How to configure DKIM email verification (using sendmail on Rocky9)

From EPrints Documentation
Revision as of 08:26, 25 July 2024 by Ejo1f20 (talk | contribs) (Created page with "== Manual Steps == '''As eprints user''' 1. Create a directory to store the keys mkdir /opt/eprints3/archives/<REPO-ID>/dkim '''As root user''' 1. Install the opendkim l...")
(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)
Jump to: navigation, search

Manual Steps

As eprints user

1. Create a directory to store the keys 

mkdir /opt/eprints3/archives/<REPO-ID>/dkim

As root user

1. Install the opendkim libraries 

dnf install opendkim opendkim-tools

2. Open the opendkim config file and change the following lines 

vim /etc/opendkim.conf

2. a. Change 

Mode V

to 

Mode sv

2. b. Remove comments from the following lines: 

KeyTable                /etc/opendkim/KeyTable
SigningTable            refile:/etc/opendkim/SigningTable
ExternalIgnoreList      refile:/etc/opendkim/TrustedHosts
InternalHosts           refile:/etc/opendkim/TrustedHosts

2. c. Add the following lines (the DOMAIN is the domain which our server sending email on behalf of) 

Domain <DOMAIN>
RequireSafeKeys False

2. d. Replace the Socket declaration with the following line (it should be commented out above the declaration being used) 

Socket  inet:8891@localhost

3. Modify /etc/opendkim/KeyTable, to add the following line 

default._domainkey.<DOMAIN> <DOMAIN>:default:/opt/eprints3/archives/<REPOID>/dkim/default.private

example: `default._domainkey.eprints-hosting.org eprints-hosting.org:default:/opt/eprints3/archives/repoid/dkim/default.private`

4. Modify /etc/opendkim/SigningTable, to add the following line 

*@<DOMAIN> default._domainkey.<DOMAIN>

example: `*@eprints-hosting.org default._domainkey.eprints-hosting.org`

5. Modify /etc/opendkim/TrustedHosts, to add the following line 

*.<DOMAIN>

example: *.eprints-hosting.org

6. Generate the keypair 

sudo opendkim-genkey -b 1024 -d <DOMAIN> -D /opt/eprints3/archives/<REPO-ID>/dkim<DOMAIN> -s default -v

7. Change ownership and permissions 

sudo chown opendkim:opendkim /opt/eprints3/archives/<REPO-ID>/dkim/* -R
sudo chmod 660 /opt/eprints3/archives/<REPO-ID>/dkim/*

8. Send the txt public key to whoever has access to the DNS records, probably their IT team 

cat /etc/opendkim/keys/<DOMAIN>/default.txt

It should look something like this. 

"v=DKIM1; k=rsa; " "p=REALLY-LONG-HASH-VALUE/HASH-VALUE/HASH-VALUE"

9. Start opendkim 

systemctl start opendkim; systemctl enable opendkim

10. Make sure it is running with the following commands 

service opendkim status

This should say running. 

ps -aux | grep dkim

The opendkim process should be running: "/usr/sbin/opendkim -f -x /etc/opendkim.con" 

netstat -nap | grep 8891

This command should show that opendkim is listening on localhost port 8819

11. Sendmail Configuration

11. a. Modify sendmail.mc, append the following line 

INPUT_MAIL_FILTER(`opendkim', `S=inet:8891@localhost')

11. b. re-make sendmail.cf, restart sendmail. 

/etc/mail/make
systemctl restart sendmail

12. Send a test email 

echo “Subject: DKIM testing” | sendmail test-recipient@address.email

13. If the test email has worked, test again using the web interface admin tool "Send Test Email"

14. Debug any issues using 

tail -F /var/log/maillog*
Retrieved from ‘https://wiki.eprints.org/w/index.php?title=How_to_configure_DKIM_email_verification_(using_sendmail_on_Rocky9)&oldid=16522