From ArchWiki
Revision as of 12:11, 15 October 2011 by Sergej (Talk | contribs) (How it works?)

Jump to: navigation, search

What is it?

It is digital email signing/verification technology, which included into RFCs and already supported by many mail servers. (For example yahoo, google, etc).

How it works?

Sender signs email with private key.

Receiver gets signed email, request public key from DNS and verify it.

So you can check who actualy sent this email.

For more info see:


Install opendkim

You may add user for opendkim or use existing one (for example: postfix)

Generic configuration

  • Generate key:
openssl genrsa -out private.key 1024
openssl rsa -in private.key -pubout -out public.key
  • Create /etc/opendkim/opendkim.conf (see example in the same directory)

Minimal config:

 Domain        ,
 KeyFile                 /path/to/private.key
 Selector                server1
 Socket                  inet:8891@localhost
 UserID                  postfix
  • Add DNS record with your selector (see Selector in config, you may choose random name) and key:
server1._domainkey IN TXT "k=rsa; p=MHwwDQYJK ... OprwIDAQAB; t=y"

MHwwDQYJK ... OprwIDAQAB - is your public key.

  • Run it with /etc/rc.d/opendkim start or add it to DAEMONS in /etc/rc.conf

Postfix integration

Just add




into or smtpd options in example:

smtp      inet  n       -       n       -       -       smtpd
    -o smtpd_client_connection_count_limit=10
    -o smtpd_milters=inet:

submission inet n       -       n       -       -       smtpd
  -o smtpd_enforce_tls=no
  -o smtpd_sasl_auth_enable=yes
  -o smtpd_client_restrictions=permit_sasl_authenticated,reject
  -o smtpd_sasl_path=smtpd
  -o cyrus_sasl_config_path=/etc/sasl2
  -o smtpd_milters=inet: