Configuring your platform

Enabling DKIM

387 views 0

How to configure and enable DKIM support.

Overview

You can add a DKIM signature to emails sent from the Atomia platform. First, you need to configure the mail server to support DKIM. Then you should enable DKIM provisioning in the Atomia.

Configuring the postfix server

In order to configure the postfix server, you need to:

  1. install and configure OpenDKIM,
  2. configure postfix milters and
  3. create dkim table.

Installing OpenDKIM

Install the next packages, for example, with these commands:

apt-get install opendkim opendkim-tools
apt-get install libopendbx1-mysql

Edit the opendkim configuration file/etc/opendkim.conf to look like this:

UMask 002

Syslog yes
LogWhy yes

SigningTable dsn:mysql://vmail:*****@127.0.0.1/vmail/table=dkim?keycol=domain_name?datacol=id
KeyTable dsn:mysql://vmail:*****@127.0.0.1/vmail/table=dkim?keycol=id?datacol=domain_name,selector,private_key

ExternalIgnoreList /etc/opendkim/trusted_hosts
InternalHosts /etc/opendkim/trusted_hosts
AutoRestart Yes
AutoRestartRate 10/1h
Mode sv
PidFile /var/run/opendkim/opendkim.pid
SignatureAlgorithm rsa-sha256
Canonicalization relaxed/relaxed
UserID opendkim:opendkim

In the example configuration above, you should replace ***** with the real password for the vmail database.

To use opendkim on inet sockets edit file /etc/default/opendkim and replace

SOCKET="local:/var/run/opendkim/opendkim.sock"

with

SOCKET="inet:12345@localhost"

Define opendkim trusted hosts in the file /etc/opendkim/trusted_hosts. For example:

#local host
127.0.0.1
# local subnets that are trusted and do not need to be verified
172.18.0.0/16

The service opendkim should be restart to apply the configuration.

Configuring postfix

Change the configuration file of postfix /etc/postfix/main.cf.  You will need to add the opendkim milter to the list of active milters. For example:

milter_protocol = 6
milter_default_action = accept
smtpd_milters = inet:localhost:12345
non_smtpd_milters = inet:localhost:12345

Create dkim table

Extend existing vmail database with table dkim:

CREATE TABLE dkim (
`id` int(10) unsigned NOT NULL auto_increment PRIMARY KEY,
`domain_name` varchar(255) NOT NULL,
`selector` varchar(63) NOT NULL,
`private_key` text,
`public_key` text,
INDEX(domain_name)
)

Enabling DKIM provisioning

You should modify the resource description and the provisioning description files to enable DKIM in Atomia.

Resource description

You should add OpenSSLBinary and OpenSSLConfig properties to the PostfixAndDovecot module in the resource description. The automation server uses these properties to locate OpenSSL and generate keys for  DKIM provisioning. Example PostfixAndDovecot section in the configuration file C:\Program Files (x86)\Atomia\AutomationServer\Common\Resources.xml:

<bindings>
    <moduleList>
        <module name="Atomia.Provisioning.Modules.PostfixAndDovecot.PostfixAndDovecot" resourceAsignmentPolicy="RoundRobin"  />
    </moduleList>
    <resourceList>
        <resource name="PostfixDovecotDB" >
            <property name="DatabaseHost">192.168.33.18</property>
            <property name="DatabaseName">vmail</property>
            <property name="Username">postfix_agent</property>
            <property name="Password">1234567</property>
            <property name="MailIpAddress">192.168.33.18</property>
            <property name="Mail2IpAddress">192.168.33.18</property>
            <property name="SmtpIpAddress">192.168.33.18</property>
            <property name="ImapIpAddress">192.168.33.18</property>
            <property name="PopIpAddress">192.168.33.18</property>
            <property name="WebmailIpAddress">192.168.33.18</property>
            <property name="OpenSSLBinary">C:OpenSSL-Win64binopenssl.exe</property>
            <property name="OpenSSLConfig">C:OpenSSL-Win64binopenssl.cfg</property>
        </resource>
    </resourceList>
</bindings>

Provisioning description

You need to enable DKIM service provisioning. You can use the next file to enable provisioning in the provisioning description for the DKIM:

<?xml version="1.0" encoding="utf-8"?>
<provisioningDescription xmlns:xdt="http://schemas.microsoft.com/XML-Document-Transform">
    <complexServiceProperty xdt:Locator="XPath(//complexServiceProperty[@name='InitDkim'])" name="InitDkim" description="If set to true DKIM service will be provisioned" xdt:Transform="SetAttributes(defaultValue)" defaultValue="true" />
</provisioningDescription>

Was this helpful?