How to install Open DKIM to sign outgoing emails on Postfix/Centos 7 ?
To install Open DKIM on Postfix and sign outgoing emails on CentOS 7, follow these steps:
- Install Open DKIM:
yum install opendkim opendkim-tools
- Add the following lines to your '/etc/opendkim.conf' file:
AutoRestart Yes
AutoRestartRate 10/1h
UMask 002
Syslog yes
SyslogSuccess Yes
LogWhy Yes
Canonicalization relaxed/simple
ExternalIgnoreList refile:/etc/opendkim/TrustedHosts
InternalHosts refile:/etc/opendkim/TrustedHosts
KeyTable refile:/etc/opendkim/KeyTable
SigningTable refile:/etc/opendkim/SigningTable
Mode sv
PidFile /var/run/opendkim/opendkim.pid
SignatureAlgorithm rsa-sha256
UserID opendkim:opendkim
Socket inet:8891@localhost
- Create the 'TrustedHosts', 'KeyTable', and 'SigningTable' files:
touch /etc/opendkim/TrustedHosts
touch /etc/opendkim/KeyTable
touch /etc/opendkim/SigningTable
- Add the following line to your '/etc/opendkim/TrustedHosts' file:
127.0.0.1
localhost
- Generate a key pair for your domain:
opendkim-genkey -b 2048 -d example.com -D /etc/opendkim/keys/ -s mail -v
This will generate a private key (mail.private) and a public key (mail.txt) in the /etc/opendkim/keys/ directory.
- Add the following line to your /etc/opendkim/KeyTable file, replacing example.com with your own domain and /etc/opendkim/keys/mail.private with the path to your private key file:
mail._domainkey.example.com example.com:/etc/opendkim/keys/mail.private
- Add the following line to your /etc/opendkim/SigningTable file, replacing example.com with your own domain:
*@example.com mail._domainkey.example.com
- Update Postfix to use Open DKIM:
Add the following lines to your /etc/postfix/main.cf file:
milter_default_action = accept
milter_protocol = 2
smtpd_milters = inet:localhost:8891
non_smtpd_milters = inet:localhost:8891
- Start the Open DKIM service and set it to start automatically on boot:
systemctl start opendkim
systemctl enable opendkim
- Restart Postfix:
system
© 2017 - 2023 DMARC.FR