1. Install requirements
zypper install dkimproxy
2. Create keys
cd /usr/share/dkimproxy/etc openssl genrsa -out dkim-private.key 1024 openssl rsa -in dkim-private.key -pubout -out dkim-public.key chown dkim dkim-private.key chmod 400 dkim-private.key
3. Configuration file
cp dkimproxy_in.conf.example dkimproxy_in.conf cp dkimproxy_out.conf.example dkimproxy_out.conf vi dkimproxy_out.conf # add your domain of sender ... domain domain1.com,domain2.com # locate private-key file ... keyfile /usr/share/dkimproxy/etc/dkim-private.key # define selector of DNS record ... selector default
4. Setting up postfix
vi /etc/postfix/master.cf: # # modify the default submission service to specify a content filter # and restrict it to local clients and SASL authenticated clients only # submission inet n - n - - smtpd -o smtpd_etrn_restrictions=reject -o smtpd_sasl_auth_enable=yes -o content_filter=dksign:[127.0.0.1]:10027 -o receive_override_options=no_address_mappings -o smtpd_recipient_restrictions=permit_mynetworks,permit_sasl_authenticated,reject # # specify the location of the DKIM signing proxy # Note: we allow "4" simultaneous deliveries here; high-volume sites may # want a number higher than 4. # Note: the smtp_discard_ehlo_keywords option requires Postfix 2.2 or # better. Leave it off if your version does not support it. # dksign unix - - n - 4 smtp -o smtp_send_xforward_command=yes -o smtp_discard_ehlo_keywords=8bitmime,starttls # # service for accepting messages FROM the DKIM signing proxy # 127.0.0.1:10028 inet n - n - 10 smtpd -o content_filter= -o receive_override_options=no_unknown_recipient_checks,no_header_body_checks -o smtpd_helo_restrictions= -o smtpd_client_restrictions= -o smtpd_sender_restrictions= -o smtpd_recipient_restrictions=permit_mynetworks,reject -o mynetworks=127.0.0.0/8 -o smtpd_authorized_xforward_hosts=127.0.0.0/8
5. Restart services
chkconfig --add dkimproxy systemctl restart dkimproxy.service systemctl restart postfix.service
6. Add DNS record (sender’s domain)
# add your public-key to p= ... default._domainkey IN TXT "v=DKIM1; k=rsa; g=*; t=s; p=MHwwDQYJK ... OprwIDAQAB" # if error in bind, split key like below ... default._domainkey IN TXT ("v=DKIM1; k=rsa; g=*; t=s; p=" "MHwwDQYJKasdE324asAHTDFDSADDAFGffdsdASDsasdOprwIDAQAB" "ADDAFGffdsdASDsasdOprwIDAQABMHwwDQYJKasdE324asAHTDFDS" .............. "AHTDFDSADDAFGffdsdASDsasdOprwIMHwwDQYJKasdE324asDAQAB")
♦ References