Howto DKIM and DomainKeys on Debian Lenny with Postfix

DomainKeys is still widely used but the standard is DKIM.
We will install both on a Debian Lenny system using postfix.
######### DKIM MILTER

aptitude install dkim-filter

mkdir /var/dkim-filter

dkim-genkey -b 1024 -d mydomain -s dkim.mydomain

chown -R dkim-filter . ; chmod 400

cat mydomain.txt

add the public key in the DNS config:
vim /etc/bind/pri/mydomain.hosts
###…
dkim.mydomain._domainkey IN TXT “v=DKIM1; g=*; k=rsa; p=xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx”
###

vim /etc/dkim-filter.conf
###
Socket                  inet:[email protected]

# Log to syslog
Syslog                  yes
# Required to use local socket with MTAs that access the socket as a non-
# privileged user (e.g. Postfix)
UMask                   002

# Sign for example.com with key in /etc/mail/dkim.key using
# selector ‘2007′ (e.g. 2007._domainkey.example.com)
Domain                  mydomain
KeyFile                 /var/dkim-filter/mydomain.private
Selector                dkim.mydomain

# Common settings. See dkim-filter.conf(5) for more information.
AutoRestart             no
Background              yes
Canonicalization        simple
DNSTimeout              5
Mode                    sv
SignatureAlgorithm      rsa-sha256
SubDomains              no
#UseSSPDeny             no
#ASPDiscard             no
#Version                        rfc4871
X-Header                no

###…

/etc/init.d/dkim-filter restart

######### DK MILTER

aptitude install dk-filter csh

mkdir /var/dk-filter
cd /var/dk-filter

/usr/share/doc/dk-filter/examples/gentxt.csh mydomain dk.mydomain

chown -R dk-filter . ; chmod 400

add the public key in the DNS config:
vim /etc/bind/pri/mydomain.hosts
###…
dk.mydomain._domainkey IN TXT “k=rsa; t=y; p=xxxxxxxxxxxxxxxxxxxxxx==”
###

vim /etc/default/dk-filter
###…
DAEMON_OPTS=”$DAEMON_OPTS -d mydomain -s /var/dk-filter/mydomain.private -S dk.mydomain”
SOCKET=”net:[email protected]
###

######### POSTFIX

vi /etc/postfix/main.cf
###…
milter_default_action = accept
milter_protocol = 2
smtpd_milters = inet:localhost:8891 inet:localhost:8892
non_smtpd_milters = inet:localhost:8891 inet:localhost:8892
###

/etc/init.d/postfix restart

/etc/init.d/dk-filter restart

rndc-reload

#(Do not forget to increment your DNS zone serial # before)

If you have an ATT Yahoo account it’s perfect for testing.
Send an email from your server it should pass both test once received by ATT Yahoo.