How to Setup DomainKeys (DKIM) with Postfix on CentOS, RHEL

DKIM (DomainKeys Identified Mail) is a method of signing electronic emails using public private key. DKIM is used by receiving mail server for identifying email, that they are sent by authorized mail servers. It also minimize the possibility of getting emails SPAM.
This tutorial will provide you a quick and easy way to set up DomainKeys with your POSTFIXrunning on CentOS and RHEL systems.
dkim-domainkeys

How DKIM Works ?

When we configured DKIM on sending servers. First we generated a public/private key pair for signing outgoing messages. Public key is configured as TXT record on domains name server, and the private key is configured in outbound email server. When an email is sent by an authorized user of the email server, the server uses the stored private key to generate a digital signature of the message, which is inserted in the message as a header, and the email is sent as normal.

Step 1: Install DKIM-milter

First make sure you have enabled EPEL repository in your system. After that install dkim-milter package using following command.
# yum --enablerepo=epel install dkim-milter

Step 2: Generate Key Pair

Now create DKIM key pair using dkim-genkey command line utility provided by dkim-milter package. For this tutorial we are using domain name “example.com”, Change this name with your actual names.
# MYDOMAIN=example.com
# mkdir -p /etc/mail/dkim-milter/keys/$MYDOMAIN
# cd /etc/mail/dkim-milter/keys/$MYDOMAIN
# dkim-genkey -r -d $MYDOMAIN
Above command will generate two files default.private and default.txt. You can created multiple DKIM keys for different-2 domains and configure with your postfix server.

Step 3: Configure DKIM with POSTFIX

First edit the domain keys lists setting file /etc/mail/dkim-milter/keys/keylist and add following entry.
*@example.com:example.com:/etc/mail/dkim-milter/keys/default.private
Edit DKIM configuration file /etc/mail/dkim-milter/dkim-filter.conf and update Socket configuration as below
Socket inet:8892@localhost
Now edit POSTFIX configuration file /etc/postfix/main.cf and add following values at the end of file
milter_default_action = accept
milter_protocol = 2
smtpd_milters = inet:localhost:8892
non_smtpd_milters = inet:localhost:8892
finally start DKIM service using following command
# /etc/init.d/dkim-milter start

Step 4: Configure DNS Entry

After configuring private key in postfix server. there will be another file default.txt generated by dkim-genkey. Edit your DNS zone file and add this as TXT record found in default.txt. In my case this is like below.
default._domainkey IN TXT "v=DKIM1; g=*; k=rsa; p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDNHHZ5Wq8b
mpNTwzg+5wwwgKiYphgdRnngxS6Wd1lq9kQRh2OxzOH4kW1gsPe8UA396e9zaXjGlSzbIkeHEt86JzuS+fg+utLrVtIH6gLXJg
xppBjCMhLy95oBLrG9M3rqGtrzHgVclANnYdfGs3Tg6r+RnS7GHW3YqW+7tr45YQIDAQAB" ; ----- DKIM default for example.com

Step 5: Verify DKIM

To verify that DKIM is working properly. Let’s send a test email through command line
# mail -vs "Test DKIM" my_test_email@gmail.com < /dev/null
In received email in our mailbox, open the source of email and search for "DKIM-Signature". You will find some thing like below
DKIM-Signature: v=1; a=rsa-sha256; c=simple/simple; d=example.com;
 s=default.private; t=1402388963;
 bh=fdkeB/A0FkbVP2k4J4pNPoe23AvqBm9+b0C3OY87Cw8=;
 h=Date:From:Message-Id:To:Subject;
 b=M6g0eHe3LNqURha9d73bFWlPfOERXsXxrYtN2qrSQ6/0WXtOxwkEjfoNTHPzoEOlD
  i6uLLwV+3/JTs7mFmrkvlA5ZR693sM5gkVgVJmuOsylXSwd3XNfEcGSqFRRIrLhHtbC
  mAXMNxJtih9OuVNi96TrFNyUJeHMRvvbo34BzqWY=

Nhận xét

Đăng nhận xét

Bài đăng phổ biến từ blog này

CLEANING UP THE ZABBIX DATABASE

My Zabbix database size increased a lot in the last few months and since my disk was running out space, I decided to clean up the old events from the database. Looking at the database tables, the biggest one was  history_uint , which holds the items history data – over 400 millions of records and over 30 Gb of disk space before the clean up. Since deleting the old records from this table directly would be a very slow process, I decided to create a new table and insert the latest records from the  history_uint  table and then just replace the old table with a new one. Since this is not an offical procedure, use it at your own risk. Environment: Zabbix v2.2 MySql 5.1 – InnoDB with  innodb_file_per_table=ON Step 1 – Stop the Zabbix server Step 2 – Open your favourite MySQL client and create a new table CREATE TABLE  history_uint_new  LIKE  history_uint; Step 3 – Insert the latest records from the  history_uint  table to the  history_uint_new table First you need to de
Đọc thêm

Configuring DHCP Relay service on the FortiGate unit

Configuring DHCP Relay service on the FortiGate unit If the clients are configured to obtain a IP address using DHCP relay, configure the FortiGate server as below: To configure DHCP relay on the FortiGate unit   1. Go to System > Network > Interfaces and select Interface want to configure DHCP relay.   2. Enable DHCP Server in the interface and choose Advanced   3. For Mode, select Relay.   4. In Type select Regular.   5. Select OK.   6. If a router is installed between the FortiGate unit and the DHCP server, define a static route to the DHCP server. Note : Sometimes it is required to specify more than one DHCP relay IP, to allow for the coverage of additional LAN subnets. Although the Web Based Manager (GUI) does not provide an option to configure this, it is possible to set up to 8 IPs from the CLI.       config system interface             edit <REQUIRED_INTERFACE_HERE>               set dhcp-relay-ip <FIRST_IP> <SECOND_IP> ....<EIGHTH_IP&
Đọc thêm

WAN link load balancing

Hình ảnh
W A N link load balancing In the same way that incoming traffic can be load balanced, outgoing or WAN traffic can also be load balanced and for the same three reasons. 1 .  Reduce the places in the work flow where a single point of failure can bring the process to a halt. 2 .  Expand the capacity of the resources to handle the required workload. 3 .  Have it configured so that the process of balancing the workload is automatic. Often, it can be just as important for an organizations members to be able to access the Internet as it is for the denizens of the Internet to access the Web facing resources. There is now a  WA N Load Balancing  feature located in the  N e t w o r k  section of the GUI (“WAN LLB”). As part of the new WAN Load Balancing feature, the FortiOS 5.2  R ou t e r > Static > Settings  GUI page has been removed. WAN Load Balancing should be used instead of the 5.2  E C M P Load Balancing Method  settings. The 5.2  L i n k Health Monitor  definitions
Đọc thêm