System Engineering

Install DKIMproxy on OpenSUSE

1. Install requirements

zypper install dkimproxy

2. Create keys

cd /usr/share/dkimproxy/etc
openssl genrsa -out dkim-private.key 1024
openssl rsa -in dkim-private.key -pubout -out dkim-public.key
chown dkim dkim-private.key
chmod 400 dkim-private.key

3. Configuration file

cp dkimproxy_in.conf.example dkimproxy_in.conf
cp dkimproxy_out.conf.example dkimproxy_out.conf
vi dkimproxy_out.conf

# add your domain of sender ...
# locate private-key file ...
keyfile   /usr/share/dkimproxy/etc/dkim-private.key
# define selector of DNS record ...
selector  default

4. Setting up postfix

vi /etc/postfix/

# modify the default submission service to specify a content filter
# and restrict it to local clients and SASL authenticated clients only
submission  inet  n     -       n       -       -       smtpd
    -o smtpd_etrn_restrictions=reject
    -o smtpd_sasl_auth_enable=yes
    -o content_filter=dksign:[]:10027
    -o receive_override_options=no_address_mappings
    -o smtpd_recipient_restrictions=permit_mynetworks,permit_sasl_authenticated,reject

# specify the location of the DKIM signing proxy
# Note: we allow "4" simultaneous deliveries here; high-volume sites may
#   want a number higher than 4.
# Note: the smtp_discard_ehlo_keywords option requires Postfix 2.2 or
#   better. Leave it off if your version does not support it.
dksign    unix  -       -       n       -       4       smtp
    -o smtp_send_xforward_command=yes
    -o smtp_discard_ehlo_keywords=8bitmime,starttls

# service for accepting messages FROM the DKIM signing proxy
# inet  n  -      n       -       10      smtpd
    -o content_filter=
    -o receive_override_options=no_unknown_recipient_checks,no_header_body_checks
    -o smtpd_helo_restrictions=
    -o smtpd_client_restrictions=
    -o smtpd_sender_restrictions=
    -o smtpd_recipient_restrictions=permit_mynetworks,reject
    -o mynetworks=
    -o smtpd_authorized_xforward_hosts=

5. Restart services

chkconfig --add dkimproxy
systemctl restart dkimproxy.service
systemctl restart postfix.service

6. Add DNS record (sender’s domain)

# add your public-key to p= ...
default._domainkey  IN  TXT  "v=DKIM1; k=rsa; g=*; t=s; p=MHwwDQYJK ... OprwIDAQAB"

# if error in bind, split key like below ...
default._domainkey  IN  TXT  ("v=DKIM1; k=rsa; g=*; t=s; p="


♦ References

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.