Home » Postfix » DomainKeys and postfix configuration on Centos

DomainKeys and postfix configuration on Centos

This tutorial will help you to setup DomainKeys and postfix configuration on Centos server.

Install EPEL repository:
64 bit:

# rpm -Uvh http://download.fedoraproject.org/pub/epel/6/x86_64/epel-release-6-7.noarch.rpm

32 bit:

# rpm -Uvh http://download.fedoraproject.org/pub/epel/6/i386/epel-release-6-7.noarch.rpm

Install DKIM:

# yum install opendkim
# mkdir /etc/opendkim/keys/linuxpcfix.com
# export domain=linuxpcfix.com
# cd /etc/opendkim/keys/linuxpcfix.com

Generate Private keys as below.

# opendkim-genkey -d linuxpcfix.com -s default

Change the ownership and group for /etc/opendkim/keys/linuxpcfix.com

# chown -R opendkim:opendkim /etc/opendkim/keys/linuxpcfix.com

Copy or edit the below contents in /etc/opendkim/KeyTable

# echo “default._domainkey.linuxpcfix.com linuxpcfix.com:default:/etc/opendkim/keys/linuxpcfix.com/default.private” >> /etc/opendkim/KeyTable
# echo “*@linuxpcfix.com default._domainkey.linuxpcfix.com” >> /etc/opendkim/SigningTable

If you have internal hosts relaying through that you want to sign mail for to:

# echo “” >> /etc/opendkim/TrustedHosts

Edit mail configuration file

# vi /etc/opendkim.conf
Mode sv
Domain linuxpcfix.com
uncomment following lines.
PidFile /var/run/opendkim/opendkim.pid
Mode sv
Syslog yes
SyslogSuccess yes
UserID opendkim:opendkim
Socket inet:8891@localhost
Umask 002
Canonicalization relaxed/relaxed
Selector default
MinimumKeyBits 1024
KeyTable /etc/opendkim/KeyTable
SigningTable refile:/etc/opendkim/SigningTable
ExternalIgnoreList refile:/etc/opendkim/TrustedHosts
InternalHosts refile:/etc/opendkim/TrustedHost

(Search this line: SigningTable /etc/opendkim/SigningTable and modify it to:
SigningTable refile:/etc/opendkim/SigningTable to enable regex wildcards on SigningTable)
Configure Postfix

# vi /etc/postfix/main.cf (add following)
# opendkim setup
smtpd_milters = inet:localhost:8891
non_smtpd_milters = inet:localhost:8891
milter_default_action = accept

Restart Services

# service opendkim start
# service postfix restart
# service named reload
# chkconfig opendkim on

Test our setup

# echo “DKIM Test” | mail -s “DKIM Testing” user@gmail.com
# tail -100 /var/log/maillog

Now make sure maillog log shows it signed, check gmail headers of email you sent, make sure everything passes fine.

Note :: For sendmail configuration append the below line to working with opendkim.

INPUT_MAIL_FILTER(`opendkim’, `S=inet:8891@localhost’)


I am founder and webmaster of www.linuxpcfix.com and working as a Sr. Linux Administrator (Expertise on Linux/Unix & Cloud Server) and have been in the industry from last 7 years.

Leave a Reply

Your email address will not be published. Required fields are marked *


Time limit is exhausted. Please reload the CAPTCHA.

Categorized Tag Cloud