install opendkim on ubuntu 12.04 with postfix

The following steps are for installing opendkim specifically on a Ubuntu 12.04 server with postfix.

lsb_release -a

Distributor ID: Ubuntu
Description: Ubuntu 12.04.2 LTS
Release: 12.04
Codename: precise

uname -a

Linux mail.happycalmfocused.com 3.2.0-41-generic #66-Ubuntu SMP Thu Apr 25 03:27:11 UTC 2013 x86_64 x86_64 x86_64 GNU/Linux

The server is running postfix email server

sudo dpkg -l "*postfix*"
ii postfix 2.9.6-1~12.04.1

/etc/postfix/main.cf

Append following lines at the end of main.cf:

# DKIM
milter_default_action = accept
milter_protocol = 6
##smtpd_milters = inet:localhost:8891
##non_smtpd_milters = inet:localhost:8891
smtpd_milters = unix:/var/run/opendkim/opendkim.sock
non_smtpd_milters = unix:/var/run/opendkim/opendkim.sock

Installing OPENDKIM binaries

sudo aptitude update
sudo aptitude install opendkim opendkim-tools

Primary configuration files:

• /etc/default/opendkim
• /etc/init.d/opendkim
• /etc/opendkim.conf

Generating a DKIM Key

Let’s say that exampledomain.com is the domain we are installing the email server, and that we want to use the following selector: mail201402

$ opendkim-genkey -t -s mail201402 -d exampledomain.com
$ ls -lah
-rw------- 1 admin admin 887 Feb 4 20:22 mail201402.private
-rw------- 1 admin admin 330 Feb 4 20:22 mail201402.txt

sudo cp mail201402.private /etc/postfix/dkim.key

The content of the file mail201402.txt is the TXT record to add in the DNS configuration

It looks something like this:

cat mail201402.txt

mail201402._domainkey IN TXT "v=DKIM1; k=rsa; t=y; p=MIGdhMA0GCSqjSIb3hQE56QU784GNADCBiQKBgQ90i0423GmY346566720g6PlVvo3lzXO5SoQ89F8G2rrcHarRuXiTJPUJOD9gXvAqbtUtnWqLTkl6h5TZf8hgKWimIbvPNU6YY0Y4a6F0GgUG5Px97qx9RQIDAQAB" ; ----- DKIM key mail201402 for exampledomain.com

DKIM Configuration files

cat /etc/opendkim.conf
# This is a basic configuration that can easily be adapted to suit a standard
# installation. For more advanced options, see opendkim.conf(5) and/or
# /usr/share/doc/opendkim/examples/opendkim.conf.sample.

# Log to syslog
Syslog yes
# Required to use local socket with MTAs that access the socket as a non-
# privileged user (e.g. Postfix)
UMask 002

# Sign for example.com with key in /etc/mail/dkim.key using
# selector '2007' (e.g. 2007._domainkey.example.com)
Domain exampledomain.com
KeyFile /etc/postfix/dkim.key
Selector mail201402

# Commonly-used options; the commented-out versions show the defaults.
#Canonicalization simple
#Mode sv
#SubDomains no
#ADSPDiscard no

# Always oversign From (sign using actual From and a null From to prevent
# malicious signatures header fields (From and/or others) between the signer
# and the verifier. From is oversigned by default in the Debian pacakge
# because it is often the identity key used by reputation systems and thus
# somewhat security sensitive.
OversignHeaders From

# List domains to use for RFC 6541 DKIM Authorized Third-Party Signatures
# (ATPS) (experimental)

#ATPSDomains example.com

if postfix is running in chroot environment, it looks for files under the directory /var/spool/postfix! Therefore we need to create the directory hierarchy:

    sudo mkdir -p /var/spool/postfix/var/run/opendkim
    sudo chown opendkim:opendkim /var/spool/postfix/var/run/opendkim
    sudo usermod -G opendkim postfix

/etc/default/opendkim

# Command-line options specified here will override the contents of
# /etc/opendkim.conf. See opendkim(8) for a complete list of options.
#DAEMON_OPTS=""
#
# Uncomment to specify an alternate socket
# Note that setting this will override any Socket value in opendkim.conf
#SOCKET="local:/var/run/opendkim/opendkim.sock" # default
#SOCKET="inet:54321" # listen on all interfaces on port 54321
#SOCKET="inet:12345@localhost" # listen on loopback on port 12345
#SOCKET="inet:12345@192.0.2.1" # listen on 192.0.2.1 on port 12345

## Added by SEN
## if postfix in running in chrooted environment, it looks for files in
## /var/spool/postfix

SOCKET="local:/var/spool/postfix/var/run/opendkim/opendkim.sock"

Finally, restart the services

sudo /etc/init.d/opendkim restart

sudo service postfix restart

Then take a look at /var/log/mail.log

Install DKIM on the DNS TXT record of the domain

Once you added the TXT record on the DNS server, check with the following:

[root@host ~] dig mail201402._domainkey.exampledomain.com ANY

Then search the internet for email validation services to check if working properly.