Talk:Postfix/DKIM

I couldn't get it to work with these directions, but had to do it a different way.

My installation uses a UNIX socket instead of an Internet socket, as recommended by other installation guides online, for cleaner installation and better security.

However, Postfix couldn't talk to OpenDKIM unless OpenDKIM was installed under the username of "postfix", probably not the best idea. I looked around, but couldn't find a workaround for this. Any suggestions?

Make directory, or fix permissions if it had already been made:

mkdir -m 0755 -p /var/run/opendkim chown postfix:postfix -R /var/run/opendkim

Create /etc/opendkim/opendkim.conf file:

Domain  example.com Mode    s Selector mydkim UserID  postfix:postfix KeyFile /etc/opendkim/mydkim.private PidFile /var/run/opendkim/opendkim.pid Socket  local:/var/run/opendkim/opendkim.sock

Change example.com to your domain, of course.

The /etc/opendkim/mydkim.* files should already exist, when you ran "emerge --config mail-filter/opendkim" to configure it earlier.

You must publish the contents of /etc/opendkim/mydkim.txt to your DNS server. That's a subject for DNS administration, beyond the scope of this document.

Add to /etc/postfix/main.cf:

smtpd_milters    = unix:/var/run/opendkim/opendkim.sock non_smtpd_milters = unix:/var/run/opendkim/opendkim.sock

Ensure OpenDKIM runs at startup:

rc-update add opendkim

Restart services:

postfix reload /etc/init.d/opendkim restart

Did it work?

tail -f /var/log/messages /var/log/mail.log

If it worked, great! If it didn't work, you're bouncing mail! QUICKLY back out your changes to /etc/postfix/main.cf and restart Postfix, hopefully you won't lose too much mail.

--Krellan 08:58, 2 October 2012 (UTC)

The DKIM recommendation to use only a 512 bit key is obsolete.

https://support.google.com/mail/answer/81126?hl=en

On this page, Google says "We do not authenticate DKIM using less than a 1024-bit key.".

--Krellan (talk) 22:45, 29 May 2013 (UTC)