OpenDKIM

From ArchWiki
Revision as of 12:11, 15 October 2011 by Sergej (Talk | contribs) (How it works?)

Jump to: navigation, search


What is it?

It is digital email signing/verification technology, which included into RFCs and already supported by many mail servers. (For example yahoo, google, etc).

How it works?

Sender signs email with private key.

Receiver gets signed email, request public key from DNS and verify it.

So you can check who actualy sent this email.

For more info see:

Installation

Install opendkim

You may add user for opendkim or use existing one (for example: postfix)

Generic configuration

  • Generate key:
openssl genrsa -out private.key 1024
openssl rsa -in private.key -pubout -out public.key
  • Create /etc/opendkim/opendkim.conf (see example in the same directory)

Minimal config:

 Domain                  YOUR-DOMAIN1.com, YOUR-DOMAIN2.com
 KeyFile                 /path/to/private.key
 Selector                server1
 Socket                  inet:8891@localhost
 UserID                  postfix
  • Add DNS record with your selector (see Selector in config, you may choose random name) and key:
server1._domainkey IN TXT "k=rsa; p=MHwwDQYJK ... OprwIDAQAB; t=y"

MHwwDQYJK ... OprwIDAQAB - is your public key.

  • Run it with /etc/rc.d/opendkim start or add it to DAEMONS in /etc/rc.conf

Postfix integration

Just add

 non_smtpd_milters=inet:127.0.0.1:8891

and/or

 smtpd_milters=inet:127.0.0.1:8891

into main.cf or smtpd options in master.cf

master.cf example:

smtp      inet  n       -       n       -       -       smtpd
    -o smtpd_client_connection_count_limit=10
    -o smtpd_milters=inet:127.0.0.1:8891

submission inet n       -       n       -       -       smtpd
  -o smtpd_enforce_tls=no
  -o smtpd_sasl_auth_enable=yes
  -o smtpd_client_restrictions=permit_sasl_authenticated,reject
  -o smtpd_sasl_path=smtpd
  -o cyrus_sasl_config_path=/etc/sasl2
  -o smtpd_milters=inet:127.0.0.1:8891