What is DKIM?
For funtional overview visit:
http://www.sendmail.co.uk/sm/open_source/dkim/functional_overview/
DKIM or DomainKeys Identified Mail is an electronic signature that is inserted into the full header of your email to identify the origin of where the message was sent.
Howto?
# Install opendkim, which is fork of dkim-milter.
yum install opendkim
# Create directory for you domain, generate key, change ownership.
mkdir /etc/opendkim/keys/mydomain.com
opendkim-genkey -D /etc/opendkim/keys/mydomain.com/ -d mydomain.com -s default
chown -R opendkim:opendkim /etc/opendkim/keys/mydomain.com
mv /etc/opendkim/keys/mydomain.com/default.private /etc/opendkim/keys/mydomain.com/default
# If you have multiple domain, do same for each domain.
# Configuration File
/etc/opendkim.conf – OpenDKIM’s main configuration file
/etc/opendkim/KeyTable – a list of keys available for signing
/etc/opendkim/SigningTable - a list of domains and accounts allowed to sign
/etc/opendkim/TrustedHosts – a list of servers to “trust” when signing or verifying
# vi /etc/opendkim.conf
PidFile /var/run/opendkim/opendkim.pid
Mode sv
Syslog yes
SyslogSuccess yes
LogWhy yes
UserID opendkim:opendkim
Socket inet:8891@localhost
Umask 002
Canonicalization relaxed/simple
Selector default
MinimumKeyBits 1024
KeyFile /etc/opendkim/keys/default.private
KeyTable /etc/opendkim/KeyTable
SigningTable refile:/etc/opendkim/SigningTable
ExternalIgnoreList refile:/etc/opendkim/TrustedHosts
InternalHosts refile:/etc/opendkim/TrustedHosts
# vi /etc/opendkim/KeyTable
default._domainkey.mydomain.com mydomain.com:default:/etc/opendkim/keys/mydomain.com/default
# If you have multiple domain add similar line with each domain
# vi /etc/opendkim/SigningTable
*@mydomain.com default._domainkey.mydomain.com
vi /etc/opendkim/TrustedHosts
127.0.0.1
# If you want to add simillar trusted domain or ip add in Trusted host file.
# Now Make postfix aware where to go for smtpd milter
smtpd_milters = inet:127.0.0.1:8891
non_smtpd_milters = $smtpd_milters
milter_default_action = accept
# If you’re running a version of Postfix prior to 2.6, you may need to add:
milter_protocol = 2
Service opendkim start
service postfix reload
Add DNS entry with the key you created for each domain which can be found under.
/etc/opendkim/keys/mydomain.com/default.txt
Test:
By sending a blank email to the following address : sa-test@sendmail.net or check-auth@verifier.port25.com or autorespond+dkim@dk.elandsys.com and check the respon.
Or, check header of email message.
Checking Mail server reputation:
https://www.senderscore.org/
http://mxtoolbox.com/SuperTool.aspx
Openrelay Test:
http://www.mailradar.com/openrelay/
Test Openrelay Telnet:
telnet: > telnet mx1.example.com smtp
telnet: Trying 192.0.2.2…
telnet: Connected to mx1.example.com.
telnet: Escape character is ‘^]’.
server: 220 mx1.example.com ESMTP server ready Tue, 20 Jan 2004 22:33:36 +0200
client: HELO client.example.com
server: 250 mx1.example.com
client: MAIL from:
server: 250 Sender Ok
client: RCPT to:
server: 250 Recipient Ok
client: DATA
server: 354 Ok Send data ending with .
client: From: sender@example.com
client: To: recipient@example.com
client: Subject: Test message
client:
client: This is a test message.
client: .
server: 250 Message received: 20040120203404.CCCC18555.mx1.example.com@client.example.com
client: QUIT
server: 221 mx1.example.com ESMTP server closing connection