Small installation guide for postfix and dkim

Juni 9, 2022 - Lesezeit: 6 Minuten

How to install smtp and dkim on linux Server

This description is only a very small installation guide.
For more information and explanation of the parameters read the postfix/dkim manual.

### Install postfix and mailutils ###

Login as root on the server:

    apt-get install postfix
    During the installation set the fqdn for the server
    apt-get install mailutils (mail and mailx for cli)

    vi /etc/postfix/
    myhostname =  (check whether hostname / fqdn is correct)
    mtp_tls_security_level = may
    mynetworks = [::ffff:]/104 [::1]/128 (each client must be listed here to allow access to smtp, or if more than one client the subnet)
    after dkim has been installed, put these entries at the end of
    inet_protocols = ipv4
    milter_default_action = accept
    milter_protocol = 6
    smtpd_milters = inet:localhost:8891
    non_smtpd_milters = inet:localhost:8891
    service postfix restart
Edit / create sender_canonical

    vi /etc/postfix/sender_canonical
    postmap /etc/postfix/sender_canonical
Restart postfix service

    service postfix restart
### Install DKIM ###

    apt-get install opendkim opendkim-tools
Edit opendkim, all entries with SOCKET should be comment out, only RUNDIR should be comment in

    vi /etc/default/opendkim
Edit opendkim.conf

    vi /etc/opendkim.conf
    Syslog yes
    UMask 002
    Canonicalization relaxed/simple
    Mode sv
    SubDomains yes
    SignatureAlgorithm rsa-sha256
    OversignHeaders From
    Socket inet:8891@localhost
    PidFile /var/run/opendkim/
    OversignHeaders From
    TrustAnchorFile /usr/share/dns/root.key
    UserID opendkim
    KeyTable /etc/opendkim/key.table
    SigningTable refile:/etc/opendkim/signing.table
    ExternalIgnoreList /etc/opendkim/trusted.hosts
    InternalHosts /etc/opendkim/trusted.hosts
Change permission and create directory

    chmod u=rw,go=r /etc/opendkim.conf
    mkdir /etc/opendkim/keys
    chown -R opendkim:opendkim /etc/opendkim
    chmod go-rw /etc/opendkim/keys
Edit signing.table and key.table

    vi /etc/opendkim/signing.table
    *    example
    vi /etc/opendkim/key.table
    (202207 is the selector, it is needed for dns entry later. You can name it, however you like.)
Edit trusted.hosts

    vi /etc/opendkim/trusted.hosts
Change permissions

    chown -R opendkim:opendkim /etc/opendkim
    chmod -R go-rwx /etc/opendkim/keys
Create Domain Key and rename it

    cd /etc/opendkim/keys
    opendkim-genkey -d -b 2048 -r -s 202207
    mv 202207.private example.private
    mv 202207.txt example.txt
Change permissions and restart opendkim

    chown -R opendkim:opendkim /etc/opendkim
    chmod -R go-rw /etc/opendkim/keys
    systemctl restart opendkim
    systemctl status -l opendkim
The Content of example.txt must be inserted in DNS e.g.
    cat /etc/opendkim/keys/example.txt

    202207._domainkey       IN      TXT     ( "v=DKIM1; h=sha256; k=rsa; s=email; "
          "eLZTL+rm8CLCFyM4xQOHO30B9X5iXMWx9sWSuCKrVGNXFuTSzO69F33pBzS6LQpG1IMn9jtKf4L18CUoXdW7t1hd2g9eQ1Hw7ab17/jIC19nm2fEkdBHRfmnSx23uQj8yfDAYDgQIDAQAB" )  ; ----- DKIM key 202207 for

          This is important for DNS:
          v=DKIM1; h=sha256; k=rsa; s=email; "
          Selector is 202207
To check the key, wait 24h

    opendkim-testkey -d -s 202207 -vvv
    opendkim-testkey: using default configfile /etc/opendkim.conf
    opendkim-testkey: checking key ''
    opendkim-testkey: key not secure  ==> it is ok, no DNSSEC in use
    opendkim-testkey: key OK