Hello,
If you want to use postfix to use domainkeys or dkim you can do it using dkimproxy http://dkimproxy.sourceforge.net
In this setup, we only want that outgoing mail are signed. As we known, yahoo and gmail uses it with spam checks.
http://dkimproxy.sourceforge.net/postfix-outbound-howto.html
First, change your master.cf from postfix file
master.cf:
submission inet n – y – – smtpd
-o smtpd_etrn_restrictions=reject
-o content_filter=dksign:[127.0.0.1]:10027
-o receive_override_options=no_address_mappings
-o smtpd_recipient_restrictions=permit_mynetworks,reject
// put this in the same file, for example, at bottom is a good place
dksign unix – – n – 10 smtp
-o smtp_send_xforward_command=yes
-o smtp_discard_ehlo_keywords=8bitmime,starttls
127.0.0.1:10028 inet n – n – 10 smtpd
-o content_filter=
-o receive_override_options=no_unknown_recipient_checks,no_header_body_checks
-o smtpd_helo_restrictions=
-o smtpd_client_restrictions=
-o smtpd_sender_restrictions=
-o smtpd_recipient_restrictions=permit_mynetworks,reject
Now, is time to setup dkimproxy, since we are only interested in outgoin mail, we use dkimproxy.out instead, please, use devel version, at moment, stable version can’t sign both signatures at the same time. Tested using dkimproxy-1.0beta1.tar.gz
This example show how to sing more than one domain.
Create a new file.
/etc/postfix/ssl/domainkeys/domainkeyfile:
# sign both mydom1.com and mydom2.com mail with both a domainkeys and dkim signature (put a new domain for each line)
mydom1.com domainkeys(a=rsa-sha1,c=nofws), dkim(a=rsa-sha256,c=relaxed)
mydom2.com domainkeys(a=rsa-sha1,c=nofws), dkim(a=rsa-sha1,c=relaxed)
As user root, is time to launch dkimproxy (change your values if necessary), in this case we run dkimproxy with user/group dkim
# groupadd -g 4321 dkim
# useradd -u 4321 -s /bin/false -d /dev/null -g dkim dkim
// launch it as a daemon
# dkimproxy.out –user=dkim –group=dkim –keyfile=/etc/postfix/etc/ssl/domainkeys/private.key –selector=yourselector –sender_map=/etc/postfix/ssl/domainkeys/domainkeyfile –daemonize –pidfile=/var/run/dkim.pid 127.0.0.1:10027 127.0.0.1:10028
Of course, it’s very important that you keep you port 25 for ‘normal’ mail and change it to port 587 if you want to use dkimproxy, check your mail client how to do that.
Now, your mail uses domainkeys/dkim headers :)
this is a mail headers example:
———-
DomainKey-Signature: a=rsa-sha1; c=nofws; d=mydom1.com; h=date:subject:from:to:mime-version:content-type:message-id:content-transfer-encoding; q=dns; s=ireth; b=
KPaZ5d7olrcJ62GwFyOAGGuiWe/+6ffW+b+ne24t3+mlUyUgU7kYHRedPphfTa4e
AtdKW/l9B+TFnZs3WOFpaB1fkkwohQIHUJrINhMlm6NVgcEy3wolOXx2QKmDQdzl
4cRo0x6q8DTjl9ThVwaOdL89Xj6gG8RecOx9wCKjnXO=
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed; d=mydom1.com; h=
date:subject:from:to:mime-version:content-type:message-id:
content-transfer-encoding; q=dns/txt; s=myhost1; bh=gbf05R7SXafOIY
pmOvZ6JHiCsUiIu94mbMnHdz31av0=; b=jh8AB9KJUF2yarL9etKNcdCsICPssS
Hz314WM/0KliaooehfanU+dxn/FIbvdeVc+ztTA9OkefWCj2SBfx/xi3sMDTy6gj
ue+BYGvS9GJ9tYCKUvW4lk5wwk70JcCSpwQAbjsyf1pPBW3I6NFPtk2G5LrykEs+
yizGa5g3x9rdg=
———-
This setup assumes that you have created you private/public cryptographic keys, also you have configured your dns, if not, then check main site for how to do it.
http://dkimproxy.sourceforge.net/ (read about openssl)
See you!