Configure OpenDKIM with Postfix on FreeBSD
Install OpenDKIM
sudo pkg install opendkim
OpenDKIM Configuration
/usr/local/etc/mail/opendkim.conf
Note the Socket is listening on inet6
not inet
as, at least on FreeBSD, postfix will only try to connect to ::1 if configured to connect to localhost
.
1
2
3
4
5
6
7
8
9
10
11
12
13
|
AutoRestart Yes
AutoRestartRate 10/1h
Canonicalization relaxed/simple
Domain mydomain.tld
ExternalIgnoreList refile:/usr/local/etc/mail/opendkim.trustedhosts
InternalHosts refile:/usr/local/etc/mail/opendkim.trustedhosts
KeyTable refile:/usr/local/etc/mail/opendkim.keytable
LogWhy yes
Selector my-selector-name
SigningTable refile:/usr/local/etc/mail/opendkim.signingtable
Socket inet6:8891@localhost
Syslog Yes
SyslogSuccess Yes
|
Create /usr/local/etc/mail/opendkim.trustedhosts
1
2
3
4
|
127.0.0.1
::1
*.mydomain.tld
|
Create /usr/local/etc/mail/opendkim.keytable
1
|
mail._domainkey.mydomain.tld mydomain.tld:mail:/usr/local/etc/mail/keys/mydomain.tld/mail.private
|
Create /usr/local/etc/mail/opendkim.signingtable
Sign all @mydomain.tld mail with the mail
selector in that domain.
1
|
*@mydomain.tld mail._domainkey.mydomain.tld
|
Create the key directory /usr/local/etc/mail/keys/mydomain.tld
In that directory generate a key
1
2
|
sudo opendkim-genkey -s mail -d mydomain.tld
sudo chown mailnull:mailnull mail.private
|
Publish the public key to DNS
Add the OpenDKIM milter to /etc/rc.conf
1
2
3
|
milteropendkim_enable="YES"
milteropendkim_uid="mailnull"
milteropendkim_cfgfile="/usr/local/etc/mail/opendkim.conf"
|
Final directory layout
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
|
ls -laR /usr/local/etc/mail
total 72
drwxr-xr-x 3 root wheel 512 Mar 18 16:02 .
drwxr-xr-x 21 root wheel 1024 Mar 18 11:08 ..
drwxr-xr-x 3 root wheel 512 Mar 18 13:23 keys
-rw-r--r-- 1 root wheel 22182 Mar 18 15:50 opendkim.conf
-rw-r--r-- 1 root wheel 21800 Feb 26 10:27 opendkim.conf.sample
-rw-r--r-- 1 root wheel 93 Mar 18 13:22 opendkim.keytable
-rw-r--r-- 1 root wheel 40 Mar 18 13:20 opendkim.signingtable
-rw-r--r-- 1 root wheel 28 Mar 18 16:02 opendkim.trustedhosts
/usr/local/etc/mail/keys:
total 12
drwxr-xr-x 3 root wheel 512 Mar 18 13:23 .
drwxr-xr-x 3 root wheel 512 Mar 18 16:02 ..
drwxr-xr-x 2 root wheel 512 Mar 18 13:24 mydomain.tld
/usr/local/etc/mail/keys/mydomain.tld:
total 16
drwxr-xr-x 2 root wheel 512 Mar 18 13:24 .
drwxr-xr-x 3 root wheel 512 Mar 18 13:23 ..
-rw------- 1 mailnull mailnull 887 Mar 18 13:24 mail.private
-rw------- 1 root wheel 308 Mar 18 13:24 mail.txt
|
Postfix Configuration
/usr/local/etc/postfix/main.cf
Add in -
1
2
3
|
smtpd_milters = inet:localhost:8891
non_smtpd_milters = $smtpd_milters
milter_default_action = accept
|
Specifying 127.0.0.1
as the address did not work for me, resulting in postfix/smtpd[90252]: fatal: host/service 127.0.0.1/8891 not found: Name does not resolve
Probably should investigate that…