Postfix: Installation et prise en main de Opendkim

  • Installer opendkim:

apt-get install -y opendkim opendkim-tools

  • Ajouter l’utilisateur postfix au groupe opendkim

adduser postfix opendkim

  • Script shell pour créer les fichiers de configuration:

#!/bin/bash

set -euo pipefail

echo "UserID opendkim
AutoRestart Yes
SyslogSuccess yes
LogWhy yes
Selector mail
Canonicalization simple
Mode sv
X-Header yes
OversignHeaders From
Socket inet:54321@localhost
KeyTable /etc/opendkim/KeyTable
SigningTable /etc/opendkim/SigningTable
ExternalIgnoreList /etc/opendkim/TrustedHosts
InternalHosts /etc/opendkim/TrustedHosts
DNSTimeout 5
SignatureAlgorithm rsa-sha256" >> /etc/opendkim.conf

echo "milter_default_action = accept
milter_protocol = 2
smtpd_milters = inet:localhost:54321
non_smtpd_milters = inet:localhost:54321" >> /etc/postfix/main.cf

mkdir -p /etc/opendkim
mkdir -p /etc/opendkim/keys
touch /etc/opendkim/TrustedHosts
touch /etc/opendkim/TrustedHosts
touch /etc/opendkim/KeyTable

echo "127.0.0.1
localhost" >> /etc/opendkim/TrustedHosts

 

  • Pour créer l’entrée DKIM pour un domaine:

echo "domaine.tld" >> /etc/opendkim/TrustedHosts

mkdir -p /etc/opendkim/keys/domaine.tld
opendkim-genkey -D /etc/opendkim/keys/domaine.tld/ -d domaine.tld -s mail
chown -R opendkim:opendkim /etc/opendkim
chmod go-rw /etc/opendkim/keys

echo "domaine.tld mail._domainkey.domaine.tld"” >> /etc/opendkim/SigningTable
echo "mail._domainkey.domaine.tld domaine.tld:mail:/etc/opendkim/keys/domaine.tld/mail.private" >> /etc/opendkim/KeyTable

 

  • Entrée DKIM

 
cat /etc/opendkim/keys/domaine.tld/mail.txt

 

  • Ajouter l’entrée DKIM à votre domaine

 

  • Redémarrer les services postfix, opendkimet bind

service postfix restart

service opendkim restart

service bind9 restart

  • Pour tester l’installation

 
opendkim-testkey -d domaine.tld -s mail -vvv
opendkim-testkey: checking key ‘mail._domainkey.domaine.tld’
opendkim-testkey: key not secure
opendkim-testkey: key OK