Domainkeys/Dkim with Postfix (quick way)

DomainKeys is an e-mail authentication system designed to verify the DNS domain of an e-mail sender and the message integrity.

Or in simple words: if you don’t use it, yahoo mail systems will hates you (and many many others).

Let’s install and configure dkim-filter: aptitude install dkim-filter mkdir /etc/dkim cd /etc/dkim dkim-genkey Edit the default config in /etc/dkim-filter.conf Domain KeyFile /etc/dkim/default.private Selector Default Uncomment “Mode sv” to be sure that dkim-filter will both sign and verify signatures.

Now enable the socket that postfix will use to communicate with dkim-filter: /etc/default/dkim-filter SOCKET="inet:8891@localhost"

Now instruct postfix about dkim-filter: /etc/postfix/ milter_default_action = accept milter_protocol = 2 smtpd_milters = inet:localhost:8891 non_smtpd_milters = inet:localhost:8891

Restart dkim-filter and postfix.

The last step is load your public key, in a special TXT record for your domain that you can see on /etc/dkim/default.txt.


dkim-filter[15113]: 57E455841A external host foo attempted to send as

This will happen if you don’t force the clients to auth themself for relaying, but you configured a static subnet declaration on mynetwork ( postfix knows that the clients sending mail from this subnet are trusted, but dkim NOT!

For get that working you need to modify DAEMON_OPTS in /etc/default/dkim-filter: DAEMON_OPTS=" -i /etc/dkim/internal_hosts" and then, create /etc/dkim/internal_hosts:

🇬🇧 🇺🇸 If you found value in my content, consider supporting me by treating me to a coffee, beer, or pizza. Your contributions help fuel more quality content creation.

🇮🇹 Se hai trovato valore nei miei contenuti, considera di supportarmi offrendomi un caffè, una birra o una pizza. I tuoi contributi aiutano a creare contenuti di qualità.

🇬🇧 🇺🇸 If you have found inaccuracies or wish to improve this article, please use the comments section below (after clicking on Load Comments).

🇮🇹 Se hai trovato imprecisioni o vuoi migliorare questo articolo, utilizza la sezione commenti qui sotto (dopo aver cliccato Load Comments)