yum install opendkim
mkdir /etc/opendkim/keys/terraswarm.org /usr/sbin/opendkim-genkey -D /etc/opendkim/keys/terraswarm.org/ -d terraswarm.org -s default chown -R root:opendkim /etc/opendkim/keys/terraswarm.org chmod 640 /etc/opendkim/keys/terraswarm.org/default.private chmod 644 /etc/opendkim/keys/terraswarm.org/default.txtFIXME: The edits are too complex, see Installing OpenDKIM RPM via Yum with Postfix or Sendmail (for RHEL / CentOS / Fedora) (2011)
/home/www/php/etc/sendmail-moog.mc
:
INPUT_MAIL_FILTER(`opendkim', `S=inet:8891@127.0.0.1')
cd /tmp/mail cp ~www/php/etc/sendmail-moog.mc sendmail.mc m4 sendmail.mc > /tmp/sendmail.cf diff sendmail.cf /tmp/sendmail.cfTypically,
sendmail.cf
has been
edited by hand. Update ~www/php/etc/sendmail-moog.mc,
copy and rerun m4 until the diffs look ok. Then do:
cp /tmp/sendmail.cf /etc/mail/
[root@moog mail]# service opendkim start Generating default DKIM keys: [ OK ] Default DKIM keys for eecs.berkeley.edu created in /etc/opendkim/keys. Starting OpenDKIM Milter: [ OK ] [root@moog mail]#Restart sendmail
service sendmail restart"If everything looks good, I recommend running chkconfig on OpenDKIM to make sure it starts when you boot your server:"
chkconfig opendkim on
[root@moog mail]# cat /etc/opendkim/keys/terraswarm.org/default.txt default._domainkey IN TXT ( "v=DKIM1; k=rsa; " "p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDwAClvdkznCFP3mOdsgIH+iWXo/hpRwQbiGatgoTO7Bz0Jca4fwL6gdkwsQ7eCG7MNwsxcnfPHciJL9AAbaR+79bP+nv8RsTThOEQi+Gk24lInAz1L1S6TNdBFXkvHSuQi2eRY6AEb8LPPZ6rAgwaTDHPUn30yh3LWaoYVrWIwIDAQAB" ) ; ----- DKIM key default for example.com [root@moog mail]#
The account name is EdwardAshfordLee
I had to place a support request to get this updated. To check, use dig. Note thatdig any terraswarm.org
does not show you the record!
[root@moog 10]# dig default._domainkey.terraswarm.org TXT ; <<>> DiG 9.8.2rc1-RedHat-9.8.2-0.30.rc1.el6_6.1 <<>> default._domainkey.terraswarm.org TXT ;; global options: +cmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 39519 ;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 2, ADDITIONAL: 2 ;; QUESTION SECTION: ;default._domainkey.terraswarm.org. IN TXT ;; ANSWER SECTION: default._domainkey.terraswarm.org. 3600 IN TXT "v=DKIM1\; k=rsa\; p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDwAClvdkznCFP3mOdsgIH+iWXo/hpRwQbiGatgoTO7Bz0Jca4fwL6gdkws/Q7eCG7MNwsxcnfPHciJL9AAbaR+79bP+nv/8RsTThOEQi+Gk24lInAz1L1S6TNdBFXkvHSuQi2eRY6AEb8LPPZ6rAgwaTDHPUn30yh3LWaoYVrWIwIDAQAB" ;; AUTHORITY SECTION: terraswarm.org. 901 IN NS ns1.ehost.com. terraswarm.org. 901 IN NS ns2.ehost.com. ;; ADDITIONAL SECTION: ns1.ehost.com. 3432 IN A 65.254.254.120 ns2.ehost.com. 78510 IN A 65.254.254.121 ;; Query time: 85 msec ;; SERVER: 128.32.48.21#53(128.32.48.21) ;; WHEN: Tue Mar 24 17:00:34 2015 ;; MSG SIZE rcvd: 375
This DNS record will be retrieved by mail receivers who want to verify emails with DKIM signatures. The record name default._domainkey
tells verifier that the selector
of this signature is default
, therefore if you are changing selector name to something else, make sure you change all of them consistently.
FIXME: Not sure what to do here