Centos: How to configure DKIM for sendmail on multiple domains

Posted by on 10/21/2013 Leave a comment (0) Go to comments

dkim I wanted to configure DKIM for sendmail on multiple domains for one of the dedicated servers and found out that there are no usable instructions for CentOS and few that are available are inconclusive (I will provide the list of information sources at the end of this post). Here is my tested working setup:

  1. You will need to have EPEL repository installed ( I usually install it along with IUS repo right after fresh OS installation)
  2. Next step would be to install dkim-milter package
  3. Configuration for dkim-milter is in /etc/mail/dkim-milter/dkim-milter.conf file. For multiple domains it should look like this:

    Note the Selector value – it could be anything as long as it matches your keys and DNS zone record for your domain.

  4. There is a tool for key generation installed by dkim-milter package, or you can use online form for the same purpose. I’ve picked up the shell script from the internet and modified it for my liking. Here it is:

    Save the file as /etc/mail/create-dkim, and do chmod 755 /etc/mail/create-dkim.
    Lets generate keys for yourdomain.com

    You should have keys generated and named according to the script inside /etc/mail/dkim-milter/keys/yourdomain.com and updated /etc/mail/dkim-milter/keys/keylist
    Add these 3 lines to your yourdomain.com DNS zone, update zone serial and reload it. Don’t forget reate /etc/mail/dkim-milter/trusted-hosts file otherwise dkim-milter daemon will not start. It can be empty file.

  5. Now we can try to start dkim-milter service

    If there is no problems with the configuration and files permissions.

  6. Next step is to update sendmail configuration. I assume that you have sendmail-cf package installed and will generate sendmail.cf file from your existing sendmail.mc. Here is what you need to add (assuming that this will be the only milter process you are using).

    Save your updated sendmail.mc and run make all from /etc/mail directory to rebuild sendmail.cf. Try to restart sendmail process:

    We will also need to make sure that dkim-milter process will start after next reboot

  7. Now here is the tricky part – Gmail and all other major e-mail providers will mark your DKIM verification as failed unless you will have properly configured SPF policy for yourdomain.com. So take some time and put together proper SPF policy for yourdomain.com. The simplest would be “v=spf1 a mx -all”.Add the appropriate TXT record to your DNS zone

    , update zone serial and reload the zone. Now you are ready to send signed e-mail which will be verified by capable servers. Keep an eye on /var/log/maillog for dkim-milter messages.

For this configuration I used following sources (Thank you for the information):

Related posts:

  1. Sysadmin shell oneliner: update serial in all DNS zones
  2. Centos: How to run additional apache instance on different port
  3. Centos: Quick’n’easy howto install node.js
network, Security, Software, Sysadmin, , , , , ,

Leave a Comment

NOTE - You can use these HTML tags and attributes:
<a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code class="" title="" data-url=""> <del datetime=""> <em> <i> <q cite=""> <s> <strike> <strong> <pre class="" title="" data-url=""> <span class="" title="" data-url="">