Activities

August 2014
M T W T F S S
« Jul   Sep »
 123
45678910
11121314151617
18192021222324
25262728293031

Adding Multiple SMTP servers : Customizing selector on OpenDKIM

Recently one of my friends is setting up mutliple outbound SMTP servers for his project. But He does not have enough domain access and his primary domain is already being using another DKIM Keys (default._domainkey) for business email purpose.

His challenge is to seup another trusted outbound email server without affecting the primary Email configuration.

Requirement

1. Trusting another subdomain for sending outboud email
2. Adding SPF record for this subdomain.
3. Create a separate DKIM txt for this subdomain.

Hope you have completed OpenDKIM server using this link http://www.serveridol.com/2012/02/17/opendkim-configuring-dkim-keys-on-postfix/

Here I’m using a test domain planetcure.in for this attempt.

Following things has to be done.

a. a Create new selector for new outbound server.

mkdir /etc/opendkim/keys/cloud.planetcure.in
   opendkim-genkey -D /etc/opendkim/keys/cloud.planetcure.in/ -d cloud.planetcure.in -s cloud
   chown -R opendkim.opendkim /etc/opendkim/keys/cloud.planetcure.in
   cp /etc/opendkim/keys/cloud.planetcure.in/cloud.private /etc/opendkim/keys/default

Note : This is the file “/etc/opendkim/keys/default” which OpenDKIM init script is using. So that we need to overwrite it with new selector.

b. Update the Keytable entry (/etc/opendkim/KeyTable).
While you declaring the private key file in KeyTable file, you may need to mention the which selector to be used for this subdomain. Here I’m using the selector name to “cloud“. Pls note that name is mention in between the domain name and Key file location added in the KeyTable.

cloud._domainkey.cloud.planetcure.in cloud.planetcure.in:cloud:/etc/opendkim/keys/cloud.planetcure.in/default

 cat /etc/opendkim/KeyTable
  cloud._domainkey.cloud.planetcure.in cloud.planetcure.in:cloud:/etc/opendkim/keys/cloud.planetcure.in/default

It is very important that you mention the selector (here cloud) name in between the domain key DNS and private key file mention in the KeyTable.

c. Restart Both OpenDKIM and postfix service

service opendkim restart && service postfix restart

D. DNS update to be set for planetcure.in

1. Create a DNS subdomain (cloud.planetcure.in) record for email server. Set a FQDN for outbound SMTP (mail01.planecure.in)

2. Set spf record which includes the outbound server ip and your FQDN hostname. You may use Microsft SPF record for creating SPF easily.

 TXT Record                     Value
     cloud                          v=spf1 a ptr ip4:54.183.196.52 mx:mail.planetcure.in ~all

3. Create a DKIM key record “cloud._domainkey.cloud” using the txt file and set the value inside the folder in which you created Public key (/etc/opendkim/keys/cloud.planetcure.in/cloud.txt)

Note : you need to copy the string value starting from the letter “p” ie “p=MIGfMA0GCSq” without quotes.

    TXT Record                       Value
    cloud._domainkey.cloud          p=MIGfMA0GCS......... phKwoRwIDAQAB

4. set another TXT record for “adsp._domainkey” having the value “dkim=unknown”

 TXT Record                     Value
       adsp._domainkey                dkim=unknown

You almost done now !! It’s the time to test.

How do I verify my DKIM both system and DNS are working correctly locally

[root@smtp ec2-user]# opendkim-testkey -vvv -d cloud.planetcure.in
opendkim-testkey: using default configfile /etc/opendkim.conf
opendkim-testkey: key loaded from /etc/opendkim/keys/cloud.planetcure.in/default
opendkim-testkey: checking key 'cloud._domainkey.cloud.planetcure.in'
opendkim-testkey: key not secure
opendkim-testkey: key OK
[root@smtp ec2-user]#

How do I check the sfp values are set properly

[root@smtp ec2-user]# host -t TXT cloud.planetcure.in
cloud.planetcure.in descriptive text "v=spf1 ip4:54.183.196.52 include:hotmail.com mx:mail.planetcure.in mx:cloud.planetcure.in ~all"
[root@smtp ec2-user]#

How do I check DKIM Key DNS is properly set

[root@smtp ec2-user]# dig +short TXT cloud._domainkey.cloud.planetcure.in
"p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDSqIpvZUOo+u2Rn014lAXYesTye6Vki/3yNO0h2Oy9wC8ApevWQ7eA9OpWdaXWS+LsJb2mer961rvQdBA1ACXieZgfUBcmudcDionMugGCsY6hD358IuMcNh5yr0s7xk5z4HBvU2SDXcSSMu6TB45n6sIRjbqJu3lAVDuphKwoRwIDAQAB"
[root@smtp ec2-user]#

This shows you have a perfect setup at DNS side. Now it’s the time to verify new “selector” is signed with all the outgoing emails.

Sending a test mail using SendEmail commandline tool

[root@smtp ec2-user]# /usr/bin/sendEmail -f no-reply@cloud.planetcure.in  -t liju@serveridol.com   -cc opendkim@serveridol.com   -s localhost   -u DKIM Key setup for Subdomain     -l /var/log/sendEmail  -o message-content-type=auto  -m "mail body"
Aug 30 14:58:56 smtp sendEmail[970]: Email was sent successfully!  From: <no-reply@cloud.planetcure.in> To: <liju@serveridol.com> Cc: <opendkim@serveridol.com> Subject: [DKIM Key setup for Subdomain] Server: [localhost:25]

Verifying the signature and selector is added to each mail.

[root@smtp ec2-user]# tail -f tail -f /var/log/maillog
Aug 30 14:59:01 ip-10-170-25-242 postfix/smtpd[936]: 7741160EB4: client=localhost[::1], sasl_method=LOGIN, sasl_username=test
Aug 30 14:59:01 ip-10-170-25-242 postfix/cleanup[946]: 7741160EB4: message-id=<5401e6b5.1tNp6oomxi5gPCGs%no-reply@cloud.planetcure.in>
Aug 30 14:59:01 ip-10-170-25-242 opendkim[32326]: 7741160EB4: DKIM-Signature field added (s=cloud, d=cloud.planetcure.in)
Aug 30 14:59:01 ip-10-170-25-242 postfix/qmgr[32424]: 7741160EB4: from=<no-reply@cloud.planetcure.in>, size=596, nrcpt=1 (queue active)
Aug 30 14:59:01 ip-10-170-25-242 postfix/smtpd[936]: disconnect from localhost[::1]
Aug 30 14:59:01 ip-10-170-25-242 postfix/smtp[948]: connect to gmail-smtp-in.l.google.com[2607:f8b0:400e:c04::1b]:25: Network is unreachable

1-opendkim

DKIMkeys

Leave a Reply

You can use these HTML tags

<a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <s> <strike> <strong>