You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.

103 lines
3.7 KiB

#####################################
#FEDORA-SPECIFIC README FOR OPENDKIM#
#####################################
Last updated: Apr 30, 2015 by Steve Jenkins (steve@stevejenkins.com)
Generating keys for OpenDKIM
============================
After installing the opendkim package, you MUST generate a pair of keys (public and private) before
attempting to start the opendkim service.
A valid private key must exist in the location expected by /etc/opendkim.conf before the service will start.
A matching public key must be included in your domain's DNS records before remote systems can validate
your outgoing mail's DKIM signature.
Generating Keys Automatically
=============================
To automatically create a pair of default keys for the local domain, do:
% sudo /usr/sbin/opendkim-default-keygen
The default keygen script will attempt to fetch the local domain name, generate a private and public key for
the domain, then save them in /etc/opendkim/keys as default.private and default.txt with the proper
ownership and permissions.
NOTE: The default key generation script MUST be run by a privileged user (or root). Otherwise, the resulting
private key ownership and permissions will not be correct.
Generating Keys Manually
========================
A privileged user (or root) can manually generate a set of keys by doing the following:
1) Create a directory to store the new keys:
% sudo mkdir /etc/opendkim/keys/example.com
2) Generate keys in that directory for a specific domain name and selector:
% sudo /usr/sbin/opendkim-genkey -D /etc/opendkim/keys/example.com/ -d example.com -s default
3) Set the proper ownership for the directory and private key:
% sudo chown -R root:opendkim /etc/opendkim/keys/example.com
4) Set secure permissions for the private key:
% sudo chmod 640 /etc/opendkim/keys/example.com/default.private
5) Set standard permissions for the public key:
% sudo chmod 644 /etc/opendkim/keys/example.com/default.txt
Updating Key Location(s) in Configuration Files
===============================================
If you run the opendkim-default-keygen script, the default keys will be saved in /etc/opendkim/keys as
default.private and default.txt, which is the location expected by the default /etc/opendkim.conf file.
If you manually generate your own keys, you must update the key location and name in /etc/opendkim.conf
before attempting to start the opendkim service.
Using OpenDKIM with SQL Datasets
================================
OpenDKIM on RedHat-based systems relies on OpenDBX for database access. Depending on which database you use,
you may have to manually install one of the following OpenDBX subpackages (all of which are available via yum):
- opendbx-firebird
- opendbx-mssql
- opendbx-mysql
- opendbx-postgresql
- opendbx-sqlite
- opendbx-sqlite2
- opendbx-sybase
If you have OpenDKIM configured to use SQL datasets on a systemd-based server, it might also be necessary to start
the opendkim service after the database servers by referencing your database unit file(s) in the "After" section of
the OpenDKIM unit file.
For example, if using both MariaDB and PostgreSQL, in /usr/lib/systemd/system/opendkim.service change:
After=network.target nss-lookup.target syslog.target
to:
After=network.target nss-lookup.target syslog.target mariadb.service postgresql.service
Additional Configuration Help
=============================
For help configuring your MTA (Postfix, Sendmail, etc.) with OpenDKIM, setting up DNS records with your
public DKIM key, as well as instructions on configuring OpenDKIM to sign outgoing mail for multiple
domains, follow the how-to at:
http://wp.me/p1iGgP-ou
Official documentation for OpenDKIM is available at http://opendkim.org/
OpenDKIM mailing lists are available at http://lists.opendkim.org/
###