INSTALLING OPENDKIM OVERVIEW ======== In order to install the opendkim as a milter to an MTA you will need to perform the following steps: * Install the RPMs for libopendkim and opendkim. * Configure opendkim for signing and/or verification. * Configure your MTA to use opendkim. Note that there is a difference between "OpenDKIM" and "opendkim". "OpenDKIM" is a package containing a library, a filter and some tools to be used in testing your DKIM installation. "opendkim" is the filter program contained in the "OpenDKIM" package. libopendkim is a library available as an API for programmers everywhere. That API is described in a set of HTML files in the OpenDKIM source code package. The opendkim filter program incorporates the libopendkim library and works with recent versions of sendmail and Postfix or any other MTA that supports "milter". For more information about milter, see <http://www.milter.org/>. Sendmail is available at <http://www.sendmail.org> and Postfix is available at <http://www.postfix.org/>. REQUIREMENTS ============ The opendkim filter requires either sendmail v8.13.0 or Postfix v2.3 or later for required milter protocol enhancements. For more information on milters: Postfix users, see: http://www.postfix.org/MILTER_README.html Sendmail users, see: http://www.sendmail.com/sm/partners/milter_partners/ CONFIGURING OPENDKIM ==================== For a step-by-step How-To on installing and configuring OpenDKIM with Postfix or Sendmail on RedHat systems, see: http://packages.stevejenkins.com/opendkim/ For general installation and configuration instructions for all supported operating systems, refer to the official documentation at: http://opendkim.org/docs.html After installing opendkim, you must do the following: * Configure your MTA (Postfix, Sendmail, etc.) to use OpenDKIM. Postfix users will need to add/edit the smtpd_milters, non_smtpd_milters, and milter_default_action parameters in their main.cf file. Generally, adding the following lines to main.cf will be enough to get opendkim working with Postfix: smtpd_milters = inet:127.0.0.1:8891 non_smtpd_milters = inet:127.0.0.1:8891 milter_default_action = accept If you are using a version of Postfix prior to 2.6, you may also need to set the milter_protocol parameter in main.cf to "2" with: milter_protocol = 2 Sendmail users will need to add the following line to the .mc configuration file that was used to build your current sendmail.cf file: INPUT_MAIL_FILTER(`opendkim', `S=inet:8891@localhost') Then you will need to build and install a new sendmail.cf from the .mc file. Remember to make backups of your sendmail.cf and .mc files before attempting any changes. * Configure opendkim for signing and/or verification. By default, opendkim is configured for DKIM signature verification of incoming mail only. Before you can sign outgoing mail with a DKIM signature, you must: - generate a set of private and public keys - configure opendkim for signing - publish your public key via DNS A default set of keys based on your system's fully qualified domain name (FQDN) and using the selector "default" will be generated in /etc/opendkim/keys the first time you run: service opendkim start You can also generate your own keys using the opendkim-genkey command. After generating your keys, you must edit opendkim.conf and verify that your domain name is correct, change the Mode to "s" for signing or "sv" for signing and verifying, and configure the KeyFile and Selector parameters. Additional options are available for signing for multiple users and/or multiple domains. For more information, consult the online documentation or do: man opendkim.conf You must also publish your public key(s) via DNS before remote mail servers can verify your outdoing DKIM signature. Consult your DNS provider's documentation on how to do this. MORE INFO ========= For a step-by-step How-To on installing and configuring OpenDKIM with Postfix or Sendmail on RedHat systems, see: http://packages.stevejenkins.com/opendkim/ For more information about the OpenDKIM Project, including official documentation and support, visit: http://opendkim.org/