Quick And Easy Setup For DomainKeys Using Ubuntu, Postfix And Dkim-Filter
This is a quick tutorial for setting up DomainKeys on Ubuntu (I used 6.06LTS - but should work the same on others) using dkim-filter with Postfix so emails from your domain will not constantly end up in Yahoo's spam filter.
First install dkim-filter from the respositories:
sudo apt-get install dkim-filter
Next create a location for storing the public and private keys required:
sudo mkdir /var/dkim-filter
Enter into that directory and create keys:
sudo openssl genrsa -out private.key 1024
sudo openssl rsa -in private.key -out public.key -pubout -outform PEM
Edit dkim-filter configuration file, almost everything is commented out by default. Here is a copy of my config. Replace DOMAIN.TLD with your domain name.
# Log to syslog Syslog yes # Required to use local socket with MTAs that access the socket as a non- # privileged user (e.g. Postfix) #UMask 002 # Sign for example.com with key in /etc/mail/dkim.key using # selector '2007' (e.g. 2007._domainkey.example.com) Domain DOMAIN.TLD KeyFile /var/dkim-filter/private.key Selector mail # Common settings. See dkim-filter.conf(5) for more information. AutoRestart no Background yes Canonicalization simple DNSTimeout 5 Mode sv SignatureAlgorithm rsa-sha256 SubDomains no UseSSPDeny no X-Header no
At this point you should be able to successfully start the service and check for any errors in the syslog.
sudo /etc/init.d/dkim-filter start
Now add the selector and public key info into your DNS zone file. Change the DOMAIN.TLD to match your domain name, and add the key contents from: /var/dkim-filter/public.key after the p=
Make sure there are no spaces or line breaks!
;;;; MAKE MANUAL ENTRIES BELOW THIS LINE! ;;;; mail._domainkey.DOMAIN.TLD. IN TXT "k=rsa; t=y; p=MIGfKh1FC.....bfQIDAQAB"
Edit the Postfix configuration file...
sudo vi /etc/postfix/main.cf
... and add the following to the bottom of the file:
milter_default_action = accept milter_protocol = 2 smtpd_milters = inet:localhost:8891 non_smtpd_milters = inet:localhost:8891
Next restart BIND and Postfix:
sudo /etc/init.d/bind9 restart
sudo /etc/init.d/postfix restart
Test by sending a mail to a Yahoo account, check the header for DomainKeys status.