Home / server / Questions / 698202
In Process
Dan Hastings
Asked: 2015-06-11 23:30:20 +0800 CST

Outbound emails not being signed with DKIM using Postfix on Centos

  • 772

I have been using phpmailer for my emails and i had dkim working correctly with this. I have a key mail._domainkey.domain.com. I have validated my past emails with http://www.mail-tester.com/ and i got 9.4 for the phpmailer emails. I have setup postfix and opendkim. I have set them upp to use the same keys i had already setup before, but i ran a test with mail sent from postfix and it only got 9.0. It lost -1 for not having dkim. I should be ok with a score like this to not get filtered by spam, but since i have DKIM setup and working in the past id like to use it to get 10/10.

Is there a simple way that i can sign email with an existing private key file and a matching dns entry. Im using roundcube as the client, but it doesnt look like it can be configured at this level.

I checked the source of the email that was sent to gmail and there was no mention of dkim in the data. (it still made it to the inbox, but i want to get this sorted anyway).

Here is all the stuff i have configured to set this up

/etc/opendkim/Keytable

mail._domainkey.domain.com domain.com :default:/etc/opendkim/keys/domain.com/default

/etc/opendkim.conf

AutoRestart             Yes
AutoRestartRate         10/1h
Canonicalization        relaxed/simple
ExternalIgnoreList      refile:/etc/opendkim/TrustedHosts
InternalHosts           refile:/etc/opendkim/TrustedHosts
KeyTable                refile:/etc/opendkim/KeyTable
LogWhy                  Yes
Mode                    sv
PidFile                 /var/run/opendkim/opendkim.pid
SignatureAlgorithm      rsa-sha256
SigningTable            refile:/etc/opendkim/SigningTable
Socket                  inet:8891@localhost
Syslog                  Yes
SyslogSuccess           Yes
TemporaryDirectory      /var/tmp
UMask                   022
UserID                  opendkim:opendkim

/etc/opendkim/SigningTable

*@domain.com mail._domainkey.domain.com

/etc/opendkim/TrustedHosts

127.0.0.1 
domain.com

/etc/opendkim/keys/domain.com/default.txt

k=rsa; p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDOWKEVTS6FJXogB66ls9OmtD7GRCE0FxTGR+n1sBUmp1Zj/eosMNSWGfwPEfSZVjY/VrQszi/MrdYF7VTLGCKiVxlYrhjSqtqWw93ODmrIsBnTd/IIbIHLOI2yNmegHFIWEvOGFsMqCnQ4IZMtVdwUQtEvSVtjDmNe2PXqvwlzRQIDAQAB
centos

1 Answers

  1. You need to add opendkim as a milter to postfix.

    Make sure these two lines are in postfix's main.cf:

    milter_protocol = 2
milter_default_action = accept

    Then add opendkim to your milters:

    smtpd_milters = inet:localhost:8891
non_smtpd_milters = inet:localhost:8891

    I would also add localhost to the TrustedHosts file for opendkim since it's possible that postfix will connect to it over IPv6 (::1) instead of IPv4 (127.0.0.1). Having localhost in the TrustedHosts file should be sufficient.

    See: https://www.digitalocean.com/community/tutorials/how-to-install-and-configure-dkim-with-postfix-on-debian-wheezy for some more details.

    • 2