Install Domainkeys (dk-mliter) to work with Postfix

Install Domainkeys (dk-mliter) to work with Postfix on Centos 6
Download dk-milter-1.0.2-0.x86_64.rpm

wget http://www.thzhost.com/files/dk-milter-1.0.2-0.x86_64.rpm
rpm -Uvh dk-milter-1.0.2-0.x86_64.rpm

If you need libcrypto.so.6() (64bit) and libssl.so.6() (64bit) then:

yum install openssl098e
wget ftp://195.220.108.108/linux/centos/6.5/os/x86_64/Packages/compat-db43-4.3.29-15.el6.x86_64.rpm

or

wget ftp://ftp.pbone.net/mirror/ftp.scientificlinux.org/linux/scientific/6.2/x86_64/os/Packages/compat-db43-4.3.29-15.el6.x86_64.rpm
rpm -Uvh compat-db43-4.3.29-15.el6.x86_64.rpm
cd /usr/share/doc/dk-milter-1.0.2
/usr/share/doc/dk-milter-1.0.2/gentxt.sh <selector> <domainname>

You can use for <selector> any world (ex. 2014) and for <domainname> your-domain.com

Ex.

/usr/share/doc/dk-milter-1.0.2/gentxt.sh 2014 your-domain.com

Above command produce 3 files
<selector>.txt
<selector>.public
<selector>.private

mv <selector>.private /etc/mail/domainkeys/dk_<domainname>.pem
chown dk-milt:dk-milt
/etc/mail/domainkeys/dk_<domainname>.pem
chmod 600 /etc/mail/domainkeys/dk_<domainname>.pem

Add content from <selector>.txt file in DNS record file from your domain your-domain.com
Something like that  (dont forget in this case 2014 is selector):
2014._domainkey.your-domain.com IN TXT “g=; k=rsa; t=y; p=MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBAJTvaMvLMCdysED+3R/UMU3uVo9lL6OuX9uTmiMcbeTJB8bcPA4tw7UNOF/a6ELzYKYaWzLaKid7Ap5+BJXA5eMCAwEAAQ==”

nano /etc/sysconfig/dk-milter
USER="dk-milt"
PORT="local:/var/run/dk-milter/dk.sock"
SIGNING_DOMAIN="<domainname>"
SELECTOR_NAME="<selector>"
KEYFILE="/etc/mail/domainkeys/dk_${SIGNING_DOMAIN}.pem"
SIGNER=yes
VERIFIER=yes
CANON=simple
REJECTION="bad=r,dns=t,int=t,no=a,miss=r"
EXTRA_ARGS="-h -l -D"
MILTER_GROUP="mail"

If doesnt work replace PORT=”local:/var/run/dk-milter/dk.sock” with PORT=”inet:[email protected]_server_address”

If you have more than one site you need to add at the and of the file for each site:

PORT1="inet:[email protected]_server_address"
SIGNING_DOMAIN1="your-domain.com"
SELECTOR_NAME1="2014"
KEYFILE1="/etc/mail/domainkeys/dk_${SIGNING_DOMAIN1}.pem"

For next site

PORT2="inet:[email protected]_server_address"
SIGNING_DOMAIN2="second-domain.com"
SELECTOR_NAME2="2014"
KEYFILE2="/etc/mail/domainkeys/dk_${SIGNING_DOMAIN1}.pem"

etc..

edit main.cf and add

nano /etc/postfix/main.cf
smtpd_milters = inet:localhost:8891, unix:/var/run/dk-milter/dk.sock
non_smtpd_milters = inet:localhost:8891, unix:/var/run/dk-milter/dk.sock

If you put in /etc/sysconfig/dk-milter PORT=”inet:[email protected]_server_address”

then on smtpd_milters replace

 unix:/var/run/dk-milter/dk.sock

with

inet:localhost:10034

If you have more than one site
Ex:
smtpd_milters = inet:localhost:8891, inet:localhost:10034, inet:localhost:10035, inet:localhost:10036
non_smtpd_milters = inet:localhost:8891, inet:localhost:10034, inet:localhost:10035, inet:localhost:10036

service dk-milter start
service postfix restart
chkconfig dk-milter on

Leave a Reply

Your email address will not be published. Required fields are marked *