Originally published at
Moishe Beshkin. You can comment here or
there.
Google mail system repeatedly put mail from my domain to spam, I found, that there should be done certain steps in order to fix this problem. The most important and the most effective solution was to sign outcoming e-mails with DKIM signature.
Installation
$ sudo apt-get install opendkim opendkim-tools
Setup
Opendkim configuration
In file /etc/opendkim.conf add the following lines:
Domain domain.com
KeyFile /etc/postfix/dkim.key
Selector dkim
ExternalIgnoreList refile:/etc/opendkim/TrustedHosts
InternalHosts refile:/etc/opendkim/TrustedHosts
KeyTable refile:/etc/opendkim/KeyTable
SignatureAlgorithm rsa-sha256
SigningTable refile:/etc/opendkim/SigningTable
In file /etc/default/opendkim the following lines
RUNDIR=/var/run/opendkim
SOCKET=inet:8891@localhost
In file /etc/systemd/system/multi-user.target.wants/opendkim.service
ExecStart=/usr/sbin/opendkim -P /var/run/opendkim/opendkim.pid -p inet:8891@localhost
File /etc/opendkim/KeyTable
dkim._domainkey.domain.com domain.com:default:/etc/opendkim/keys/domain.com/default
File /etc/opendkim/SigningTable
*@domain.com dkim._domainkey.domain.com
File /etc/opendkim/TrustedHosts
127.0.0.1
domain.com
Key creation
$ opendkim-genkey -t -s dkim -d domain.com
$ sudo mv domain.key /etc/opendkim/keys/domain.com/default
Postfix configuration
Configure postfix. In /etc/postfix/main.cf write the following:
milter_default_action = accept
milter_protocol = 2
smtpd_milters = inet:localhost:8891
non_smtpd_milters = inet:localhost:8891
Restart services
$ sudo service opendkim restart
$ sudo service postfix restart
Note: Replace domain.com with your domain name.
DNS entry
opendkim-genkey generated dkim.txt file. In this file you will find some code. You need to copy line starting with “v=DKIM1;” and will last double quotes. You can omit “h=sha256; k=rsa; t=y;” as they are default
In your DNS management system you need to add following TXT entry
TXT dkim._domainkey.domain.com - [the copied line]
after this you will be able to dig the value
$ dig dkim._domainkey.domain.com txt
After these steps, you will see a running daemon opendkim on port 8891 and Postfix will ask for signature from it. In my case gmail accepts all my e-mails.