Install DKIM certificate in Centos postfix + opendkim

Configure the EPEL yum source

EPEL is Extra Packages for Enterprise Linux. This software warehouse contains many frequently used software, and OpenDKIM

Wget-P/tmp http://mirror.pnl.gov/epel/6/i386/epel-release-6-8.noarch.rpm
Rpm-Uvh/tmp/epel-release-6-8.noarch.rpm
Rm-f/tmp/epel-release-6-8.noarch.rpm
Install OpenDKIM

Use the yum command to directly install

Yum install opendkim
Configure OpenDKIM

Next, modify the configuration file in/etc/opendkim. conf.

AutoRestart Yes
AutoRestartRate 10/1 h
LogWhy Yes
Syslog Yes
SyslogSuccess Yes
Mode sv
Canonicalization relaxed/simple
ExternalIgnoreList refile:/etc/opendkim/TrustedHosts
InternalHosts refile:/etc/opendkim/TrustedHosts
KeyTable refile:/etc/opendkim/KeyTable
SigningTable refile:/etc/opendkim/SigningTable
SignatureAlgorithm rsa-sha256
Socket inet: 8891 @ localhost
PidFile/var/run/opendkim. pid
UMask 022
UserID opendkim: opendkim
TemporaryDirectory/var/tmp
Generate public and private keys

Replace mydomain.com with your domain name

Mkdir/etc/opendkim/keys/mydomain.com
Opendkim-genkey-D/etc/opendkim/keys/mydomain.com/-d mydomain.com-s default
Chown-R opendkim:/etc/opendkim/keys/mydomain.com
Mv/etc/opendkim/keys/mydomain.com/default.private/etc/opendkim/keys/mydomain.com/default
Add mydomain.com to/etc/opendkim/KeyTable

Default. _ domainkey.mydomain.com mydomain.com: default:/etc/opendkim/keys/mydomain.com/default
Next, modify/etc/opendkim/SigningTable and add the following records.

* @ Mydomain.com default. _ domainkey.mydomain.com
Add a trusted host to/etc/opendkim/TrustedHosts:

127.0.0.1
Mydomain.com
Host.mydomain.com
Make sure that your domain name mydomain.com and server name are both host.mydomain.com

Add a TXT record for your domain name, recorded in/etc/opendkim/keys/mydomain.com/default.txt

Default. _ domainkey in txt ("v = DKIM1; k = rsa ;"
"P = fingerprint + rqrbp4vdmwirihip18kftxclr/xpWc0Gix6ZXN13fcG03KNGKZo2PY + signature"); ----- DKIM key default for mydomain.com
If you have not added an SPF record, add it by the way.

Mydomain.com. 14400 in txt "v = spf1 a mx ~ All"
You can use http://dkimcore.org/tools/to check that the record token is correct.

Configure postfix

To integrate OpenDKIM and Postfix, you need to modify/etc/postfix/main. cf:

Smtpd_milters = inet: 127.0.0.1: 8891
Non_smtpd_milters = $ smtpd_milters
Milter_default_action = accept
Milter_protocol = 2
Restart the service and set it to boot

Service opendkim start
Chkconfig opendkim on
Service postfix restart
Test

Send an email to The check-auth@verifier.port25.com and receive an automatic response

========================================================== ============================
Summary of Results
========================================================== ============================
SPF check: pass
DomainKeys check: neutral
DKIM check: pass
DKIM check: pass
Reverse resolution rDNS

Reverse DNS lookup or reverse DNS resolution (rDNS) is used to determine whether a domain name is associated with a given IP address. Some companies, such as AOL, reject all messages sent by the sender server without reverse resolution, so you must ensure that you have reverse resolution.

This product is also one of the deciding factors, and some domestic IDCs cannot provide this service. However, if you are using Alibaba Cloud, you only need to submit a ticket to provide your IP address and domain name for reverse resolution.