WORK IN PROGRES !!
Hi everyone, this is a quick How-to about how I’ve set up this on my test server.
Info here was gathered from several ones available, either on posts on this forum or from searching the Net, it’s not my credits.
links / credits:
https://forge.univention.org/bugzilla/show_bug.cgi?id=45193
https://kofler.info/dkim-konfiguration-fuer-postfix/
Actions
I did this using the ‘root’ user and running UCS version 4.4.
Set the repository to be able to download the packages needed:
ucr set repository/online/unmaintained='yes'
Install the packages needed:
univention-install opendkim opendkim-tools postfix-policyd-spf-python postfix-pcre
Make a copy of the original file:
cp /etc/opendkim.conf /etc/opendkim.conf.original
Open file /etc/default/opendkim and change:
SOCKET=inet:12301@localhost
The socket number may be different, use one not in use.
Sample of my own:
AutoRestart Yes
AutoRestartRate 10/1h
UMask 002
Syslog yes
SyslogSuccess Yes
LogWhy Yes
Canonicalization relaxed/simple
ExternalIgnoreList refile:/etc/opendkim/TrustedHosts
InternalHosts refile:/etc/opendkim/TrustedHosts
KeyTable refile:/etc/opendkim/KeyTable
SigningTable refile:/etc/opendkim/SigningTable
Mode sv
PidFile /var/run/opendkim/opendkim.pid
SignatureAlgorithm rsa-sha256
UserID opendkim:opendkim
Socket inet:12301@localhost
open postfix template ::
vi /etc/univention/templates/files/etc/postfix/main.cf.d/10_general
add this end of file:
milter_default_action = accept
milter_protocol = 6
smtpd_milters = inet:localhost:12301
non_smtpd_milters = inet:localhost:12301
Save the file and run:
univention-config-registry commit /etc/postfix/main.cf
Create the relevant files:
vi /etc/opendkim/TrustedHosts
127.0.0.1
::1
localhost
10.10.0.0/24
domain
domain.com
host.domain.com
Create a key table:
vi /etc/opendkim/KeyTable
mail._domainkey.domain.com domain.com:mail:/etc/opendkim/keys/domain.com/mail.private
Create a signing table:
vi /etc/opendkim/SigningTable
*@domain.com mail._domainkey.domain.com
Generate the public and private keys:
cd /etc/opendkim/keys
mkdir domain.com
cd domain.com
Generate the keys:
opendkim-genkey -s mail -d domain.com
Change the owner of the private key to opendkim:
chown opendkim:opendkim mail.private
Add the public key to the domain’s DNS records
This part can be tricky to someone not used to do this, since you need to copy the text ‘as is’ to the TXT record.
Sample key:
nano -$ mail.txt
v=DKIM1; h=sha256; k=rsa; p=MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxddfBL9/0ZgCHpwXv92xxvpasPXUaIeXXosDCiypxUIY1CtCRLJ8Ti03FZrJGVQvYmYaiI1Wa8omMVF11b+0U6Cl5t2BlH6VzBYxuNHk1w91xkVJz59MTYuwNTT87JuMGM/y0IQV8UfykZ7TWZxvr79mWYxSLkYC5CDTrPj7iph2MWn/8fqsUMcJbNd4oLszY5nyqfmmhMug0avPQ/vEmmUjb9MwUU15Og4GvcjQ5XK/u5o9Z4wktM8v+v+4JM19xX6L/wR7HgW4d0mq/UtAWSqlnqgQcsztcjt
Copy the key to your TXT record on the DNS server serving your domain.
Sample of mine, on Cloudflare DNS record:
TXT mail._domainkey v=DKIM1; h=sha256; k=rsa; p=MIIBIjANBgkq
Restart services:
service postfix restart
service opendkim restart
Hope this can help someone too.
Regards.
JG