Contents

DKIM & Postfix on FreeBSD

Configure OpenDKIM with Postfix on FreeBSD

Configure OpenDKIM with Postfix on FreeBSD

Install OpenDKIM

sudo pkg install opendkim

OpenDKIM Configuration

/usr/local/etc/mail/opendkim.conf

Note the Socket is listening on inet6 not inet as, at least on FreeBSD, postfix will only try to connect to ::1 if configured to connect to localhost.

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
AutoRestart             Yes
AutoRestartRate         10/1h
Canonicalization        relaxed/simple
Domain                  mydomain.tld
ExternalIgnoreList      refile:/usr/local/etc/mail/opendkim.trustedhosts
InternalHosts           refile:/usr/local/etc/mail/opendkim.trustedhosts
KeyTable                refile:/usr/local/etc/mail/opendkim.keytable
LogWhy                  yes
Selector                my-selector-name
SigningTable            refile:/usr/local/etc/mail/opendkim.signingtable
Socket                  inet6:8891@localhost
Syslog                  Yes
SyslogSuccess           Yes

Create /usr/local/etc/mail/opendkim.trustedhosts

1
2
3
4
127.0.0.1
::1

*.mydomain.tld

Create /usr/local/etc/mail/opendkim.keytable

1
mail._domainkey.mydomain.tld mydomain.tld:mail:/usr/local/etc/mail/keys/mydomain.tld/mail.private

Create /usr/local/etc/mail/opendkim.signingtable

Sign all @mydomain.tld mail with the mail selector in that domain.

1
*@mydomain.tld mail._domainkey.mydomain.tld

Create the key directory /usr/local/etc/mail/keys/mydomain.tld

In that directory generate a key

1
2
sudo opendkim-genkey -s mail -d mydomain.tld
sudo chown mailnull:mailnull mail.private

Publish the public key to DNS

Add the OpenDKIM milter to /etc/rc.conf

1
2
3
milteropendkim_enable="YES"
milteropendkim_uid="mailnull"
milteropendkim_cfgfile="/usr/local/etc/mail/opendkim.conf"

Final directory layout

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
 ls -laR /usr/local/etc/mail
total 72
drwxr-xr-x   3 root  wheel    512 Mar 18 16:02 .
drwxr-xr-x  21 root  wheel   1024 Mar 18 11:08 ..
drwxr-xr-x   3 root  wheel    512 Mar 18 13:23 keys
-rw-r--r--   1 root  wheel  22182 Mar 18 15:50 opendkim.conf
-rw-r--r--   1 root  wheel  21800 Feb 26 10:27 opendkim.conf.sample
-rw-r--r--   1 root  wheel     93 Mar 18 13:22 opendkim.keytable
-rw-r--r--   1 root  wheel     40 Mar 18 13:20 opendkim.signingtable
-rw-r--r--   1 root  wheel     28 Mar 18 16:02 opendkim.trustedhosts

/usr/local/etc/mail/keys:
total 12
drwxr-xr-x  3 root  wheel  512 Mar 18 13:23 .
drwxr-xr-x  3 root  wheel  512 Mar 18 16:02 ..
drwxr-xr-x  2 root  wheel  512 Mar 18 13:24 mydomain.tld

/usr/local/etc/mail/keys/mydomain.tld:
total 16
drwxr-xr-x  2 root      wheel     512 Mar 18 13:24 .
drwxr-xr-x  3 root      wheel     512 Mar 18 13:23 ..
-rw-------  1 mailnull  mailnull  887 Mar 18 13:24 mail.private
-rw-------  1 root      wheel     308 Mar 18 13:24 mail.txt

Postfix Configuration

/usr/local/etc/postfix/main.cf

Add in -

1
2
3
smtpd_milters = inet:localhost:8891
non_smtpd_milters = $smtpd_milters
milter_default_action = accept

Specifying 127.0.0.1 as the address did not work for me, resulting in postfix/smtpd[90252]: fatal: host/service 127.0.0.1/8891 not found: Name does not resolve

Probably should investigate that…