Dkim and Postfix
Here is a quick tutorial explaining how to enable DKIM, a technology which allows to authenticate the sender and the integrity of a mail, on a Debian / Postfix environment.
Install dkim-filter:
aptitude install dkim-filter
Generate and export de key:
openssl genrsa -out /etc/ssl/private/dkim_MYDOMAIN_MYTLD.key
openssl rsa -in /etc/ssl/private/dkim_MYDOMAIN_MYTLD.key \
-pubout -outform PEMwriting RSA key
-----BEGIN PUBLIC KEY-----
MYKEY
-----END PUBLIC KEY-----
Setup dkim-filter through /etc/dkim-filter.conf:
Domain MYDOMAIN_MYTLD
KeyFile /etc/ssl/private/dkim_MYDOMAIN_MYTLD.key
Selector mail
And through /etc/default/dkim-filter:
#SOCKET="inet:12345@192.0.2.1" # listen on 192.0.2.1 on port 12345
+ SOCKET=inet:8891@localhost
Restart the service:
/etc/init.d/dkim-filter restart
Add to the DNS zone:
mail._domainkey TXT "k=rsa; t=y; p=MYKEY"
Add to Postfix through /etc/postfix/main.conf:
milter_default_action = accept
milter_protocol = 2
smtpd_milters = inet:localhost:8891
non_smtpd_milters = inet:localhost:8891
Eventually, restart Postfix:
/etc/init.d/postfix restart
As the default mode is sv, you will now sign the outgoing mails and validate the incoming ones.