Thursday, November 5, 2009

Setting up Postfix with Domain Key Signing on Red Hat 5

First make sure sendmail is turned off and postfix is installed, enabled and starting by default:


/etc/init.d/sendmail stop
/sbin/chkconfig sendmail off
yum install postfix
/sbin/chkconfig postfix on
/etc/init.d/postfix start


First install the dkim-milter package.


yum install dkim-milter


Now generate your keys following the instructions in the INSTALL file. For the later part, we assume you have a key file called "default.key.pem"

By default, all the configuration files are going to be in /etc/mail/dkim-milter. Go into this directory and edit the dkim-filter.conf file:

# Point this to your key file
# This file should be 600 and chowned to dkim-milter.dkim-milter (this user/group will have been created for you by the install process)
KeyFile /etc/mail/dkim-milter/keys/default.key.pem
Selector default
Socket inet:8891@localhost

# If you are going to want to sign emails from anything besides localhost
# you need to create this file called internal_hosts and put each IP you want
# whitelisted on its own line. Make sure to include 127.0.0.1.
InternalHosts /etc/mail/dkim-milter/internal_hosts


Add the milters to your postfix config, /etc/postfix/main.cf:

#DKIM setup
smtpd_milters = inet:localhost:8891
non_smtpd_milters = inet:localhost:8891


Now you want to make sure dkim-milter starts properly on reboot and is configured properly:
Add this to the end of your /etc/rc.local file:

/etc/init.d/dkim-milter start


And one last quick fix. In the /etc/init.d/dkim-milter file:

# Find this line and make sure to get rid of the -p {SOCKET} part. You have
# already specified the socket information in the config file and don't want
# to override that.
daemon --user ${user} ${prog_with_path} -x ${config} -P ${pidfile} ${EXTRA_FLAGS}


Now start everything up and you are good to go:

/etc/init.d/dkim-milter start
/etc/init.d/postfix start