Difference between revisions of "OpenDKIM"
(→How it works?)
(remove language suffix from Category:Internet Applications (English), see Talk:Table of Contents#English Category Names: Capitalization and Conflict with i18n)
|Line 1:||Line 1:|
= What is it? =
= What is it? =
Revision as of 14:59, 23 April 2012
What is it?
It is digital email signing/verification technology, which included into RFCs and already supported by many mail servers. (For example yahoo, google, etc).
How it works?
Sender signs email with private key.
Receiver gets signed email, request public key from DNS and verify it.
So you can check who actualy sent this email.
For more info see:
You may add user for opendkim or use existing one (for example: postfix)
- Generate key:
openssl genrsa -out private.key 1024 openssl rsa -in private.key -pubout -out public.key
- Create /etc/opendkim/opendkim.conf (see example in the same directory)
Domain YOUR-DOMAIN1.com, YOUR-DOMAIN2.com KeyFile /path/to/private.key Selector server1 Socket inet:8891@localhost UserID postfix
- Add DNS record with your selector (see Selector in config, you may choose random name) and key:
server1._domainkey IN TXT "k=rsa; p=MHwwDQYJK ... OprwIDAQAB; t=y"
MHwwDQYJK ... OprwIDAQAB - is your public key.
- Run it with /etc/rc.d/opendkim start or add it to DAEMONS in /etc/rc.conf
into main.cf or smtpd options in master.cf
smtp inet n - n - - smtpd -o smtpd_client_connection_count_limit=10 -o smtpd_milters=inet:127.0.0.1:8891 submission inet n - n - - smtpd -o smtpd_enforce_tls=no -o smtpd_sasl_auth_enable=yes -o smtpd_client_restrictions=permit_sasl_authenticated,reject -o smtpd_sasl_path=smtpd -o cyrus_sasl_config_path=/etc/sasl2 -o smtpd_milters=inet:127.0.0.1:8891