diff options
author | Matt Domsch <matt@domsch.com> | 2020-12-11 08:51:04 -0600 |
---|---|---|
committer | Matt Domsch <matt@domsch.com> | 2020-12-11 08:51:04 -0600 |
commit | e5c78a1722a44ff565eca2aafbb1d4a357fc4c94 (patch) | |
tree | f79169feb1e7d7952a1d3e92014628e3d3054c49 /README.fedora | |
parent | 23c44503445ae92c958bf31cacbf9cf886db4bf6 (diff) | |
parent | 6fc72129854bce13b4f36c069f2929ec6753ba04 (diff) | |
download | opendkim_EL6-e5c78a1722a44ff565eca2aafbb1d4a357fc4c94.tar.gz |
Merge branch 'master' into epel8
Diffstat (limited to 'README.fedora')
-rw-r--r-- | README.fedora | 102 |
1 files changed, 102 insertions, 0 deletions
diff --git a/README.fedora b/README.fedora new file mode 100644 index 0000000..da173c2 --- /dev/null +++ b/README.fedora @@ -0,0 +1,102 @@ +##################################### +#FEDORA-SPECIFIC README FOR OPENDKIM# +##################################### +Last updated: Apr 30, 2015 by Steve Jenkins (steve@stevejenkins.com) + +Generating keys for OpenDKIM +============================ +After installing the opendkim package, you MUST generate a pair of keys (public and private) before +attempting to start the opendkim service. + +A valid private key must exist in the location expected by /etc/opendkim.conf before the service will start. + +A matching public key must be included in your domain's DNS records before remote systems can validate +your outgoing mail's DKIM signature. + + +Generating Keys Automatically +============================= +To automatically create a pair of default keys for the local domain, do: + +% sudo /usr/sbin/opendkim-default-keygen + +The default keygen script will attempt to fetch the local domain name, generate a private and public key for +the domain, then save them in /etc/opendkim/keys as default.private and default.txt with the proper +ownership and permissions. + +NOTE: The default key generation script MUST be run by a privileged user (or root). Otherwise, the resulting +private key ownership and permissions will not be correct. + + +Generating Keys Manually +======================== +A privileged user (or root) can manually generate a set of keys by doing the following: + +1) Create a directory to store the new keys: + +% sudo mkdir /etc/opendkim/keys/example.com + +2) Generate keys in that directory for a specific domain name and selector: + +% sudo /usr/sbin/opendkim-genkey -D /etc/opendkim/keys/example.com/ -d example.com -s default + +3) Set the proper ownership for the directory and private key: + +% sudo chown -R root:opendkim /etc/opendkim/keys/example.com + +4) Set secure permissions for the private key: + +% sudo chmod 640 /etc/opendkim/keys/example.com/default.private + +5) Set standard permissions for the public key: + +% sudo chmod 644 /etc/opendkim/keys/example.com/default.txt + + +Updating Key Location(s) in Configuration Files +=============================================== +If you run the opendkim-default-keygen script, the default keys will be saved in /etc/opendkim/keys as +default.private and default.txt, which is the location expected by the default /etc/opendkim.conf file. + +If you manually generate your own keys, you must update the key location and name in /etc/opendkim.conf +before attempting to start the opendkim service. + +Using OpenDKIM with SQL Datasets +================================ +OpenDKIM on RedHat-based systems relies on OpenDBX for database access. Depending on which database you use, +you may have to manually install one of the following OpenDBX subpackages (all of which are available via yum): + +- opendbx-firebird +- opendbx-mssql +- opendbx-mysql +- opendbx-postgresql +- opendbx-sqlite +- opendbx-sqlite2 +- opendbx-sybase + +If you have OpenDKIM configured to use SQL datasets on a systemd-based server, it might also be necessary to start +the opendkim service after the database servers by referencing your database unit file(s) in the "After" section of +the OpenDKIM unit file. + +For example, if using both MariaDB and PostgreSQL, in /usr/lib/systemd/system/opendkim.service change: + +After=network.target nss-lookup.target syslog.target + +to: + +After=network.target nss-lookup.target syslog.target mariadb.service postgresql.service + + +Additional Configuration Help +============================= +For help configuring your MTA (Postfix, Sendmail, etc.) with OpenDKIM, setting up DNS records with your +public DKIM key, as well as instructions on configuring OpenDKIM to sign outgoing mail for multiple +domains, follow the how-to at: + +http://wp.me/p1iGgP-ou + +Official documentation for OpenDKIM is available at http://opendkim.org/ + +OpenDKIM mailing lists are available at http://lists.opendkim.org/ + +### |