? =
= What is it? =

Revision as of 14:59, 23 April 2012

What is it?

It is digital email signing/verification technology, which included into RFCs and already supported by many mail servers. (For example yahoo, google, etc).

How it works?

Sender signs email with private key.

Receiver gets signed email, request public key from DNS and verify it.

So you can check who actualy sent this email.

For more info see:


Install opendkim

You may add user for opendkim or use existing one (for example: postfix)

Generic configuration

  • Generate key:
openssl genrsa -out private.key 1024
openssl rsa -in private.key -pubout -out public.key
  • Create /etc/opendkim/opendkim.conf (see example in the same directory)

Minimal config:

 Domain                  YOUR-DOMAIN1.com, YOUR-DOMAIN2.com
 KeyFile                 /path/to/private.key
 Selector                server1
 Socket                  inet:8891@localhost
 UserID                  postfix
  • Add DNS record with your selector (see Selector in config, you may choose random name) and key:
server1._domainkey IN TXT "k=rsa; p=MHwwDQYJK ... OprwIDAQAB; t=y"

MHwwDQYJK ... OprwIDAQAB - is your public key.

  • Run it with /etc/rc.d/opendkim start or add it to DAEMONS in /etc/rc.conf

Postfix integration

Just add




into main.cf or smtpd options in master.cf

master.cf example:

smtp      inet  n       -       n       -       -       smtpd
    -o smtpd_client_connection_count_limit=10
    -o smtpd_milters=inet:

submission inet n       -       n       -       -       smtpd
  -o smtpd_enforce_tls=no
  -o smtpd_sasl_auth_enable=yes
  -o smtpd_client_restrictions=permit_sasl_authenticated,reject
  -o smtpd_sasl_path=smtpd
  -o cyrus_sasl_config_path=/etc/sasl2
  -o smtpd_milters=inet: