INSTALL

install

apt-get install -y opendkim opendkim-tools

data

domain="17112018.fr"
path_keys="/etc/opendkim/keys"
dkim="dkim"

KEYS

mkdir -p ${path_keys}/${domain}
cd ${path_keys}/${domain}
opendkim-genkey --bits=2048 -s ${dkim} -d ${domain}
chown opendkim:opendkim ${dkim}.private
chmod g-rwx ${dkim}.private

test

opendkim-testkey -d ${domain} -s ${dkim} -k /etc/opendkim/keys/${domain}/${dkim}.private -vvv

CONF

/etc/opendkim.conf

AutoRestart             Yes
AutoRestartRate         10/1h
UMask                   002
Syslog                  yes
SyslogSuccess           Yes
LogWhy                  Yes

Canonicalization        relaxed/simple

ExternalIgnoreList      refile:/etc/opendkim/TrustedHosts
InternalHosts           refile:/etc/opendkim/TrustedHosts
KeyTable                refile:/etc/opendkim/KeyTable
SigningTable            refile:/etc/opendkim/SigningTable

Mode                    sv
PidFile                 /var/run/opendkim/opendkim.pid
SignatureAlgorithm      rsa-sha256

UserID                  opendkim:opendkim

Socket                  inet:12301@localhost

/etc/default/opendkim

SOCKET="inet:12301@localhost"

/etc/postfix/main.cf

milter_protocol = 2
milter_default_action = accept

# without spamassassin
smtpd_milters = inet:localhost:12301
non_smtpd_milters = inet:localhost:12301
# with spamassassin
#smtpd_milters = unix:/spamass/spamass.sock, inet:localhost:12301
#non_smtpd_milters = unix:/spamass/spamass.sock, inet:localhost:12301

/etc/opendkim/TrustedHosts

127.0.0.1
localhost

# IP senders
$SENDER_IP

# Domains senders
*.${domain}

/etc/opendkim/KeyTable

${dkim}._domainkey.${domain} ${domain}:${dkim}:${path_keys}/${domain}/${dkim}.private

/etc/opendkim/SigningTable

*@${domain} ${dkim}._domainkey.${domain}

RESTART

systemctl restart postfix opendkim