Page Title

Body
These instructions are based on the documentation at http://dkimproxy.sourceforge.net, refer there for FAQ and troubleshooting. Install postfix and get Perl libraries we'll need: <pre><code> yum remove sendmail yum install postfix unzip links wget ftp gpg wget ftp://ftp.ncftp.com/ncftp/binaries/ncftp-3.2.1-linux-x86-glibc2.3-export.tar.gz tar xvfz ncftp-3.2.1*.tar.gz cd ncftp-3.2.1 make install cpan install Bundle::CPAN reload cpan install Error Crypt::OpenSSL::RSA Digest::SHA Digest::SHA1 Mail::Address MIME::Base64 Net::DNS install Net::Server Mail::DKIM exit </code></pre> Download dkimproxy which will handle the DKIM signing of our messages: <pre><code>wget http://superb-west.dl.sourceforge.net/sourceforge/dkimproxy/dkimproxy-1.0beta1.tar.gz tar xvzf dkimproxy* cd dkimproxy* ./configure --prefix=/usr/local/dkimproxy make install useradd -r -c "DKIM Proxy System Account" dkim mkdir -p /etc/mail/domainkeys chmod 0700 /etc/mail/domainkeys openssl genrsa -out private.key 1024 openssl rsa -in private.key -pubout -out public.key mv private.key /etc/mail/domainkeys/<selector>.pem cat public.key </code></pre> Use the contents of the public key to add a TXT record for <code><selector>._domainkey.yourdomain.com</code> to your DNS with the following format. Do keep the quote in the text value. <pre><code> "k=rsa; t=s; p=<public key here>" </code></pre> Test your DNS record: <pre><code>dig +short <selector>._domainkey.yourdomain.com txt</code></pre> Move the public key: <pre><code>mv public.key /etc/mail/domainkeys/<selector>.pub chown -R dkim /etc/mail/domainkeys</code></pre> Edit /usr/local/dkimproxy/etc/dkimproxy_out.conf.example * Update the domain(s) you are signing for * Update the path to the keyfile: /etc/mail/domainkeys/<selector>.pem * Update the selector name Then run: <pre><code>mv /usr/local/dkimproxy/etc/dkimproxy_out.conf.example /usr/local/dkimproxy/etc/dkimproxy_out.conf mv /usr/local/dkimproxy/etc/dkimproxy_in.conf.example /usr/local/dkimproxy/etc/dkimproxy_in.conf #Save init script to /etc/init.d/dkimproxy chmod +x /etc/init.d/dkimproxy chkconfig dkimproxy on service dkimproxy start # should see inbound and outbound proxies starting </code></pre> Edit or update these sections in /etc/postfix/master.cf: <pre><code>smtp inet n - n - - smtpd -o smtpd_proxy_filter=127.0.0.1:10025 -o smtpd_client_connection_count_limit=10 submission inet n - n - - smtpd -o smtpd_etrn_restrictions=reject -o smtpd_sasl_auth_enable=yes -o content_filter=dksign:[127.0.0.1]:10027 -o receive_override_options=no_address_mappings -o smtpd_recipient_restrictions=permit_mynetworks,permit_sasl_authenticated,reject dksign unix - - n - 10 smtp -o smtp_send_xforward_command=yes -o smtp_discard_ehlo_keywords=8bitmime,starttls 127.0.0.1:10028 inet n - n - 10 smtpd -o content_filter= -o receive_override_options=no_unknown_recipient_checks,no_header_body_checks -o smtpd_helo_restrictions= -o smtpd_client_restrictions= -o smtpd_sender_restrictions= -o smtpd_recipient_restrictions=permit_mynetworks,reject -o mynetworks=127.0.0.0/8 -o smtpd_authorized_xforward_hosts=127.0.0.0/8 127.0.0.1:10026 inet n - n - - smtpd -o smtpd_authorized_xforward_hosts=127.0.0.0/8 -o smtpd_client_restrictions= -o smtpd_helo_restrictions= -o smtpd_sender_restrictions= -o smtpd_recipient_restrictions=permit_mynetworks,reject -o smtpd_data_restrictions= -o mynetworks=127.0.0.0/8 -o receive_override_options=no_unknown_recipient_checks pickup fifo n - n 60 1 pickup -o content_filter=dksign:[127.0.0.1]:10027 </code></pre> Edit /etc/postfix/main.cf: * Uncomment: inet_interfaces = all * Comment: inet_interfaces = localhost * Configure other Postfix directives as needed: hostname, relays, etc. Reload postfix configuration <pre><code>service postfix reload</code></pre> Test it! Use the mutt program to send an email to test@dkimtest.jason.long.name. You may need to <code>yum install mutt</code>. The reply to your test mail will provide the results of the DKIM verification. Be sure to put "dkim" in the subject of your test email. Look in /var/log/maillog to check for errors/confirmations. If you send an email to your Gmail or Yahoo email accounts, you should see the DKIM and Domain Keys signatures in the header of the message along with a confirmation: <code>dkim=pass header.i=@yourdomain.com</code>

Make page private