Domainkeys/Dkim with Postfix (quick way)

DomainKeys is an e-mail authentication system designed to verify the DNS domain of an e-mail sender and the message integrity.

Or in simple words: if you don’t use it, yahoo mail systems will hates you (and many many others).

Let’s install and configure dkim-filter: aptitude install dkim-filter mkdir /etc/dkim cd /etc/dkim dkim-genkey Edit the default config in /etc/dkim-filter.conf Domain yourdomain.com KeyFile /etc/dkim/default.private Selector Default Uncomment “Mode sv” to be sure that dkim-filter will both sign and verify signatures.

Now enable the socket that postfix will use to communicate with dkim-filter: /etc/default/dkim-filter SOCKET="inet:8891@localhost"

Now instruct postfix about dkim-filter: /etc/postfix/main.cf milter_default_action = accept milter_protocol = 2 smtpd_milters = inet:localhost:8891 non_smtpd_milters = inet:localhost:8891

Restart dkim-filter and postfix.

The last step is load your public key, in a special TXT record for your domain that you can see on /etc/dkim/default.txt.

Hint:

dkim-filter[15113]: 57E455841A external host foo attempted to send as yourdomain.com

This will happen if you don’t force the clients to auth themself for relaying, but you configured a static subnet declaration on mynetwork (main.cf): postfix knows that the clients sending mail from this subnet are trusted, but dkim NOT!

For get that working you need to modify DAEMON_OPTS in /etc/default/dkim-filter: DAEMON_OPTS=" -i /etc/dkim/internal_hosts" and then, create /etc/dkim/internal_hosts: 127.0.0.1 12.13.14.15/24