Menu

Setup DKIM (DomainKeys) with Postfix on Ubuntu & Debian

DomainKeys Identified Mail (DKIM) is an email authentication method designed to detect email spoofing by providing a mechanism to allow receiving mail exchangers to check that incoming mail from a domain is authorized by that domain's administrators.In technical terms, DKIM is a 

technique to authorize a domain to associate its name to an email message through cryptographic authentication.

Step 1: Install opendkim Package

First we need to install opendkim and opendkim-tools packages using following command.
$ sudo apt-get install opendkim opendkim-tools

Step 2: Generate Key Pair

Now create DKIM key pair using opendkim-genkey command line utility. For this tutorial we are using domain name “hackthesec.co.in”, Change this name with your actual domain name.
$ MYDOMAIN=hackthesec.co.in
$ mkdir -p /etc/mail/dkim-keys/$MYDOMAIN
$ cd /etc/mail/dkim-keys/$MYDOMAIN
$ opendkim-genkey -t -s mail -d $MYDOMAIN

Above command will generate two files default.private and default.txt. You can created multiple DKIM keys for different-2 domains and configure with your postfix server.

Step 3: Configure DKIM and POSTFIX

First edit the domain keys lists setting file /etc/mail/dkim.key and add following entry.
*@hackthesec.co.in:hackthesec.co.in:/etc/mail/dkim-keys/hackthesec.co.in/default.private
Edit DKIM configuration file /etc/opendkim.conf and update below values in configuration file.
Domain             hackthesec.co.in
KeyFile            /etc/mail/dkim.key
Selector           mail
Socket    inet:8892@localhost
Now edit POSTFIX configuration file /etc/postfix/main.cf and add following values at the end of file
milter_default_action = accept
milter_protocol = 2
smtpd_milters = inet:localhost:8892
non_smtpd_milters = inet:localhost:8892

Step 4: Configure DNS Entry

After configuring private key in postfix server. there will be another filedefault.txt generated by opendkim-genkey. Edit your DNS zone file and add this as TXT record found in default.txt.
mail._domainkey.hackthesec.coin IN TXT "v=DKIM1; k=rsa; p=IOIIGfBGGCSqGSIb3DEFGAQUAA4GNHDCBiQKBgRG6RY5DLhAbbrqcwgyBaC
x50scjedj357we9SJdff6VHOKDYgU/kvuV2rQiedHjtJDPuFJIwoNqh8pbIWxcZ8J2FhVhXU1QWdBmOQ/w61jfsyVAMrX/SrcJAd/1
XHYcS4o3uIOV7jICVOJLiYW5wjYLvWpPoraQzQE1Npjlsx2T5QIDAQAB" ; ----- DKIM key default for hackthesec.co.in

Step 5: Restart Service

After making all above configuration’s restart dkim and postfix services
$ sudo service opendkim restart
$ sudo service postfix restart

Step 6: Verify DKIM

And you have all done. Let’s verify that DKIM is working properly. Let’s send a test email through command line
$ mail -vs "Test DKIM" hackthesec@gmail.com < /dev/null
In received email in our mailbox, open the source of email and search for "DKIM-Signature". You will find some thing like below
DKIM-Signature: v=1; a=rsa-sha256; c=simple/simple; d=hackthesec.co.in;
 s=default.private; t=1431284463;
 bh=fdkeB/b0Fghse2k4J4pNas23AsqBm9+c0CsOYesw8=;
 h=Date:From:Message-Id:To:Subject;
 b=M6g0easdqURha9d7sdWldOddXsXxrMtN2qrSQ6/1AZtDxDkDDfoBTHDzoESlD
  i6uLLwV+3/JTs7mFmrkvlA5ZR693sM5gkVgVJmuOsylXSwd3XNfEcGSqFRRIrLhHtbC
  mAXMNxJtih9OuVNi96TrFNyUJeHMRvvbo34BzqWY=



www.hackthesec.co.in
www.twitter.com/hackthesecurity

About Author:


I am a Linux Administrator and Security Expert with this site i can help lot's of people about linux knowladge and as per security expert i also intersted about hacking related news.TwitterFacebook

Next
Newer Post
Previous
Older Post

0 comments:

Post a comment

 
Top