DomainKeys is still widely used but the standard is DKIM.
We will install both on a Debian Lenny system using postfix.
######### DKIM MILTER
aptitude install dkim-filter
mkdir /var/dkim-filter
dkim-genkey -b 1024 -d mydomain -s dkim.mydomain
chown -R dkim-filter . ; chmod 400
cat mydomain.txt
add the public key in the DNS config:
vim /etc/bind/pri/mydomain.hosts
###…
dkim.mydomain._domainkey IN TXT “v=DKIM1; g=*; k=rsa; p=xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx”
###
vim /etc/dkim-filter.conf
###
Socket inet:8891@localhost
# Log to syslog
Syslog yes
# Required to use local socket with MTAs that access the socket as a non-
# privileged user (e.g. Postfix)
UMask 002
# Sign for example.com with key in /etc/mail/dkim.key using
# selector ‘2007′ (e.g. 2007._domainkey.example.com)
Domain mydomain
KeyFile /var/dkim-filter/mydomain.private
Selector dkim.mydomain
# Common settings. See dkim-filter.conf(5) for more information.
AutoRestart no
Background yes
Canonicalization simple
DNSTimeout 5
Mode sv
SignatureAlgorithm rsa-sha256
SubDomains no
#UseSSPDeny no
#ASPDiscard no
#Version rfc4871
X-Header no
###…
/etc/init.d/dkim-filter restart
######### DK MILTER
aptitude install dk-filter csh
mkdir /var/dk-filter
cd /var/dk-filter
/usr/share/doc/dk-filter/examples/gentxt.csh mydomain dk.mydomain
chown -R dk-filter . ; chmod 400
add the public key in the DNS config:
vim /etc/bind/pri/mydomain.hosts
###…
dk.mydomain._domainkey IN TXT “k=rsa; t=y; p=xxxxxxxxxxxxxxxxxxxxxx==”
###
vim /etc/default/dk-filter
###…
DAEMON_OPTS=”$DAEMON_OPTS -d mydomain -s /var/dk-filter/mydomain.private -S dk.mydomain”
SOCKET=”net:8892@localhost”
###
######### POSTFIX
vi /etc/postfix/main.cf
###…
milter_default_action = accept
milter_protocol = 2
smtpd_milters = inet:localhost:8891 inet:localhost:8892
non_smtpd_milters = inet:localhost:8891 inet:localhost:8892
###
/etc/init.d/postfix restart
/etc/init.d/dk-filter restart
rndc-reload
#(Do not forget to increment your DNS zone serial # before)
If you have an ATT Yahoo account it’s perfect for testing.
Send an email from your server it should pass both test once received by ATT Yahoo.