I've read the tutorial posted by MountainX (Setup DKIM (DomainKeys) for Ubuntu, Postfix and Mailman), but I can't figure out how to apply these steps if I want to host and send e-mails for several domains. Does anybody have a clue?
Good! I figured this out from the post mentioned in the question. I made a kind of mix between the answer itself and the links provided in it. Specially the fourth link is the one I used.
So the thing goes like this. Suppose you've got a server or VPS and make one of your domains to be the main domain and be used as the server name (in my example: mydomain.com).
So, first of all, we'll change to root to make things easier, but you can skip this step and use sudo before every command.
sudo su
Now, we install OpenDKIM:
apt-get install opendkim opendkim-tools
Let's fix the configuration file. We're opening /etc/opendkim.conf for editing. I use nano, but it's the same with other editor.
nano /etc/opendkim.conf
Once opened, make it look like this. If you feel comfortable, you can change some options, but the Domain, KeyFile and Selector must remain commented.
# This is a basic configuration that can easily be adapted to suit a standard
# installation. For more advanced options, see opendkim.conf(5) and/or
# /usr/share/doc/opendkim/examples/opendkim.conf.sample.
#
#Domain example.com
#KeyFile /etc/opendkim/201205.private
#Selector 201205
#
# Commonly-used options
Canonicalization relaxed/simple
Mode sv
SubDomains yes
# Log to syslog
Syslog yes
LogWhy yes
# Required to use local socket with MTAs that access the socket as a non-
# privileged user (e.g. Postfix)
UMask 022
UserID opendkim:opendkim
#
KeyTable /etc/opendkim/KeyTable
SigningTable /etc/opendkim/SigningTable
ExternalIgnoreList /etc/opendkim/TrustedHosts
InternalHosts /etc/opendkim/TrustedHosts
#
Socket inet:8891@localhost
#EOF
Next, we create some of the folder and files that will hold information about what should OpenDKIM use and process. For now, the TrustedHosts file. We create and edit it:
mkdir /etc/opendkim
nano /etc/opendkim/TrustedHosts
We must put into this file a list of trusted addresses: localhost and 127.0.0.1, and your server name and IP:
127.0.0.1
localhost
192.99.34.121
mydomain.com
Now we edit OpenDKIM config file.
nano /etc/default/opendkim
And add these lines at the end of the file. They'll tell OpenDKIM in which port it should expect signing requests:
SOCKET="inet:8891@localhost"
We open the Postfix config file.
nano /etc/postfix/main.cf
And add these lines to the end of the file. They'll tell Postfix that it should send e-mails to be signed and where.
milter_default_action = accept
milter_protocol = 6
smtpd_milters = inet:localhost:8891
non_smtpd_milters = inet:localhost:8891
If you're not adding domains right now, you can restart everything, so the configuration takes effect.
/etc/init.d/opendkim restart
/etc/init.d/postfix reload
/etc/init.d/postfix restart
Done! The server is ready to work with DKIM. Now, you need to add your domains to this system. The following process is the same for all the domains you want to add. I'll use otherdomain.com for the example, replace it with your own.
Remember I was root from before, but if you're not, run sudo su or precede your commands with the keyword sudo.
sudo su
First, we create a directory for our domain and go inside of it:
mkdir -p /etc/opendkim/keys/otherdomain.com
cd /etc/opendkim/keys/otherdomain.com
Now we generate a key for the domain:
opendkim-genkey -r -d otherdomain.com
We give the OpenDKIM user ownership of the newly created file:
chown opendkim:opendkim default.private
And we open the KeyTable file to add our new key for our new domain:
nano /etc/opendkim/KeyTable
We add it to the end of the file (after all other domains we may have here):
default._domainkey.otherdomain.com otherdomain.com:default:/etc/opendkim/keys/otherdomain.com/default.private
We open the SigningTable file.
nano /etc/opendkim/SigningTable
And append at the end of the file (again, we'll have one line for each domain):
otherdomain.com default._domainkey.otherdomain.com
This SigningTable lists all mails which get signed. Just by adding a domain name, all mails from that domain will be signed.
I'm not sure of the necessity to do the next step, but I just did it, just in case... We open the TrustedHosts file.
nano /etc/opendkim/TrustedHosts
And add at the end of the file:
otherdomain.com
One last thing: we show the contents of the file /etc/opendkim/keys/otherdomain.com/default.txt.
cat /etc/opendkim/keys/otherdomain.com/default.txt
And add the information between the quotes to a TXT record in the DNS Zone of the domain, and we must also use default._domainkey as the name of the record. NOTE: "between the quotes" is the text that starts with "v=DKIM1;k=rsa; p=WIGfM...".
If we're done adding domains (by now), we restart everything to apply the changes.
/etc/init.d/opendkim restart
/etc/init.d/postfix reload
/etc/init.d/postfix restart
Done!
