tested on netbsd-8,9
Warning: this has pissed me off – I am discarding DKIM and relying on enforced STARTTLS+verify and SPF/DMARC only
install opendkim with pkgsrc or somehow
pkg_info | grep libmilter /usr/libexec/locate.updatedb locate libmilter.h locate libmilter.a ./configure --with-openssl=/usr/local/ssl --with-milter=/usr/pkg --disable-shared make clean make -j8 > ../opendkim.log && echo BUILT make install mkdir -p /var/opendkim/ chown postfix:postfix /var/opendkim ll /usr/bin/perl ln -s /usr/pkg/bin/perl /usr/bin/perl
selector can be anything, it is just a marker e.g. use month/year to remind yourself how old the key pair will become (and eventually renew it once a year or so)
MONTHYEAR=`date +%b%Y | tr A-Z a-z` mkdir -p ~/certs/dkim/ cd ~/certs/dkim/ opendkim-genkey -h opendkim-genkey --selector=$MONTHYEAR --domain=nethence.com ls -lF $MONTHYEAR.private $MONTHYEAR.txt cat $MONTHYEAR.txt
–> add this record to your DNS zone and check
host -t txt $MONTHYEAR._domainkey.nethence.com
now proceed with the daemon’s configuration
ls -lF /etc/opendkim.conf cat > /etc/opendkim.conf <<EOF9 Domain nethence.com KeyFile /root/certs/dkim/$MONTHYEAR.private Selector $MONTHYEAR Socket local:/var/opendkim/dkim-socket Syslog Yes EOF9 cat /etc/opendkim.conf
start & enable
vi /etc/rc.local echo starting DKIM... /usr/local/sbin/opendkim -P /var/opendkim/opendkim.pid -l -x /etc/opendkim.conf -u postfix:postfix && echo done
status
ps auxww | grep dkim ls -lF /var/db/opendkim/$MONTHYEAR.private ls -lF /var/opendkim/dkim-socket
stop
pkill opendkim
then point to the unix socket
vi /etc/postfix/main.cf milter_protocol = 2 milter_default_action = accept smtpd_milters = unix:/var/opendkim/dkim-socket non_smtpd_milters = unix:/var/opendkim/dkim-socket
Default action here let’s mail pass through in case “application is unavailable or mis-configured”.
postfix reload
now watch the logs and validate
date | mail -s `uname -n` root
…try to check if wrongly signed incoming messages are refused?
dkim-milter https://sourceforge.net/projects/dkim-milter/
DomainKeys Identified Mail (DKIM) http://dkim.org/
OpenDKIM http://opendkim.org/
INSTALLING OPENDKIM http://www.opendkim.org/INSTALL
DKIM http://silas.net.br/tech/apps/netbsd-mailserver.html#dkim
Postfix before-queue Milter support http://www.postfix.org/MILTER_README.html
Postfix Configuration Parameters http://www.postfix.org/postconf.5.html
Configure DomainKeys (OpenDKIM) with Postfix on CentOS 7 https://www.linuxtechi.com/configure-domainkeys-with-postfix-on-centos-7/
Set Up DKIM (DomainKeys Identified Mail) Working With Postfix On CentOS Using OpenDKIM - Page 2 https://www.howtoforge.com/set-up-dkim-domainkeys-identified-mail-working-with-postfix-on-centos-using-opendkim-p2#-testing-your-setup
ld: /usr/local/ssl/lib/libcrypto.a(ecp_mont.o): relocation R_X86_64_32 against `.rodata.str1.1' can not be used when making a shared object; recompile with -fPIC ...
==> --disable-shared
postfix/cleanup[15894]: warning: connect to Milter service unix:/var/opendkim/dkim-socket: Permission denied
#39 Impossible to install OpenDkim : milter not found https://sourceforge.net/p/opendkim/support-requests/39/?limit=25
#9 ./configure –without-milter –disable-filter doesn’t work https://sourceforge.net/p/opendkim/bugs/9/
OpenSSL missing during ./configure. How to fix? https://superuser.com/questions/371901/openssl-missing-during-configure-how-to-fix