How to Install and Configure DKIM On Postfix With dkim-milter (2.8.x) on 64 bit CentOS 5

The following document was written after countless hours of research and experimentation, in the hope that you will not have to waste as much time in setting up DKIM on Postfix as we had to. The documents in internet on this subject are mostly old and deals with an old version of DKIM Milter.

What is DomainKeys Identified Mail (DKIM)?

The DomainKeys Identified Mail (DKIM) allows you to digitally sign your email so that receivers can verify that your email is legitimate. It provides a way to create an authentic relationship between email senders and receivers which is essential for some services like newsletters or email updates or if you make a purchase, which triggers a payment confirmation.

DomainKeys technology provides businesses an industry-standard method for mitigating email fraud and protecting an organization’s brand and reputation at a relatively low implementation cost.

Enough on DomainKeys technology. Lets go through the steps what I have done to download,  install and configure DKIM on Postfix with dkim-milter on 64 bit CentOS 5.

1. Download dkim-milter

Download dkim-milter 2.8.2 compatible with your OS

wget https://www.topdog-software.com/oss/dkim-milter/dkim-milter-2.8.2-0.$(uname -i).rpm

Note: You can download the latest version of dkim-milter here:

https://www.topdog-software.com/oss/

2. Install dkim-milter

rpm -Uvh dkim-milter-2.8.2-0.x86_64.rpm

It results:
warning: dkim-milter-2.8.2-0.x86_64.rpm: Header V3 DSA signature: NOKEY, key ID 990dd808
Preparing…                ########################################### [100%]
1:dkim-milter            ########################################### [100%]

3. Generate Keys with dkim-milter

sh /usr/share/doc/dkim-milter-2.8.2/dkim-genkey.sh -r -d example.com

It creates two files under working directory.
1. default.private
2. default.txt

mv default.private /etc/mail/dkim/default.key.pem
chmod 600 /etc/mail/dkim/default.key.pem
chown postfix.postfix /etc/mail/dkim/default.key.pem

4. Configure dkim-milter

locate dkim-filter.conf

In my case it results /usr/share/doc/dkim-milter-2.8.2/dkim-filter.conf.sample

cp /usr/share/doc/dkim-milter-2.8.2/dkim-filter.conf.sample /etc/mail/dkim/dkim-filter.conf

chown postfix:postfix /etc/mail/dkim/dkim-filter.conf

vi /etc/mail/dkim/dkim-filter.conf

Domain                    taragana.com
InternalHosts           /etc/mail/dkim/internal_hosts
KeyFile                    /etc/mail/dkim/default.key.pem
Mode                    sv
PidFile         /var/run/dkim-milter/dkim
Selector                default
Socket                  unix:/var/run/dkim-milter/dkim.sock
SubDomains              Yes
Syslog                        Yes
SyslogSuccess           Yes
UserID          postfix:postfix
X-Header                Yes

Please check the file format of /etc/mail/dkim/internal_hosts

yourdomain
localhost
localhost.localdomain
127.0.0.1

Note:

If you have multiple domains then you have to use keylist instead of keyfile. For example:

Replace the following line from the above dkim-milter configuration
KeyFile                    /etc/mail/dkim/default.key.pem

with this line:
KeyList                   /etc/mail/dkim/keylist

Please check the keylist file format here:

*@yourdomain1.com:yourdomain1.com:/etc/mail/dkim/keys/yourdomain1.com/default

*@yourdomain2.com:yourdomain2.com:/etc/mail/dkim/keys/yourdomain2.com/default

You have just completed with dkim-milter configuration. Now you have to add two lines at the end of your postfix main.cf

5. Configure Postfix with dkim-milter

vi /etc/postfix/main.cf

smtpd_milters = unix:/var/run/dkim-milter/dkim.sock
non_smtpd_milters = unix:/var/run/dkim-milter/dkim.sock

Yes, you are done with postfix.

I am pretty sure that you are with me because you are very close to the effort which allows your emails to be legitimate to others.

Now, add a line at the end of your DNS file and you are almost done.

6. Configure DNS with DomainKeys

Add the contents of default.txt file (created during Generate Keys with dkim-milter step above)
at the end of your DNS config file for the domain you want to sing your emails.

7. Start dkim-milter and Restart DNS and Postfix

7.1 Restart dkim-milters

dkim-filter -x /etc/mail/dkim/dkim-filter.conf

7.2 Restart DNS

service named restart

7.3 Restart Postfix

service postfix restart

You are done!

8. How to verify your setup

Now test your success by sending an email to a gmail account. In gmail you will see a line that says:

signed-by   yourdomain

Another way to test it to view the header of the email. You should have some lines that look similar to this:

X-DKIM: Sendmail DKIM Filter v2.8.2 mail.yourdomain 5367E9A013D
DKIM-Signature: v=1; a=rsa-sha256; c=simple/simple; d=yourdomain;
s=default; t=1267272705;
bh=ocwtmEnUjzaHObpRc8VgX5EWl5+2kw634OaPWXn3JQ4=;
h=Message-Id:Date:From:To;
b=X25pf0jvs+ADitlerIg+vn+I1bVqkXhU0jxjTgv5t2FONN3DAqFpFKwtqKn06sX2t
QXmhSdYn+lQTcoGzOoP5kur8VQ2V3emmNFXi69ZyJ+CjmtbMMqZo/hxQD8TOERA2yL
Xm4cUwPKtUy8nW/0Va88HjiiUrP1qnFrD7T7MNpc=

Hope you will find the preceding guide to setup DKIM useful. If you like this article and would like more such interesting technology articles then please subscribe to our Technology newsletter(s).