DKIM: Difference between revisions

From DWIKI
mNo edit summary
mNo edit summary
Line 13: Line 13:
*[https://www.linode.com/docs/email/postfix/configure-spf-and-dkim-in-postfix-on-debian-9/ SPF and DKIM on Debian]
*[https://www.linode.com/docs/email/postfix/configure-spf-and-dkim-in-postfix-on-debian-9/ SPF and DKIM on Debian]


=OpenDKIM Howto=
 
= OpenDKIM Howto =
 
  cd /etc/opendkim/keys
  cd /etc/opendkim/keys


The 'selector' you choose here does not have to be the actual selector used in DNS. It is just the name used for storing the .txt and .private files
The 'selector' you choose here does not have to be the actual selector used in DNS. It is just the name used for storing the .txt and .private files
  opendkim-genkey -s somename -d domain.name
  opendkim-genkey -s somename -d domain.name
Make sure the key ends up in /etc/opendkim/keys and is readable for user opendkim
Make sure the key ends up in /etc/opendkim/keys and is readable for user opendkim


==SigningTable==
== SigningTable ==
#somename is the first field in Keytable
 
#somename is the first field in Keytable  


  *@domain.name somename
  *@domain.name somename


==KeyTable==
== KeyTable ==
 
Here the name of the selector (the part before ._domainkey) is the one you publish in dns
Here the name of the selector (the part before ._domainkey) is the one you publish in dns
 
  somename domain.name:selectorname:/path/to/somename.private
  somename domain.name:selectorname:/path/to/somename.private


== Postfix ==
In /etc/postfix/main.cf:
milter_protocol = 2
milter_default_action = accept
smtpd_milters = inet:localhost:8891
non_smtpd_milters = inet:localhost:8891


= Checking =
= Checking =

Revision as of 10:40, 29 September 2020

DomainKeys Identified Mail

Links


OpenDKIM Howto

cd /etc/opendkim/keys

The 'selector' you choose here does not have to be the actual selector used in DNS. It is just the name used for storing the .txt and .private files

opendkim-genkey -s somename -d domain.name

Make sure the key ends up in /etc/opendkim/keys and is readable for user opendkim

SigningTable

  1. somename is the first field in Keytable
*@domain.name somename

KeyTable

Here the name of the selector (the part before ._domainkey) is the one you publish in dns

somename domain.name:selectorname:/path/to/somename.private

Postfix

In /etc/postfix/main.cf:


milter_protocol = 2
milter_default_action = accept
smtpd_milters = inet:localhost:8891
non_smtpd_milters = inet:localhost:8891

Checking

opendkim-testkey -d domain.name -s selectorname -v -k keys/keyname.private

This will try to fetch the key published in DNS, so "record not found" means DNS record not found. No output is good output.

FAQ

opendkim: no signing table match for

In opendkim.conf use:

refile:/etc/opendkim/SigningTable

opendkim-testkey key not secure

Probably means you have no DNSSEC


opendkim: /etc/opendkim.conf: /etc/opendkim/keys/default.private: open(): No such file or directory

Means it's defined in opendkim.conf, and you're not using KeyTable