Join Log in
Score:0
J. Mick avatar Server

How to correctly configure OpenDKIM with Postfix on Debian 11?

dk flag
J. Mick

The desired settings are to create a multi domain mail server.

This is my main domain example.com and this is my subdomain: mail.example.com

Taking the rDNS as the following verifications:

hostname -f
nano /etc/mailname
nano /etc/hostname

As a result:

mail.example.com

I already have the DNS records in (TXT Record):

1 record txt: @ v=spf1 a mx ip4:170.000.100.16 ~all
2 record txt: _dmarc.mail   v=DMARC1; p=none
3 record txt: mail  v=spf1 a mx ip4:170.000.100.16 ~all
4 record txt: mail._domainkey   v=DKIM1; h=sha256; k=rsa; p=MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA6yQ4ZdFGg1/rjh8MbYYTGm00n...

I have made the following configuration in: nano /etc/opendkim.conf

AutoRestart             Yes
AutoRestartRate         10/1h
Syslog                  yes
SyslogSuccess           yes
LogWhy                  yes
Canonicalization       relaxed/simple
Mode                   sv
SubDomains             yes
#OversignHeaders       From
SignHeaders            From,Sender,To,CC,Subject,Message-Id,Date
OversignHeaders        From,Sender,To,CC,Subject,Message-Id,Date
UserID                 opendkim:opendkim
UMask                  002
Socket                 inet:8891@localhost
PidFile                /var/run/opendkim/opendkim.pid
SignatureAlgorithm     rsa-sha256
TrustAnchorFile        /usr/share/dns/root.key
#Nameservers           127.0.0.1
Nameservers            8.8.8.8,1.1.1.1

ExternalIgnoreList      refile:/etc/opendkim/TrustedHosts
InternalHosts           refile:/etc/opendkim/TrustedHosts
KeyTable                /etc/opendkim/KeyTable
SigningTable            refile:/etc/opendkim/SigningTable

And, in the file /etc/default/opendkim I have the following:

RUNDIR=/run/opendkim
#SOCKET=local:$RUNDIR/opendkim.sock
SOCKET="local:/var/spool/postfix/opendkim/opendkim.sock"
USER=opendkim
GROUP=opendkim
PIDFILE=$RUNDIR/$NAME.pid
EXTRAAFTER=

Configured KeyTable, SigningTable and TrustedHosts files:

KeyTable:

mail._domainkey.example.com example.com:mail:/etc/opendkim/keys/example.com/mail.private
mail._domainkey.mail.example.com mail.example.com:mail:/etc/opendkim/keys/mail.example.com/mail.private

SigningTable:

*@example.com mail._domainkey.example.com

TrustedHosts:

127.0.0.1
::1
170.000.100.16
2100:1c02::f03c:13ff:fec9:17c7
mail.example.com
example.com

And the postfix configuration in: /etc/postfix/main.cf

smtpd_milters           = inet:127.0.0.1:8891
non_smtpd_milters       = $smtpd_milters
milter_default_action   = accept

Finally I comment the versions that I have installed on my server:

postconf mail_version
mail_version = 3.5.13
lsb_release -d
Description:    Debian GNU/Linux 11 (bullseye)

I have not been able to check the version of opendkim --version, but the installation was done this week, so I must have the most current version.

Tools I have used:

enter image description here

I can send and receive emails without problems, the only detail is that it does not show me in the emails sent that they are being signed with OpenDKIM, in addition to the screenshots that show those errors.

612
0 + 1
vps
diya avatar
la flag
diya
Does `journalctl -u opendkim` and/or /var/log/maillog show useful messages with regards to opendkim?
0
Reply
ธงชาติไทย
Elon Musk
I sit in a Tesla and translated this thread with Ai:

mangohost

Post an answer

Most people don’t grasp that asking a lot of questions unlocks learning and improves interpersonal bonding. In Alison’s studies, for example, though people could accurately recall how many questions had been asked in their conversations, they didn’t intuit the link between questions and liking. Across four studies, in which participants were engaged in conversations themselves or read transcripts of others’ conversations, people tended not to realize that question asking would influence—or had influenced—the level of amity between the conversationalists.