Tag: Opendkim

Debian SID Opendmarc Installation and Configuration

November 20, 2016
LinuxOpendmarc
0 Comment

In this post i will capture the installation of opendmarc and how its configure alongside Opendkim.

Install opendmarc

apt-get install opendmarc

Configure systemd service file

cat > /lib/systemd/system/opendkim.service <
The specific changes here are lines #9 EnvironmentFile #13 -p $SOCKET
Defaults File
cat > /etc/default/opendmarc <
Opendmarc Config file
cat > /etc/opendmarc.conf <
Modify Postfix milters
 If you are running both opendkim and opendmarc your milters will look like this:
non_smtpd_milters = inet:127.0.0.1:12301, inet:127.0.0.1:12302
smtpd_milters = inet:127.0.0.1:12301, inet:127.0.0.1:12302

Restart the service
systemctl daemon-reload
systemctl restart opendmarc
systemctl restart postfix

DNS
Now go modify your DNS, adding a TXT record ‘_dmarc‘with the value ‘v=DMARC1; p=none; rua=mailto:postmaster@example.com
When you have validated dmarc is working properly you can change p=none to p=reject
How can you validate it?
There are a number of tools online to help you with this, also you open up a mail in google and click ‘show original’.
screenshot_2016-11-20_12-32-23
  
Enjoy
Other resources
 https://www.google.com/search?q=opendkim+setup
https://www.google.com/search?q=opendmarc+setup
 

Debian SID Opendkim Installation and Configuration Woes

November 19, 2016
LinuxOpendkim
0 Comment

TL;DR Opendkim. Hats off the to folk who do marvelous packing 99.99999% percent of the time.

But sometimes they just get it wrong or at least all documentation regarding the package, does not match up with the behavior the packager intended.
That said, hopefully i will help solve some of these issues here.

I assume you have postfix already working and you are just looking to add dkim support.

Install opendkim

apt-get install opendkim opendkim-tools

Configure systemd service file

cat > /lib/systemd/system/opendkim.service <
The specific changes here are lines #9 EnvironmentFile #13 -p $SOCKET
Defaults File
cat > /etc/default/opendkim <
Opendkim Config file
cat > /etc/opendkim <
Specific changes here are lines #7 hashed out socket file,  it simply does not work.
 The only way to get opendkim to honour this setting is passing it to the command line #13 of the service file.
Modify /etc/postfix/main.cf and add/edit the following lines
smtpd_milters = inet:localhost:12301
non_smtpd_milters = inet:localhost:12301
Create referenced folders for your open dkim keys
mkdir -vp /etc/dkimkeys/keys
TrustedHosts
cat > /etc/dkimkeys/TrustHosts <
SingingTable
cat > /etc/dkimkeys/SigningTable <
KeyTable
cat> /etc/dkimkeys/KeyTable <
Create private/public key for signing
cd /etc/dkimkeys/keys
opendkim-genkey -s default

Your directory should now look like this
Opendkim Treeview of files
Tell systemd to reload the the daemon files and restart
systemctl daemon-reload
systemctl restart opendkim
systemctl restart postfix
DNS
Now go modify your DNS, adding a TXT record ‘default._domainkey‘.
 Copy and paste everything between the parenthesis. ( everything here ) into the value field of the TXT record
cat keys/default.txt 
default._dkim   IN      TXT     ( "v=DKIM1; k=rsa; "
          "p=MIGfMA0GCSqGSIGNA....BIG LONG DIRTY HASH ....ciaxOhS24T4MFwIDAQAB" )  ; ----- DKIM key default for com

Enjoy
Other resources
 https://www.google.com/search?q=opendkim+setup