Follow these steps to install OpenDKIM on Ubuntu and Plesk.
I will use domain.tld (as the primary domain) and example.com as my domains, I have enabled subdomains so mail from the server mail.domain.tld gets signed too as in this case mail.domain.tld is also the Posfix hostname and mailname…
1. First login as root as run…
|
1 2 |
# apt-get update # apt-get install opendkim opendkim-tools |
2. Create the folder structure…
|
1 2 |
# mkdir -p /etc/opendkim/keys/domain.tld # mkdir -p /etc/opendkim/keys/example.com |
3. Create a key, I’ll use “dkim” as the selector and create 1024bit keys
You will have two files in the folder, dkim.private and dkim.txt, the latter contains the DNS record for you to add in Plesk or at your domains registrar.
|
1 2 3 4 |
# cd /etc/opendkim/keys/domain.tld # opendkim-genkey -s dkim -d domain.tld # chown opendkim:opendkim dkim.private # chmod 600 dkim.private |
|
1 2 3 4 |
# cd /etc/opendkim/keys/example.com # opendkim-genkey -s dkim -d example.com # chown opendkim:opendkim dkim.private # chmod 600 dkim.private |
4. Now we’ll create the SigningTable and the KeyTable…
|
1 |
# vi /etc/opendkim/SigningTable |
The contents should look like…
|
1 2 3 4 |
domain.tld dkim._domainkey.domain.tld mail.domain.tld dkim._domainkey.domain.tld example.com dkim._domainkey.example.com mail.example.com dkim._domainkey.example.com |
5. And the KeyTable…
|
1 |
# vi /etc/opendkim/KeyTable |
The contents should look like…
|
1 2 3 4 |
dkim._domainkey.domain.tld domain.tld:dkim:/etc/opendkim/keys/domain.tld/dkim.private dkim._domainkey.domain.tld mail.domain.tld:dkim:/etc/opendkim/keys/domain.tld/dkim.private dkim._domainkey.example.com example.com:dkim:/etc/opendkim/keys/example.com/dkim.private dkim._domainkey.example.com mail.example.com:dkim:/etc/opendkim/keys/example.com/dkim.private |
You can see the subdomains point to the same key as the domain.
6. Next we have to create the internal hosts file…
|
1 |
# vi /etc/opendkim/dkim-InternalHosts |
and add your IP and host names…
|
1 2 3 4 5 6 7 |
127.0.0.1/8 192.168.0.50/32 # where this is your Server IP localhost domain.tld mail.domain.tld example.com mail.example.com |
7. Now edit /etc/opendkim.conf
|
1 |
# vi /etc/opendkim.conf |
And define these settings…
|
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 |
Syslog yes UMask 002 Domain domain.tld KeyFile /etc/opendkim/keys/domain.tld/dkim.private Selector dkim Canonicalization relaxed/relaxed Mode sv SignatureAlgorithm rsa-sha256 SubDomains yes LogWhy yes UserID opendkim:opendkim KeyTable /etc/opendkim/KeyTable SigningTable /etc/opendkim/SigningTable InternalHosts /etc/opendkim/dkim-InternalHosts Statistics /var/log/opendkim/dkim-stats.log OversignHeaders From |
8. Make sure you create the log directory, and the log file is owned by opendkim:opendkim
|
1 2 3 |
# mkdir -p /var/log/opendkim/ # touch /var/log/opendkim/dkim-stats.log # chown opendkim:opendkim /var/log/opendkim/dkim-stats.log |
9. We now need to define the socket…
|
1 |
# vi /etc/default/opendkim |
And uncomment…
|
1 |
SOCKET="inet:12345@localhost" # listen on loopback on port 12345 |
10. And restart opendkim
|
1 |
# service opendkim restart |
11. Our last step is too add this milter to our postfix configuration file…
|
1 |
# vi /etc/postfix/main.cf |
|
1 2 3 4 |
milter_default_action = accept milter_protocol = 6 smtpd_milters = inet:127.0.0.1:12768, inet:127.0.0.1:12345 non_smtpd_milters = inet:127.0.0.1:12345 |
Restart Postfix…
|
1 |
# service postfix restart |
And you should be good.