Install a New Linux OS On a Dell Wyse 3040

Install a New Linux OS On a Dell Wyse 3040
Adding an NVMe Drive to a Raspberry Pi 5

Adding an NVMe Drive to a Raspberry Pi 5
Fixing VS Code Remote Node Not Found Error

Fixing VS Code Remote Node Not Found Error
Convert a Wii U Dock to USB C

Convert a Wii U Dock to USB C
Fixing a Stuck ‘A’ Button on a PDP Xbox One Controller

Fixing a Stuck ‘A’ Button on a PDP Xbox One Controller
Repairing a Faulty Motherboard

Repairing a Faulty Motherboard

Using OpenDKIM with Postfix

Content:

Once you have OpenDKIM set up, you’ll want to connect it to your MTA to sign outgoing emails. Here’s how you can use it with Postfix.

If you don’t have OpenDKIM set up yet, check out our guide to see how to do it.

Defining Your OpenDKIM Socket

The connection between OpenDKIM and Postfix will be done through a socket.

A acts as the access point to a connection. One connection has two sockets, one on either end. We need to create a socket in OpenDKIM, to allow a connection to be created.

The socket used by OpenDKIM is defined in the main config file. Open it using

nano /etc/opendkim.conf

About half way down the file, you should see a few lines beginning with ‘Socket’.

Make sure one of these lines (and only one) is uncommented, and looks similar to the like below.

Socket                  inet:12300@localhost

There are a few ways to format this line, so you might come across a socket written slightly differently if you’re looking at other guides. Just keep things consistent to ensure everything is set up correctly.

In this case, the socket will be open on port 12300. You can use any port number you wish, provided it’s not already in use on your system.

Connecting Postfix to the Socket

Now you’ll need to edit the Postfix config, to complete the OpenDKIM connection.

nano /etc/postfix/main.cf

At the bottom of this file, add the following lines, substituting the port number for the one you set previously.

milter_protocol = 2
milter_default_action = accept
smtpd_milters = inet:localhost:12300
non_smtpd_milters = inet:localhost:12300

‘Milter’, or ‘Mail Filter’, is a feature of many MTAs (such as Postfix) to allow mail filtering to be configured. The first two lines specify the milter protocol version, and default action.

The smtpd and non_smtpd milters define the addresses Postfix will use to connect to the milter. You can define a different value for SMTPD and non SMTPD traffic, but in this case, they’re set to the same value.

In this file, you can use property names as variables, in PHP style, to ensure values are always the same.

smtpd_milters = inet:localhost:12300
non_smtpd_milters = $smtpd_milters

You can now save the file.

Giving Postfix Permission to Connect to the Socket

Postfix also needs to have the appropriate permissions to connect to the socket. It’s unlikely to have the correct permissions by default.

OpenDKIM will have created a new user and group on the system, named opendkim. It’s this user/group that OpenDKIM will run under, and the user/group of the socket it creates will therefore both be opendkim.

Postfix, meanwhile, will also create its own user, named postfix. Adding the postfix user to the opendkim group will give it access to the socket. 

usermod -a -G opendkim postfix

Once that’s done, reboot your system so all of the changes you’ve made take effect.

Testing Email Signing

To test your emails are now being signed correctly, I would recommend using Mail Tester. If you’ve never used this before, check out our guide explaining how to use it.

With this set, reboot the system, or reload Postfix.

The mail tester should show that the DKIM test has passed.

DKIM result
DKIM test is now passing

If that’s not the case, double check the mail log (/var/log/mail.log). If you see a line like this

warning: connect to Milter service inet:localhost:12300: Connection refused

check that you added the postfix user to the opendkim group correctly, and that both Postfix and OpenDKIM are using the same socket address.