(2024.1) Configuring Sendmail with DKIM
- Brian Dixon
- Marty Goodrich
Ubuntu 20.04
sudo apt-get install opendkim opendkim-tools
# must enter the customer's host name
opendkim-genkey -t -s default -d customer.domain.edu
# add pcr360 as a subdomain
vi default.txt
# edit this line to, then save and close
default._domainkey.pcr360
#copy the private key
sudo mkdir /etc/opendkim
sudo cp default.private /etc/opendkim
#edit the DKIM configs
vi /etc/opendkim.conf
# uncomment and edit the following lines
# must enter the customer's host name
Domain customer.domain.edu
KeyFile /etc/opendkim/default.private
Selector default
vi /etc/default/opendkim
# comment out the current socket line and add this
SOCKET=inet:8891@127.0.0.1
# start the dkim service
sudo service opendkim start
# edit the sendmail config
vi /etc/mail/sendmail.mc
# add the end of the file
INPUT_MAIL_FILTER(`opendkim', `S=inet:8891@127.0.0.1')dnl
# become root
sudo su
# rebuild the sendmail config
m4 /etc/mail/sendmail.mc > /etc/mail/sendmail.cf
sudo service sendmail restartChecking everything works
From server logs
By default OpenDKIM logs to the syslog, so you can tail the log to see if signing is successful using:
sudo tail -f /var/log/syslog | grep -i dkim
You should see something like this example taken from one of the web servers that host this blog:
Mar 16 09:25:02 web2 sm-mta[7705]: u2G9P2Dp007705: Milter insert (1): header: DKIM-Signature: v=1; a=rsa-sha256; c=simple/simple; d=web2.lon.codacity.net;\n\ts=linode; t=1458120302;\n\tbh=C8sxHQz0QeFsCiNzhPYF8u2GVHRax8cSsYISckkpuEk=;\n\th=Date:From:Subject:To:From;\n\tb=ymr4SQ67DqXBMkVPPfjTJUEWBPFpO4jix7oZXsranp6MQrzcXg8ysbwkL0+6VdcqA\n\t DrzTrz3O6SfVh9Aok6H+tGcPIb9jMGTn1ceLlAZhy18O5qmjkZOTHr2MWtKeaf1u2M\n\t FfBBOID4M9vef7FZBJaUa0j+Zg9LarLaYW518TEo=
From your mail client
View the source of an email sent from your server and look for the Authentication-Results header. It should contain dkim=pass if everything is working. There is also a DKIM-Signature header which contains the signing data.