Talk:Postfix/DKIM

From Gentoo Wiki
Jump to:navigation Jump to:search
Note
This is a Talk page - please see the documentation about using talk pages. Add newer comments below older ones, sign comments using four tildes (~~~~), and indent successive comments with colons (:). Add new sections at the bottom of the page, under a heading (== ==). Please remember to mark sections as "open for discussion" using {{talk|open}}, so they will show up in the list of open discussions.

Different way

Talk status
This discussion is still ongoing.

I couldn't get it to work with these directions, but had to do it a different way.

My installation uses a UNIX socket instead of an Internet socket, as recommended by other installation guides online, for cleaner installation and better security.

However, Postfix couldn't talk to OpenDKIM unless OpenDKIM was installed under the username of "postfix", probably not the best idea. I looked around, but couldn't find a workaround for this. Any suggestions?

Make directory, or fix permissions if it had already been made: 

mkdir -m 0755 -p /var/run/opendkim
chown postfix:postfix -R /var/run/opendkim

Create /etc/opendkim/opendkim.conf file: 

Domain   example.com
Mode     s
Selector mydkim
UserID   postfix:postfix
KeyFile  /etc/opendkim/mydkim.private
PidFile  /var/run/opendkim/opendkim.pid
Socket   local:/var/run/opendkim/opendkim.sock

Change example.com to your domain, of course.

The /etc/opendkim/mydkim.* files should already exist, when you ran "emerge --config mail-filter/opendkim" to configure it earlier.

You must publish the contents of /etc/opendkim/mydkim.txt to your DNS server. That's a subject for DNS administration, beyond the scope of this document.

Add to /etc/postfix/main.cf: 

smtpd_milters     = unix:/var/run/opendkim/opendkim.sock
non_smtpd_milters = unix:/var/run/opendkim/opendkim.sock

Ensure OpenDKIM runs at startup: 

rc-update add opendkim

Restart services: 

postfix reload
/etc/init.d/opendkim restart

Did it work? 

tail -f /var/log/messages /var/log/mail.log

If it worked, great! If it didn't work, you're bouncing mail! QUICKLY back out your changes to /etc/postfix/main.cf and restart Postfix, hopefully you won't lose too much mail.

--Krellan 08:58, 2 October 2012 (UTC)

The DKIM recommendation to use only a 512 bit key is obsolete.

https://support.google.com/mail/answer/81126?hl=en

On this page, Google says "We do not authenticate DKIM using less than a 1024-bit key.".

--Krellan (talk) 22:45, 29 May 2013 (UTC)

spf & dig test

Talk status
This discussion is still ongoing.

a spf section should be noted before this article.

a dig test command should be posted to ensure that your dns settings are going through properly....

Note
its the same test for spf & dkim.
user $dig google.com txt

666threesixes666 (talk) 03:39, 25 December 2013 (UTC)

Retrieved from "https://wiki.gentoo.org/index.php?title=Talk:Postfix/DKIM&oldid=746516"