Intro
This tutorial describes how to enable DKIM signing with Postfix for your new mail domain example.com and has been tested on Debian Squeeze 6.
Generate a DKIM key for your new mail domain example.com
# cd /var/lib/dkim/ # amavisd-new genrsa example.com.pem # chmod 0600 example.com.pem # chown amavis: example.com.pem
Tell amavisd to DKIM sign mails for your domain example.com
Open /etc/amavis/conf.d/50-user and search for “# Add dkim_key here.”. Add your new domain example.com after the existing domain(s). Maybe you should sort them alphabetically for faster find.
# vi /etc/amavis/conf.d/50-user
dkim_key("example.com", "dkim", "/var/lib/dkim/example.com.pem");
Add your new domain example.com to @local_domains_maps in /etc/amavis/conf.d/50-user.
The line should now read something like this, after you have added example.com to it:
@local_domains_maps = ( [".$mydomain", "loremipsum.com", "example.com"] );
Activate DKIM signing for your new domain example.com
/etc/init.d/amavis restart
Verify that amavisd uses the newly created DKIM domain key
# amavisd-new showkeys example.com ; key#2, domain example.com, /var/lib/dkim/example.com.pem dkim._domainkey.example.com. 3600 TXT ( "v=DKIM1; p=" "MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDI7ZEV3um7Lj5xa8Z0Y+Kxv0QV" "kRqBfLFTv2w4YJxu+EQT6HREEEgbvJOoK8VPlXed3lBY++HF2Rfg3mXfdT+zttvn" "r+TMGnJKXjBFoTus9WqHqVTBqLONicmkbFt7W9c1WgegoXxQh6uyJRMB5MB8jLEF" "n1PGbLAeSU1a0vy9LQIDAQAB")
Clean up the DKIM string (only if not using BIND)
If you don’t use BIND, you need to clean the DKIM string to be in a single line. Otherwise the whole multiline string can directly be posted to your BIND config.
v=DKIM1; p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDI7ZEV3um7Lj5xa8Z0Y+Kxv0QVkRqBfLFTv2w4YJxu+EQT6HREEEgbvJOoK8VPlXed3lBY++HF2Rfg3mXfdT+zttvnr+TMGnJKXjBFoTus9WqHqVTBqLONicmkbFt7W9c1WgegoXxQh6uyJRMB5MB8jLEFn1PGbLAeSU1a0vy9LQIDAQAB
Create a DNS DKIM record, type TXT for your domain (only if not using BIND)
Create a TXT DNS record named “dkim._domainkey.example.com” in your DNS console / managment interface:
dkim._domainkey.example.com
Put the clean DKIM string in the value field of the TXT record:
v=DKIM1; p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDI7ZEV3um7Lj5xa8Z0Y+Kxv0QVkRqBfLFTv2w4YJxu+EQT6HREEEgbvJOoK8VPlXed3lBY++HF2Rfg3mXfdT+zttvnr+TMGnJKXjBFoTus9WqHqVTBqLONicmkbFt7W9c1WgegoXxQh6uyJRMB5MB8jLEFn1PGbLAeSU1a0vy9LQIDAQAB
After setting up the DKIM DNS entry you should wait a few minutes before proceeding though DNS cycles.
Verify correct DKIM function
# amavisd-new testkeys TESTING#1: dkim._domainkey.loremipsum.com => pass TESTING#2: dkim._domainkey.example.com => pass
Help, i’m getting an error: “…invalid -> (public key: not available)”
TESTING#2: dkim._domainkey.example.com => invalid (public key: not available)
Something with your config or your new DKIM domain key seems to be wrong. Maybe the DNS change has not been spreaded to all root DNS servers? Wait a few minutes and try again!
Benjamin Wiedmann
Benjamin Wiedmann is an IT Professional, Software Developer, Photograph and Musician. Read more...
Follow Me:
0 Comments