thorko . de
Linux / Unix systems administrator
DKIM - Domain key identified mail
DKIM has been introduced to reduce the amount of spam. It verifies mail servers to be authorized to send mail for the specific domain. It uses an asymmetric crypto system. Every mail is signed with the private key and sent out. A recipient can verify this mail by getting the public key of the domain and decrypt the signature. The result must be the hash of the message including the headers.
So as you can see DKIM also prevents the email of being intercepted and being manipulated.
So as you can see DKIM also prevents the email of being intercepted and being manipulated.
Howto configure postfix and spamassassin to use DKIM
Install dkim-filter
# apt-get install dkim-filter
configure /etc/default/dkim-filter
SOCKET="inet:8893@127.0.0.1"
generate the keys
# openssl genrsa -out default-20100801.private 1024
# openssl rsa -in default-20100801.private -out default-20100801.public -pubout -outform PEM
remove public key header and line break
# grep -v -e "^-" default-20100801.public | tr -d "\n"
update your DNS zone file by adding the public key as a TXT record
default-20100801._domainkey IN TXT "v=DKIM1\; k=rsa\; t=y\;p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCB (shortened)"
configure postfix to use dkim-filter
in main.cf
smtpd_milters = inet:localhost:8893
configure dkim-filter
in /etc/dkim-filter.conf
OmitHeaders Return-Path,Received,Comments,Keywords,Bcc,Resent-Bcc
SubDomains yes
X-Header yes
Background yes
Selector default-20100801
Canonicalization relaxed/simple
KeyFile /etc/dkim/default-20100801.private
start your dkim-filter
# /etc/init.d/dkim-filter start
restart postfix
# /etc/init.d/postfix restart
now if you send an email you will see an additional header called DKIM-Signature.
To use spamassassin to verify the signature you will have to install an additional package
# apt-get install libmail-dkim-perl
add the following line to /etc/spamassassin/v320.pre
loadplugin Mail::SpamAssassin::Plugin::DKIM
and set these settings in your local.cf file
##################
# DKIM settings #
##################
# whitelist_from_dkim *@googlemail.com googlemail.com
score USER_IN_DKIM_WHITELIST -5.0
score DKIM_VERIFIED -1.3
score DKIM_POLICY_TESTING 0
restart your spamd service to get the settings applied
2010-08-10 9:49 pm
 | Info |
 | Download Zabbix Agent 1.8.10 - amd64 deb file Zabbix Server MySQL 1.8.10 - amd64 deb file Zabbix Frontend 1.8.10 - amd64 deb file Firefox 9.0.1 - x86_64 Thunderbird 9.0 - x86_64 LSI Util - manage LSI raid controller Nictool 2.0.8 Cisco VPN Client 4.9.01 for Mac |
 | Goodies Varnishd - Highly scalable web caching server CFengine - Configuration and installation automation of enterprise environments Open Benno - Another open source mail archive system (License: GPL). Lucene search engine, no database needed, mails stored in a directory structure |
 | Contact me |