DomainKeys is an e-mail authentication system designed to verify the DNS domain of an e-mail sender and the message integrity.
Or in simple words: if you don’t use it, yahoo mail systems will hates you (and many many others).
Let’s install and configure dkim-filter:
aptitude install dkim-filter
Edit the default config in /etc/dkim-filter.conf
Uncomment “Mode sv” to be sure that dkim-filter will both sign and verify signatures.
Now enable the socket that postfix will use to communicate with dkim-filter:
Now instruct postfix about dkim-filter:
milter_default_action = accept
milter_protocol = 2
smtpd_milters = inet:localhost:8891
non_smtpd_milters = inet:localhost:8891
Restart dkim-filter and postfix.
The last step is load your public key, in a special TXT record for your domain that you can see on /etc/dkim/default.txt.
dkim-filter: 57E455841A external host foo attempted to send as yourdomain.com
This will happen if you don’t force the clients to auth themself for relaying, but you configured a static subnet declaration on mynetwork (main.cf): postfix knows that the clients sending mail from this subnet are trusted, but dkim NOT!
For get that working you need to modify DAEMON_OPTS in /etc/default/dkim-filter:
DAEMON_OPTS=" -i /etc/dkim/internal_hosts"
and then, create /etc/dkim/internal_hosts: