Sendmail DKIM

Created: 2014-07-06 — modified: 2014-10-23 — tags: e-mail

Signing sendmail messages with DKIM using OpenDKIM is easier then you think!

Installation

Following Ubuntu's guide, execute this command:

sudo apt-get install opendkim opendkim-tools

Configuration

First, think up a selector used for differentiating this key from others. If you have different means of sending an email from one @server.com, they might have different keys. For example I use Yandex mail for domain, which have their own set of private and public keys and use mail selector. So I decided to use sendmail as a selector for this one.

Key generation

Execute this command:

opendkim-genkey -t -s [selector]

This will generate two files: [selector].priv storing your private key and [selector].txt storing DNS record.

Move the *.priv file to an appropriate location on the server (for example, /etc/mail/dkim.key), and add contents of *.txt file to your DNS.

DNS

It depends on your provider and details of your setup, but generally it's about adding a TXT record for a [selector]._domainkey subdomain. Contents of this record is in the *.txt file generated by opendkim-genkey command.

OpenDKIM

Edit /etc/opendkim.conf file. You need to uncomment and change only these three lines:

Domain  [your domain]
KeyFile [keyfile]
Selector    [selector]

Where [keyfile] is a path to your private key.

Restart opendkim service:

sudo service opendkim restart

Sendmail

Find out the socket used by opendkim:

ps aux | grep opendkim

it's after -p parameter and usually is local:/var/run/opendkim/opendkim.sock

Edit /etc/mail/sendmail.mc file and add this line anywhere (f.ex, at the bottom):

INPUT_MAIL_FILTER(`opendkim', `S=local:/var/run/opendkim/opendkim.sock')

(change socket location if it's different in your case)

Finally, rebuild the sendmail config, as it's said on the top of sendmail.mc file:

sendmailconfig

Usage

I believe you know how to send mail, but just in case:

To send a message to test@example.com, use this command:

mail -s "Message subject" test@example.com <<<"Message body"

Testing

To test how this stuff works, you can use one or more of autorespond email addresses listed at dmarc.org, like this:

echo "test message" | mail -s "DKIM test" checkmyauth@''auth.returnpath.net