Saturday, July 13, 2013

OpenDKIM with Postfix on CentOS 6.4



OpenDKIM with Postfix on CentOS 6.4

l   Chapter 1 DKIM Service

l   Chapter 2 DKIM Installation and startup

l   Chapter 3 OpenDKIM Configuration

l   Chapter 4 Postfix Configuration

l   Chapter 5 OpenDKIM Testing



Chapter 1 DKIM Service

1.    What is DKIM (DomainKeys Identified Mail)? 
  • Cryptography-based protocol, signs selected header fields and message body
  •       Validate identifier and msg data integrity - DNS identifiers, Public keys in DNS
  • Intended to allow good senders to prove that they did send a particular message
  • Prevent forgers from masquerading as good senders (if those senders sign all outgoing mail)
DomainKeys (Yahoo) + Identified Mail (Cisco)

Chapter 2  DKIM  Installation and Startup
1. Requirements
a. Postfix must be working
# ps –ef | grep postfix
b. Sendmail is turned off
# chkconfig sendmail off
2.Package installation
# rpm –qa | grep opdndkim
libopendkim-2.8.3-2.el6.i686
libopendkim-devel-2.8.3-2.el6.i686
opendkim-2.8.3-2.el6.i686
3. User and Directory checking
# grep opendkim /etc/passwd /etc/shadow /etc/group
# ls –l /etc/opendkim /var/run/opendkim
4. Service startup
# service opendkim start
Chapter 3  OpenDKIM Configuration
1.Generate Keys for signing
# mkdir /etc/opendkim/keys/chul.com
# cd /etc/opendkim/keys/chul.com
# opendkim-genkey -d chul.com -s default
# chown -R opendkim:opendkim /etc/opendkim/keys/chul.com
# chmod 640 default.private
2. Create KeyTable file
# cat /etc/opendkim/KeyTable
default._domainkey.chul.com chul.com:default:/etc/opendkim/keys/chul.com/default.private
3. Create SigningTable file
# cat /etc/opendkim/SigningTable
*@chul.com default._domainkey.chul.com
4. Create TrustedHosts file
# cat /etc/opendkim/TrustedHosts
127.0.0.1
server.chul.com
chul.com
192.168.80.0/24
5. Adding DNS Records
 # cat /etc/opendkim/keys/chul.com/default.txt >> /var/named/chul.zone
6. Configuring main file
# vi  /etc/opendkim.conf
#MTA sometimes modify email in transit, so it can invalidate the DKIM signature
Canonicalization         relaxed/relaxed  or simple
# Selectors allows a domain to have more than one public-key in DNS
Selector                                  default
KeyTable                refile:/etc/opendkim/KeyTable
Mode                              sv (Sign and verify)
SigningTable                       refile:/etc/opendkim/SigningTable
Socket                   inet:8891@localhost
UserID                   opendkim:opendkim
ExternalIgnoreList         refile:/etc/opendkim/TrustedHosts
InternalHosts             refile:/etc/opendkim/TrustedHosts

Chapter 4  Postfix Configuration
1. Edit Postfix configuration file
# vi  /etc/postfix/main.cf
# opendkim setup
smtpd_milters = inet:localhost:8891
non_smtpd_milters = inet:localhost:8891
milter_default_action = accept
2. Service startup
# service opendkim start
# service postfix restart
# service named restart
# chkconfig opendkim on
# ps –ef | grep dkim
# netstat –nat | grep 8891

Chapter 5 OpenDKIM Testing
1.Testing using Local email address on Evolution and Thunderbird
Sender: tland@chul.com 
Recipient: linux@chul.com
# tail –f  /var/log/maillog
server opendkim[12275]: DC5873A4: DKIM-Signature field added (s=default, d=chul.com)
2. Testing using External email address
Send a signed email to      : autorespond+dkim@dk.elandsys.com
                                             : sa-test@sendmail.net
                                             : check-auth@verifier.port25.com

Posted by at

1 comment:

Subscribe to: Post Comments (Atom)