DKIMproxy with Postfix


June 25th, 2008

I used DKIMproxy 1.0.0 and Postfix 2.5, but the setup should be reasonably forwards-compatible. When setting this up, I followed the guides at the DKIMproxy homepage, and made a few other changes:

Instead of running dkimproxy.out with lots of commandline arguments I'd have to re-setup after a reboot, I used a configuration file. The only catch is that I couldn't figure out how to add --daemonize in there, so the command is:

sudo dkimproxy.out --conf_file=/usr/local/dkimproxy/etc/dkimproxy_out.conf --daemonize

Important details:

$ cat dkimproxy_out.conf

# specify what address/port DKIMproxy should listen on

listen    127.0.0.1:10027

# specify what address/port DKIMproxy forwards mail to

relay     127.0.0.1:10028

# specify what domains DKIMproxy can sign for (comma-separated, no spaces)

domain    bluebottle.net.au

# specify what signatures to add

signature dkim(c=relaxed)

signature domainkeys(c=nofws)

# specify location of the private key

keyfile   /usr/local/dkimproxy/keys/private.key

# specify the selector (i.e. the name of the key record put in DNS)

selector  selector1

# user & group permissions

user    dkim

group   dkim

$ grep dkim /etc/passwd

dkim:x:1012:1012:DKIM,,,:/home/dkim:/bin/bash

$ grep dkim /etc/group

dkim:x:1012:

$ grep "relevant bits" /etc/postfix/master.cf

smtp      inet  n       -       -       -       -       smtpd

submission inet n       -       -       -       -       smtpd

-o smtpd_tls_security_level=encrypt

-o smtpd_etrn_restrictions=reject

-o content_filter=dksign:[127.0.0.1]:10027

-o receive_override_options=no_address_mappings

-o smtpd_recipient_restrictions=permit_sasl_authenticated,reject

smtps     inet  n       -       -       -       -       smtpd

-o smtpd_etrn_restrictions=reject

-o content_filter=dksign:[127.0.0.1]:10027

-o receive_override_options=no_address_mappings

-o smtpd_tls_wrappermode=yes

-o smtpd_recipient_restrictions=permit_sasl_authenticated,reject

127.0.0.1:10028 inet  n  -      n       -       10      smtpd

-o content_filter=

-o receive_override_options=no_unknown_recipient_checks,no_header_body_checks

-o smtpd_helo_restrictions=

-o smtpd_client_restrictions=

-o smtpd_sender_restrictions=

-o smtpd_recipient_restrictions=permit_mynetworks,reject

-o mynetworks=127.0.0.0/8

-o smtpd_authorized_xforward_hosts=127.0.0.0/8

Comment (1)

One Response to “DKIMproxy with Postfix”

  1. LnddMiles on July 22, 2009 7:08 am

    Great post! I’ll subscribe right now wth my feedreader software!

Leave a Reply

Name

Email

Website

Speak your mind

Misc