Skip to content

Instantly share code, notes, and snippets.

@dubcl

dubcl/postfix-opendkim.md

Last active March 16, 2018 19:12
Show Gist options
  • Save dubcl/256d47186feccd249e754b7c27455a83 to your computer and use it in GitHub Desktop.
Save dubcl/256d47186feccd249e754b7c27455a83 to your computer and use it in GitHub Desktop.
Download ZIP
config opendkim + postfix (v0.1)
Raw
postfix-opendkim.md

config opendkim + postfix (v0.1)

Instalar

apt-get install opendkim opendkim-tools

Editar /etc/default/opendkim

SOCKET="inet:12301@localhost"

Generar llaves

opendkim-genkey -b 1024 -d dominio.com -s selector

(Route53 no soporta mas de 1024)

El comando anterior genera 2 archivos

selector.private
selector.txt

crear directorio /etc/opendkim

mkdir  /etc/opendkim

Mover los archivos generados con opendkim-genkey

mv selector.private selector.txt /etc/opendkim

Editar o crear /etc/opendkim.conf

AutoRestart             Yes
AutoRestartRate         10/1h
UMask                   002
Syslog                  yes
SyslogSuccess           Yes
LogWhy                  Yes

Domain                  dominio.com
KeyFile                 /etc/opendkim/selector.private
Selector                selector

Canonicalization        relaxed/simple

ExternalIgnoreList      refile:/etc/opendkim/TrustedHosts
InternalHosts           refile:/etc/opendkim/TrustedHosts
KeyTable                refile:/etc/opendkim/KeyTable
SigningTable            refile:/etc/opendkim/SigningTable

Mode                    sv
PidFile                 /var/run/opendkim/opendkim.pid
SignatureAlgorithm      rsa-sha256

UserID                  opendkim:opendkim

Socket                  inet:12301@localhost

Crear /etc/opendkim/TrustedHosts (Listado de IPs y URL autorizadas)

127.0.0.1
localhost
192.168.1.0/24
.
.
.

Crear /etc/opendkim/KeyTable (indica la llave a usar para que dominio y que selector)

selector._domainkey.dominio.com dominio.com:selector:/etc/opendkim/selector.private

Crear /etc/opendkim/SigningTable (indica que dominios se van a validar y con que llave publica)

*@dominio.com selector._domainkey.dominio.com

El contenido del selector.txt es el siguiente por ejemplo:

selector._domainkey IN TXT "v=DKIM1; k=rsa; p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNV+99dbpDEWeZ1XacO/oSNK3Qklk1Yc4RT0VOitk/WM6afg01Fk0Yp3mbY0r6dl22F6xL5XGVHA6FyvFurth3wbWHNgk6MYBM+Bv+JzN0edUP/cTP5wWSDPr1y5M1ZvrJc2+TcQRVEed+TleanFdDPLQIDAQAB" ; ----- DKIM key selector for dominio.com

Se debe agregar el registro a la hoja de zona del dominio.com, si el TXT lleva "h=sha256", quitarlo.

Validar la llave y config del dkim

opendkim-testkey -d dominio.com -s selector -k selector.private -vvv

Devuelve algo como:

opendkim-testkey: key OK

Para indicar a postfix que use dkim editar /etc/postfix/main.cf

#For dkim
milter_protocol = 2
milter_default_action = accept
smtpd_milters = inet:localhost:12301
non_smtpd_milters = inet:localhost:12301

Reiniciar opendkim y postfix

service opendkim restart
service postfix restart

Link's

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment